email and privacy

This is a collection of note and thoughts on using PGP, OpenPGP, GPG and similar encyrption+authentication methods. Much of it is not original, and what is original is not necessarily good.

Did you know: Emails are like easily modifiable post cards. Every time you send a postcard, it can be read and/or examined by all the people (posties etc.) between where you post the card, and where it should turn up. Emails too can be easily read and/or examined by all the systems, and all the people who control those systems, between you and the destination (which can be dozens or more).

Not only can emails be easily read, they can also be changed/modified, or even completely forged!

A OpenPGP signature can be used to show if forgery has occurred. The email is still easily read and/or examined (just like a post card), but it can not be forged. Imagine a postcard in between two pieces of very strong glass. For someone to modify the postcard, would require that they break the glass, making it obvious that a change may have occurred.

It is also possible to encrypt emails, so that only the intended recipients can read them. However, this requires that all individuals involved use the same system (of encryption). OpenPGP (RFC 4880) is a free and open standard, and is the system that I would recommend. The software I use is GnuPG (also GPG), and Seahorse (which integrates GPG into my email client and text editor, allowing me to sign, encrypt, verify or decrypt messages easily). Encryption could be likened to simply putting the post card in an envelope. Except that it's not quite such a good analogy, as envelopes can be opened and resealed without you noticing. If you use OpenPGP, the envelope cannot be opened at all. Maybe a better analogy would be a sealed box made of impenetrable material, with a lock that requires a key that only the recipient can have.

Want to get started straight away?

Have a look at Email Self-Defense from the FSF (available in multiple languages and for GNU/Linux and Mac users as well). This gives step by step instructions to get started.

How does it all work?

The OpenPGP standard is an example of public key cryptography. Each person has a public key, and a private key. The public key is published, and spread far and wide. The private key must be kept secret. To encrpyt something for a person, you use their public key. Then, only the private key can unencrpt it. To sign a message, you use your private key, and people can verify that it was you who wrote the message by using your public key.

Sounds great! How do I get involved?

Well, first you'll need to install some software! If you use some GNU/Linux or a BSD then you probably already have GNUPG install, else check your repositories.

Comments

When generating an OpenPGP key, you'll be asked to provide a comment or 'extra information'. The question then becomes, what should you provide? When I wrote this (in the first half of 2012) I could find no useful infomation about the purpose of this (beyond 'optional comment'). A quick look at a key server (typing in different names and seeing what others have done), provides some ideas.

You might also use it for degree initialisms (BA, MInfoMgnt, TISM) or certifications (RHCA, LPIC-1), or other identifying information (e.g. date and/or place of birth). Though you don't want to make identity theft too easy. (After I wrote the above, I found the FedoraProject Wiki suggesting using the comment for "describing who you are".)

The point is, that you can add anything you want to the optional comment. It will show up on keyservers and in keyrings, but has no required purpose. However, just like the name or email address you provide might go out of date, this comment may also go out of date. I suggest you don't have use a slogan ('Newt for president 1992'), unless it is ironic.

Subkeys and self-signing

Some sources suggest creating a master key that can only be used for signing, and then using it to create a subkey which can be used for encryption. This means that if the subkey is compromised, you can revoke it without losing all the trust from the master key. This is a good idea. Maybe you should do that. Sources include: Debian Wiki, GNUGPG Manual.

The GNUPG Manual also says you should self-sign your keys, before you distribute them. This is for security reasons.

Web of trust and key signing parties

Wanna have a party? A keysigning party is where you get together, and verify that each person is who they say they are (via trusted ID, or otherwise) and then you link their public key to them, and you can say that the public key belongs to that person.

Email signature

What's this strange 'signature.asc' attachment on all your emails? Why, that's my OpenPGP signature. It guarantees that (if verified) the email comes from me, and was not modified; or is obviously modified or not from me.

The finger print for the key I use for email is DF3B EF2D E60F FBF1 921E D0C0 A52F E9B4 8864 8388 (size is 4096 & type is RSA). You can also download from keyservers, such as Ubuntu's or MIT's.

Other resources & information

Other resources that may be of interest include (in no particular order):

Site & page info (footer)

Mostly handcrafted by Michael, this website was designed to standards, with the highest quality in mind, and in result. The code and content is freely available.

This page is located at http://next-nexus.info/writing/computer~ing/email%20and%20privacy.php and was last modified on 2017-06-23.