My first cryptoparty: How to encrypt your e-mail

Disclaimer: non tech article

Image credits: BKLYN Info Commons

When I was invited to go to a cryptoparty I wasn’t very sure about what I would see there. I actually thought that maybe I could see some encryption algorithms. Also, I recently moved to Berlin and I thought that it would be a nice opportunity to meet some people.

Turns out, the meeting was about privacy and there were people from all backgrounds there, not just techie/nerds. There was even a little girl (with her mom) who also learned how to encrypt her email☺! I guess it’s particularly nice to share with non tech people, so if you are a journalist, a lawyer, a doctor, a politician, if you deal with sensitive information, if you are a tech person who is inexcusably exposed or if you’re just someone that simply don’t want your life information unprotected, continue reading.

The night started with Ásta Helgadóttir from Iceland talking about privacy and how we constantly expose ourselves in the internet. We talked about email encryption and why would I want to encrypt my email.

First, what is email encryption?

Image credits: herval

E-mail encryption

When you encrypt an email, it means that only you and the receiver can actually read the email. Imagine that you’ve written a letter to someone and sent it in a strong box with a padlock. This person would have the key to open it, and even if the box passed through other hands the content could only be revealed once the person with the key opens it.

Why you should be interested on that?

If you are a lawyer, for instance, you don’t want your clients sensitive data exposed. It is your client’s right to prevent any other person from disclosing confidential information in a case.

Privacy

Image credits: Alan

Being on the internet is now synonym of being social and when cultivating this social aspect, people share information about wether or not they are in a relationship, if they broke up, if they married, it they have a child, and the very first picture of an individual who didn’t even got to choose if she want to be exposed like that is already in the internet. I’m patiently waiting for an article in which someone will tell that when she created an account on Facebook it automatically filled it with baby photos from her parents. Facebook message by then: “Hey, I found this picture in your parents’ archive, is that you? You were so cute! Want us to build a baby album for you to share with your friends?”

“Hey, I found this picture in your parents’ archive, is that you? You were so cute! Want us to build a baby album for you to share with your friends?”

Sounds creepy, doesn’t it? So, how much is OK to share? Well, while you think about it, let me also tell you that your e-mail is not the only thing compromised. Your chat messages are also insecurely trade and your mobile phone… Well, let me also share an article for you to read later: Maybe better if you don’t read this story on public WiFi. Don’t panic, though. There’s a lot of tips on the internet on how to get protected.

After Ásta’s talk, we organised ourselves in groups willing to learn different ways to protect our information. I was in the e-mail encryption.

Hands on

Download and install Thunderbird (an e-mail client). After you install it, go to the menu Tools > Add ons, search and download the enigmail add on (an OpenPGP message encryption and authentication). Then, restart Thunderbird and use Enigmail installation wizard.

The wizard will tell you that you don’t have GnuPG installed, ask the wizard to install it for you.

Then it will ask you to generate a new key pair. The pair is a public and a private key. The public key, as the name states is public and it’s used by someone else when sending you an email. The public key may be published in a key server in the internet, so when someone want’s to send you an encrypted message, she can check if you have a key in the key server. The private key is stored in your computer and no one has access to it.

So fill your name, email and check the upload option. Then, generate the key.

Enter your name and your e-mail and the keys will be generated.

The application will ask you for a passphrase. It’s very important for it to be something you will remember, as you’ll use it to read encrypted messages sent to you.

Enter a passphrase

All right, your public key and private key were generated. Let’s try to send a message.

Click on the option Write to write a new e-mail and then access Enigmail menu (or in the message itself) and the option Message will not be encrypted > Force encryption.

We created the key, but we didn’t confirm our identity to Enigmail, so it will now ask us to do so (that will only have to be done in the first time using it).

Click Configure and select your key.

Now, back to your message, type the receiver address and press send. Since we just did all the configuration stuff, you probably don’t have keys yet and the recipient key can’t be found. It doesn’t mean that the recipient doesn’t have a public key. To check, click on Download missing keys.

It will import the key from a key server. It doesn’t matter which one because they all have the same information.

If the recipient really doesn’t have a public key, then you’ll see the following message:

Ask him to generate a key, read this article or any other articule regarding privacy and email encryption.

If the recipient does have a key, you’ll see this one:

Click OK and you’re message will be sent encrypted as instead of “Hi”, you had written a huge alphanumerical sequence. And the only person able to read “Hi” again will be the receiver.

Phil Zimmermann creator of PGP (Pretty Good Privacy). Image credits: Cantankerous Buddha

So you now sent you’re very first encrypted message. Well done! ☺

More Help

If there was any problem during the configuration, you can also try Thunderbirds’ support on Digitally Signing and Encrypting Messages.

CryptoParty

The event took place at ThoughtWorks Werkstatt and there were almost 30 girls attending it. Check out when is the next party in Berlin or general information about cryptoparties.

Got interested on how to protect yourself? Find more tips here: Security in-a-box: Tools and tactics for your digital security.

Want to keep talking about privacy or meet in another cryptoparty? Reach me on twitter @sarahpimentel.

Tschüss! ☺

Traveller, Runner, Reader, Tester, not in this particular order

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store