How To Encrypt Your Mail
E-mails are a lot like letters. On certain occasions, it doesn’t matter who reads them (for example, a birthday greeting or wedding invitation). But often, the communication is private or sensitive – to you, the intended recipient, or both. It’s why we sometimes ship letters or documents in sealed envelopes, but other times send postcards that can be read by anybody.
The letter-email analogy should make it clear that hackers and terrorists are not the only ones who rightfully demand privacy of electronic communications. It isn’t about hiding ‘bad things’. If you’ve ever sent an e-mail with your bank statements, an expression of love or regret to your significant other, or a confidential document with details of business deals, you probably understand this already. If you remain unconvinced but are curious to know more, you could read this short piece. There’s a good reason why the police requires a warrant to search your home for documents. And there’s no good reason why the same rules should not apply to e-mails as well.
So, how do you seal the envelope in which your e-mail is carried? That’s encryption.
Before we get to the how, it may be useful to spend a minute understanding what we mean by encryption. Encryption can guarantee two things: (1) prevent others from intercepting and reading your communications; and (2) help the recipient verify that it is actually from you. E-mail encryption typically works using ‘public keys’ and ‘private keys’:
(Image courtesy the Free Software Foundation under a CC 4.0 license)
As explained above, the way it works is that you share your public key with the rest of the world, but keep your private key, well, private. If I want to send you a mail, I will encrypt the mail with your public key. You, and only you, will be able to read this e-mail by decrypting it with your private key. The concept is that simple! And it works.
By following the steps below, you will have installed the tools necessary to generate your public/private key and send encrypted mails:
Step 1: Download the required programs
(B) If you’re going to use encryption, you’ll need a client like Mozilla Thunderbird to send/receive mails as opposed to a website like Gmail.com (you can still use your Gmail account though, don’t worry). A desktop e-mail client actually has its advantages. You can download Thunderbird here. It’s free, fast, secure and works across different platforms.
(C) To generate a new public and private key pair for yourself, you will need the Enigmail extension for Thunderbird. Download it from here, save it to your desktop and drag and drop the icon into Thunderbird. It will install automatically.
Step 2: Configure your account and generate your keys
(A) Launch Thunderbird and configure your existing e-mail account (Gmail/Yahoo/Hotmail etc.) or create a new account. Enter the username and password, click ‘continue’ and it will be set up automatically.
You can always configure a new account at any time by following these steps: Click ‘Tools’ (top-right corner of Thunderbird as shown below) -> Options -> Accounts -> Account Settings -> Account Actions -> Add Mail Account.
(B) Now you’ll have to generate your public and private keys. Click Tools (top-right corner) -> Open PGP -> Key Management. The ‘Open PGP Key Management’ window will open. Click ‘Generate’ -> New Key Pair -> Select the account and username -> Choose a passphrase (it’s the equivalent of a password) -> Click ‘Generate Key’. That’s it, you’re done!
Step 3: Share your public key
Once you’ve generated your key pair, it’s time to tell your friends (and the world) that you’re ready to send encrypted mails. To do this, you’ll need a copy of your public key. Use the ‘Open PGP Key Management’ tool, select your account and right-click on it. Click the option ‘Export Keys to file’ and choose ‘Export Public Keys Only’. The text file contains your public key, which you can publish on your website, attach to your e-mail signature or upload to a keyserver where the entire world can find it. For example, I’ve published my public key on Techlawtopia so that readers can send me encrypted mails if they prefer.
Step 4: Send and receive encrypted mails
Remember, you have to go through Steps 1 to 3 only once. After everything has been set up, sending an encrypted mail is as easy as sending an unencrypted one.
A. Compose your mails using Thunderbird by clicking ‘Write’ in the top-left corner. To encrypt and sign your mails, click on ‘Open PGP’ and simply check all the options given in the drop-down menu (as shown below). At the bottom-right are two symbols, which if highlighted in yellow, means it’s encrypted and signed. if You can use the ‘key management’ tool to import and search for public keys. You can find my public key here, but also on any of the public keyservers.
A. Reading encrypted mails is as easy as opening the mail you want to read and clicking the ‘Decrypt’ button. Thunderbird will ask you for the passphrase and will automatically unscramble the text for you to read.
End-to-end encryption only works if both, the sender and recipient, are using such tools. So make sure to get your friends and family on board (at least the ones you can convince with a little prodding). It takes a little while to set up, but you’ll be glad you did it. Although it is impossible to guarantee that any encryption method is fully secure, PGP is fully open-source and has been used by several important people with a lot at stake (Edward Snowden, for example). If your communications are especially sensitive, please speak to a security professional for assistance.
Hope this primer made the idea of encrypting your e-mail less daunting. If you run into any difficulties setting this up, have any questions or comments, please use the contact page. Don’t forget to send me an encrypted mail to test things out!
(This primer is licensed under a Creative Commons 4.0 license. You are free to copy, use, share, modify and translate this primer without permission, so long as it is strictly for a non-commercial purpose and you attribute Techlawtopia and the author as the original source. For other permissions, please use the contact page)