"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
- the fourth amendment to the United States Constitution
Despite the strained avowals by certain U.S. Supreme Court justices to hold that the Constitution is "dead" it is obvious to anyone with average intelligence that the intention of the fourth amendment is that citizens are allowed to have private correspondence, records, and possessions. It is unlikely that the eighteenth century authors and legislators ever conceived of records that existed in any form other than paper but today people communicate through a wide variety of methods. Unfortunately many of those methods of communication are insecure, including email. Currently email is transmitted through plain text, it is easy to capture this text as it moves across the internet from sender to receiver. To me it seems obvious that long ago it should have become standard for email to be encrypted for transmission (some proprietary services like Blackberry's "push email" encrypt the messages but an increasing number of governments are pressuring Blackberry to give them access to the secret keys that will allow the messages to be decrypted) but automatic encryption is unlikely to happen now for a variety of reasons.
This post will briefly outline a method for sending and receiving encrypted email. First it is important to understand that both the sender and receiver must agree to encrypt their email. If a sender wants to encrypt a message the receiver must have already provided a "public key" to the sender to allow the sender to encrypt a message. These instructions are meant for the everyday email user, it is not a technical discussion of encryption methods.
In this method the encrypted email can not be read in a web browser the way Yahoo Mail or GMail are using Internet Explorer or Firefox. Both reading and encrypting messages are done using the email application Thunderbird. Your computer will need to be connected to the internet for Thunderbird to access your email, but a web browser is not required.
You will need a flash drive (sometimes called a thumb drive). Thunderbird will be installed onto the flash drive.
First create an email account using GMail. If you know what IMAP is, how it works, that it is available on your preferred email service and you can configure it, feel free to use it. Otherwise GMail will be the simplest choice.
Second log into your new GMail account to configure IMAP. Click "Settings" in the upper right. Under Settings click "Forwarding and POP/IMAP." At the bottom is a section labelled "IMAP Access." Click "Enable IMAP" then click the "Save Settings" button.
GMail IMAP settings
Next download Mozilla Thunderbird Portable from PortableApps.com. Plug the flash drive into your computer and follow the installation instructions. Launch Thunderbird. It will prompt you for information about your email account.
Entering email information into Thunderbird.
It is most secure to uncheck "Remember password" but it is much more convenient to leave it checked. Remember that if you lose the flash drive anyone who finds it can use it to access your email account. Click the "Continue" button and the application will get the setup information for GMail. Click "Create Account" and Thunderbird will start and connect to your account.
Thunderbird has automatically configured the settings to get your Gmail.
The final step is to install Enigmail. PortableApps has provided a very simple install procedure and links to the software that is needed. Once Enigmail is added to Thunderbird you will need to setup encryption. Select "OpenPGP" then "Setup Wizard" in Thunderbird Portable. Follow the instructions, unless you know otherwise use the default values. To allow people to easily send you encrypted email you should allow your public key to be placed on a key server. If someone wants to send you email (or you want to send email to someone) the key server can be queried to see if a public key is available for an email address.
Create email normally, the first time a message is sent to a particular email address you will be prompted to select the public key of the email recipient. The outgoing message will be encrypted using the recipient's public key. If the recipient doesn't have a public key then the message cannot be encrypted and will be sent in plain text. When you receive an encrypted message you will be asked to enter your passphrase (created using the OpenPGP Setup Wizard) and the message will be decrypted and displayed.
Remember that wherever you store the private key created during the Setup Wizard must be kept safe. If someone gains access to the flash drive with Thunderbird Portable they can get your private key, and with it your encrypted email can be read.
In summary:
- Create a GMail account.
- Enable IMAP for the GMail account.
- Install Thunderbird Portable on a flash drive.
- Install OpenPGP and Enigmail on Thunderbird Portable.
- Create a public / private key pair and share the public key on a keyserver.
No comments:
Post a Comment