Mail encryption, the need of times

Discussion in 'Science and Technology' started by spikey360, Nov 10, 2012.

?

Have you ever contemplated encrypting your mails?

  1. Yes

    50.0%
  2. No

    0 vote(s)
    0.0%
  3. Unaware of mail encryption

    50.0%
Multiple votes are allowed.
  1. spikey360

    spikey360 Crusader Senior Member

    Joined:
    Jan 19, 2011
    Messages:
    2,285
    Likes Received:
    2,116
    Location:
    The Republic of India
    Mail encryption, the need of times
    Why You Should Encrypt Your Email
    [HR][/HR]
    Security is mostly hype, right? You don't really need to bother with all those complicated passwords, antivirus software, firewalls and such. Its all just security software vendors and security consultants trying to scare everyone so they can sell their products and services.

    I don't actually disagree with those statements at times. There are common sense steps everyone should take to secure their computers and networks, but there is certainly no shortage of hype in the news. Like the latest hot mutual fund- by the time it makes it into a newspaper or magazine it is old news and most likely too late for you to react to anyway.

    However, as one of the common sense measures that aren't pure hype you should consider encrypting your email communications. If you are on vacation you might send a picture postcard to a friend or family member with a quick "wish you were here" sort of message. But, if you are writing a personal letter to that same friend or family member you would be more inclined to seal it in an envelope.

    If you are mailing a check to pay a bill or perhaps a letter telling a friend or family member that the extra key to your house is hidden under the large rock to the left of the back porch you might use a security envelope with hatched lines to obfuscate or hide the contents of the envelope even better. The post office offers a number of other means of tracking messages- sending the letter certified, asking for a return receipt, insuring the contents of a package, etc.

    Why then would you send personal or confidential information in an unprotected email? Sending information like the location of your extra house key under the large rock to the left of the back porch in an unencrypted email is the equivalent of writing it on a postcard for all to see.

    Encrypting your email will keep all but the most dedicated hackers from intercepting and reading your private communications. Using a personal email certificate like the one freely available from Thawte you can digitally sign your email so that recipients can verify that its really from you as well as encrypt your messages so that only the intended recipients can view it. Comodo is another company offering free digital certificates for personal use. You can obtain your free certificate by filling out a very short and simple registration form.

    That actually introduces an added benefit. By obtaining and using a personal email certificate to digitally sign your messages you can help to stem the tide of spam and malware being distributed in your name. If your friends and family are conditioned to know that messages from you will contain your digital signature, when they receive an unsigned message with your email address spoofed as the source they will realize that its not really from you and delete it.

    The way typical email encryption works is that you have a public key and a private key (this sort of encryption is also known as Public Key Infrastructure or PKI). You, and only you, will have and use your private key. Your public key is handed out to anyone you choose or even made publicly available.

    If someone wants to send you a message that is meant only for you to see, they would encrypt it using your public key. Your private key is required to decrypt such a message, so even if someone intercepted the email it would be useless gibberish to them. When you send an email to someone else you can use your private key to digitally "sign" the message so that the recipient can be sure it is from you.

    It is important to note that you should sign or encrypt all of your messages, not just the confidential or sensitive ones. If you only encrypt a single email message because it contains your credit card information and an attacker is intercepting your email traffic they will see that 99% of your email is unencrypted plain-text, and one message is encrypted. That is like attaching a bright red neon sign that says "Hack Me" to the message.

    If you encrypt all of your messages it would be a much more daunting task for even a dedicated attacker to sift through. After investing the time and effort into decrypting 50 messages that just say "Happy Birthday" or "Do you want to golf this weekend?" or "Yes, I agree" the attacker will most likely not waste any more time on your email.
     
    Razor likes this.
  2.  
  3. W.G.Ewald

    W.G.Ewald Defence Professionals/ DFI member of 2 Defence Professionals

    Joined:
    Sep 28, 2011
    Messages:
    14,140
    Likes Received:
    8,529
    Location:
    North Carolina, USA
    Razor likes this.
  4. spikey360

    spikey360 Crusader Senior Member

    Joined:
    Jan 19, 2011
    Messages:
    2,285
    Likes Received:
    2,116
    Location:
    The Republic of India
    It's not very tough. I'll post a DIY soon. The important thing is to follow the instructions carefully once. I'm having a hard time convincing others of installing PGP and encrypting the things they send me. Don't know how people could be so nonchalant about online privacy.
     
    W.G.Ewald and Razor like this.
  5. spikey360

    spikey360 Crusader Senior Member

    Joined:
    Jan 19, 2011
    Messages:
    2,285
    Likes Received:
    2,116
    Location:
    The Republic of India
    GPG4Win is a great PGP/GPG for Windows package. Here's the link. If you go for this install, you'll find a great tutorial and walkthrough on their site. Oh, and like all great software packages, it comes free-of-charge. None, whatsoever.
    GPG4Win
    This comes with the Claws Mail client and there are detailed instructions on the site on how to set the whole thing up. So am not elaborating just yet.

    If anyone is using *nix system and have the gpg tool, then you could check this tutorial out.
    gpg walkthrough

    Next comes the problem of integrating PGP/GPG with your mail client. I use Evolution, for Thunderbird, you'd need a plugin, Enigmail if I remember correctly. That is available here.
    For Evolution mail client, you need to do the following after you have generated your PGP key-pair.
    Edit->Preferences->Mail accounts->(select your account)->Edit->Security and then paste your PGP/GPG key ID. Evolution takes care of the rest. Now whenever you need to send an encrypted mail, ensure you have the 'Public Key'of that entity and then just check the 'PGP Sign' option from the Options menu during mail composition, and Send the mail. You're done.

    I cannot throw much light on PGP and Outlook, stopped using M$ for some years now. But am sure a Google search could throw up something helpful. Happy encrypting and if you are really stuck, maybe I can help(maybe). PM me.
     

Share This Page