Reliably encrypting emails using GnuPG

Slashdot it! Delicious Share on Facebook Tweet! Digg!
Maksim Kabakou, 123RF

Maksim Kabakou, 123RF

Locked

Since the NSA snooping scandal, many companies have started to offer secure communication services and storage. However, if you really want secure email communication, you need end-to-end encryption using GnuPG.

Mail and communication security is a basic right of all citizens. Whatever country you live in, you should be assured that no one else has read your letter before it's delivered to you.

The constitutional right of privacy protects all written messages from the prying eyes of others. Similar rules apply to digital communication, although that's recently been put to test by revelations made by the likes of Edward Snowden, which leads us to believe that the intelligence community has little respect for this privacy.

The problem is that email messages pass through the Internet like postcards for everyone to read. To address this issue, in 1991, Phil Zimmermann, a Symantec employee, developed Pretty Good Privacy (PGP), a robust process for encrypting emails.

Over the years, PGP has become OpenPGP as an open standard, which the Free Software Foundation implements as GnuPG (GPG) for Linux. In this article, I will show you how GnuPG works and how you can set up the Thunderbird email client to protect yourself from eavesdropping.

How PGP Works

PGP is based on a public key infrastructure, which has its own implications. Anyone participating in the PGP system has a unique pair of digital keys – a private key that only they know, and a public key that all can see and which is passed on to the communication partner.

If Alice and Bob, owners of two PGP key pairs, want to communicate privately and encrypt their messages, they exchange public keys (the key IDs) offline so that they keys are not intercepted over the Internet.

Alice encrypts her email with Bob's public key. She also adds her private key to digitally sign the email, a kind of signature. Bob can open her mail only with his own private key. Bob has the assurance that the email actually comes from Alice, because only she can validate her signature with her private key.

Public and private keys are like locks and keys. When Alice encrypts the message with Bob's public key, it forms a lock that only Bob can open with his private key. Mallory, who intercepts the lock, sees only the lock and not its contents.

The infrastructure is based on the assumptions that the participants know each other, can verify their identities, and have exchanged key IDs. The more participants, the more secure the communication. Therefore, the network of GnuPG participants has been called the "Web of Trust."

A Rough Start

The algorithm behind GnuPG is highly complex, but that is not a problem for the end user. All you need is an email client such as Mozilla Thunderbird with the GnuPG Enigmail plugin. Of course, there are other mail clients that use GnuPG: KDE's KMail or Evolution from the Gnome desktop environment are also viable alternatives. The following example, however, is based on cross-platform combination of Thunderbird, Enigmail, and GPG.

You need to do a bit of GPG preparatory work before you start to encrypt your messages. First, you need a key pair of public and private keys, which requires you to have GPG installed. In Ubuntu, you may already have it but, if not, run the following:

$ sudo apt-get update
$ sudo apt-get install gnupg

And, you're done.

Buy this article as PDF

Express-Checkout as PDF

Pages: 5

Price $0.99
(incl. VAT)

Buy Ubuntu User

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Encrypting email with GnuPG

    US intelligence agencies tap into billions of call data and electronic messages monthly – reason enough to consider encrypting your email traffic.

  • Q&A with Ubuntu contributor Mike Basinger

     

  • An overview of the IMAP client Trojitá

    Trojitá is new to the scene of email clients, but it already stands out for its intuitive interface and speed. Even so, this client is still missing some essential functions.

  • Pyspread – The Spreadsheet with a Python connection

    You can find plenty of spreadsheets offering a multitude of features. The Python-based Pyspread demonstrates that a sophisticated spreadsheet application can also be newcomer-friendly.

  • Welcome

    The title of this issue's Editorial section is a shameless rip-off of a section that used to run in Omni, the influential and very cool 80s magazine of "Science Fiction, Fact, and Fantasy." The section in Omni talked about advances in science and technology and where they would lead us. The title played on the actual verbal tense – the word "will" was used a lot in the articles, and the fact that, well, it was about the future.