Some people like to digitally sign their emails. This means that the recipient can be sure that the email is from them. Emails can also be entirely encrypted so that only the recipient can read them—anybody who intercepts the message along its travels through the Internet will see only garbage.
Email encryption and signing works on the principle of a key pair. Two cryptographic keys are created by an individual—a private one, that is keep secret, and a public one that is shared with others, either by giving them the details in a file or uploading it to a public key server.
The two keys work in concert—effectively, anything encrypted with one can only be decrypted with the other. When used with email, this allows you to digitally sign using your private key. Those who have the public key can check the signature of the email, which could only have been generated by you, and which is also based on the contents of the email, thus proving things weren’t tampered with in transit.
Alternatively, anybody with your public key can encrypt an email so that only you can decrypt it using your private key. If you have their public key, you can encrypt emails so that only they can read them.
Closer to home, once a key pair has been created, you can use it within your own system to encrypt files on your hard disk so that only you can decrypt them using your passphrase.
The steps below look at setting up encryption, first by creating a key pair, and then configuring Evolution to use it. Following that, we’ll look at using the same encryption setup to encrypt files.
Creating a key pair
Click Applications -> Accessories -> Passwords and Encryption Keys to start the Seahorse application, which is used to manage all encryption keys within Ubuntu.
In the program window that appears, click the New button. In the dialog box that appears, select PGP Key. Ubuntu and most other versions of Linux use the GNU Privacy Guard (GPG) software, which is an entirely Free Software version of the original Pretty Good Privacy (PGP) software. GPG uses the OpenPGP standard, just like PGP, so the two are entirely compatible.
Click the Continue button.
In the dialog box that appears, fill in the Full Name and Email Address fields. You must type both a forename and surname into the Full Name text field. In the Comments field you can type a short description to describe who you are, such as your location or job. This can help avoid confusion if more than one person shares the same name as you, or has a similar-looking email address.
In the Advanced key options dropdown, you can select to choose a different type of encryption, although the default choice of DSA Elgamal and 2048 bits is considered extremely secure and also flexible enough to meet most needs. Once done, click the Create button.
Following this, you’ll be prompted for a passphrase. Essentially, this is the password that you will need to decrypt emails others have sent to you, as well as files you encrypt. It’s important that you make the passphrase something hard to second-guess but also memorable enough so you don’t forget it. The passphrase can include letters, numbers, symbols and space characters.
After this the key will be generated. This will probably take some time. Depending on the speed of your computer, it could take up to an hour.
Once it’s finished, you’ll need to export public key so your email contacts can use it. To export it as a file, so you can hand it to others on a floppy disk or USB key stick, simply click select the new key, right-click it, and click Export Public Key. You’ll be prompted to save a .asc file, so do so. Then simply pass this file onto friends or colleagues, and ask them to import it as a trusted key. Perhaps it goes without saying that your contacts will need some kind of PGP email setup before they can import your public key. Encryption programs are available for both Mac and Windows—just search Google. If they’re using Windows, direct them towards http://www.gpg4win.org, which is an implementation of the same GPG software used under Ubuntu
Alternatively, you might choose to upload it to a public key server. This is like a worldwide phonebook of public keys. It certainly saves a lot of effort handing the key out to your contacts one-by-one. To do so, right-click the new key you created and click Sync and publish keys. Then click the Key Servers button in the dialog box that appears and, in the new window, select an option from the Publish keys to drop-down list (pgp.mit.edu is a good choice). Click the Close button, and then the Sync button in the original dialog box.
1 comment so far ↓
[...] [...]
You must log in to post a comment.