My first cryptoparty: How to encrypt your e-mail
Disclaimer: non tech article
When I was invited to go to a cryptoparty I wasn’t very sure about what I would see there. I actually thought that maybe I could see some encryption algorithms. Also, I recently moved to Berlin and I thought that it would be a nice opportunity to meet some people.
Turns out, the meeting was about privacy and there were people from all backgrounds there, not just techie/nerds. There was even a little girl (with her mom) who also learned how to encrypt her email☺! I guess it’s particularly nice to share with non tech people, so if you are a journalist, a lawyer, a doctor, a politician, if you deal with sensitive information, if you are a tech person who is inexcusably exposed or if you’re just someone that simply don’t want your life information unprotected, continue reading.
The night started with Ásta Helgadóttir from Iceland talking about privacy and how we constantly expose ourselves in the internet. We talked about email encryption and why would I want to encrypt my email.
First, what is email encryption?
When you encrypt an email, it means that only you and the receiver can actually read the email. Imagine that you’ve written a letter to someone and sent it in a strong box with a padlock. This person would have the key to open it, and even if the box passed through other hands the content could only be revealed once the person with the key opens it.
Why you should be interested on that?
If you are a lawyer, for instance, you don’t want your clients sensitive data exposed. It is your client’s right to prevent any other person from disclosing confidential information in a case.
Being on the internet is now synonym of being social and when cultivating this social aspect, people share information about wether or not they are in a relationship, if they broke up, if they married, it they have a child, and the very first picture of an individual who didn’t even got to choose if she want to be exposed like that is already in the internet. I’m patiently waiting for an article in which someone will tell that when she created an account on Facebook it automatically filled it with baby photos from her parents. Facebook message by then: “Hey, I found this picture in your parents’ archive, is that you? You were so cute! Want us to build a baby album for you to share with your friends?”
“Hey, I found this picture in your parents’ archive, is that you? You were so cute! Want us to build a baby album for you to share with your friends?”
Sounds creepy, doesn’t it? So, how much is OK to share? Well, while you think about it, let me also tell you that your e-mail is not the only thing compromised. Your chat messages are also insecurely trade and your mobile phone… Well, let me also share an article for you to read later: Maybe better if you don’t read this story on public WiFi. Don’t panic, though. There’s a lot of tips on the internet on how to get protected.
After Ásta’s talk, we organised ourselves in groups willing to learn different ways to protect our information. I was in the e-mail encryption.
Download and install Thunderbird (an e-mail client). After you install it, go to the menu Tools > Add ons, search and download the enigmail add on (an OpenPGP message encryption and authentication). Then, restart Thunderbird and use Enigmail installation wizard.
The wizard will tell you that you don’t have GnuPG installed, ask the wizard to install it for you.
Then it will ask you to generate a new key pair. The pair is a public and a private key. The public key, as the name states is public and it’s used by someone else when sending you an email. The public key may be published in a key server in the internet, so when someone want’s to send you an encrypted message, she can check if you have a key in the key server. The private key is stored in your computer and no one has access to it.
So fill your name, email and check the upload option. Then, generate the key.
The application will ask you for a passphrase. It’s very important for it to be something you will remember, as you’ll use it to read encrypted messages sent to you.
All right, your public key and private key were generated. Let’s try to send a message.
Click on the option Write to write a new e-mail and then access Enigmail menu (or in the message itself) and the option Message will not be encrypted > Force encryption.
We created the key, but we didn’t confirm our identity to Enigmail, so it will now ask us to do so (that will only have to be done in the first time using it).
Click Configure and select your key.
Now, back to your message, type the receiver address and press send. Since we just did all the configuration stuff, you probably don’t have keys yet and the recipient key can’t be found. It doesn’t mean that the recipient doesn’t have a public key. To check, click on Download missing keys.
It will import the key from a key server. It doesn’t matter which one because they all have the same information.
If the recipient really doesn’t have a public key, then you’ll see the following message:
If the recipient does have a key, you’ll see this one:
Click OK and you’re message will be sent encrypted as instead of “Hi”, you had written a huge alphanumerical sequence. And the only person able to read “Hi” again will be the receiver.
So you now sent you’re very first encrypted message. Well done! ☺
If there was any problem during the configuration, you can also try Thunderbirds’ support on Digitally Signing and Encrypting Messages.
Got interested on how to protect yourself? Find more tips here: Security in-a-box: Tools and tactics for your digital security.
Want to keep talking about privacy or meet in another cryptoparty? Reach me on twitter @sarahpimentel.