public key email encryption

Question

Who has their email fully encrypted ?

I would like to encrypt my email but I am not sure how to start. If I use encrypted email and I send an email to someone who does not encrypt his email how can the receiver read the email ?

What email client would you recommend to run on a windows systems for encrypted email ? I am using Thunderbird at the moment.

As I understand you have to generate 2 keys (one public and one private) but how do you generate this key? I also think that you have to put your key somewhere to download but I don't understand how you can trust the downloaded keys.

Any links to a good (not too complicated) guide about the working an implementing of email encryption would be very much appreciated.

kind regards wim hendrix anatak

Answer 1

Thunderbird with Enigmail is a great free solution for what you’d like to do. I use Outlook and PGP, but I think they’re approximately the same.

For a detailed explanation of public/private key encryption check out the wiki page, but I’ll try to sum up here.

To encrypt a message so that nobody else but the receiver (bob) can view it you encrypt the message using Bob’s public key. The public key allows you to encrypt but not to decrypt. Without a public key you cannot encrypt a message, so there is no worry about encrypting a message that nobody can decrypt.

When Bob receives your message he will use his private key to decrypt the message. He keeps this private key very secret so that nobody else can decrypt his mail. To send an encrypted message back Bob will use _your public key (which you have sent him before) to encrypt a message. Then he will send it to you and you can decrypt it using your private key.

That said the solution that I use for my mail is to use opportunistic encryption, so if I have the public key of any recipient of my mail message it gets automatically encrypted, if I do not, it doesn’t. This doesn’t protect me from accidentally sending out a secret message to a person that I don’t have a public key for however. For that I have to be very careful to always verify I have all the keys I need to have for secret messages.

In order to do this I have an e-mail rule setup that says that if I have the word [PGP] in the subject line it will not allow the message to be sent unencrypted. If I try to it will throw an error and warn me of my mistake.

The enigmail site has a good description on how to setup thunderbird to encrypt your messages.

Answer 2

Thunderbird has a neat plugin called Enigmail for doing just what you want.

There are two systems for encrypting emails (and for assuring the authenticity of keys), S/MIME and PGP/MIME. The former uses a traditional PKI (public key infrastructure), meaning that your key has to be signed by a certificate authority to be usable.

Thawte has a Freemail service for signing email certificates for free, if you can find people in your area who can certify your identity in person (you will need to take at least one form of government-issued photo ID, preferably two, when you are being certified, such as passport and driving licence).

The PGP system uses a more grass-roots style of authenticating. You simply find other people who are already well known in the PGP "web of trust", and get them to verify you (again with similar documentary requirements, though different signers have different requirements).

To find such other people, you should seek out "PGP keysigning parties". They're occasions where everybody brings their ID, and everybody signs everybody else's key.

So to answer your question about how to trust keys you download: in the S/MIME model, a trusted CA (such as Thawte) has to sign it. In the PGP model, people who are "well known" (to you, at least, and preferably to most PGP users) have to sign it.

I happen to be a Thawte Web of Trust notary, so if you want to go the S/MIME route, live near Auckland, and happen to want to be verified, write a comment here or something. :-P

Answer 3

PGP is one such system that I have used for emails.

There's a tutorial here or here.

Answer 4

I actually use FireGPG, it's a Firefox Extension that enables you to encrypt, sign, decrypt, verify, and more operations directly on Firefox, I mainly use it in GMail...

I also use GPG4Win, it's a package for Windows that bundles:

• GnuPG, the actual cryptographic software
• Two key managers (WinPT, GPA)
• GPGee (for Explorer shell integration)
• GPGol (a plugin for MS Outlook)
• Claws Mail (actually a complete mail program).

This package it's very good for get GnuPG up and running quickly...

Answer 5

I use Outlook and PGP and have done for over 10 years without problems. The PGP outlook plugin just works. No complications to the setup. Only hitch recently is needing to upgrade PGP when I upgraded to Office 2007. (PGP 8.1 is deleting the entire email contents and doing weird things with attachments.)

There are several public key servers where you can upload your public key and find other peoples.

PGP is compatible with GPG so I can exchange encrypted emails with colleagues who use GPG and Thunderbird.

Answer 6

Can anyone answer this question from the point of view of encrypted IMAP on port 993 or at least TLS with Postfix maybe??

Answer 7

Use WinRAR, and give him the password in person.

WinRAR is VERY secure. There's a case where the goverment couldnt' get into files on a laptop a guy was carrying from Canada. He used WinRAR. They tried to make him give them the password, and he took the 5th. It was on appeal for s years, and the courts finally said he didn't have to talk (every court said that during this process). I couldn't believe someone would even think he couldn't take the 5th. The government dropped the case when they lost their appeal, because they still hadn't cracked the files.