How to start sending encrypted emails in 10 minutes...
Krop | 12.01.2009 00:13 | Technology | Terror War
So you want to send encrypted emails but don't know how? Strapped for cash? Here is how to do it in 10 minutes using Windows, Firefox, and Outlook and for free - though it will probably apply to most other systems using email through a windows programme (like Thunderbird, Outlook Express, etc). Keep PC Plod and the Job Centre away from your private emails!
How to VERY QUICKLY, start sending and receiving encrypted emails.
I discovered how to do this just now... it is not a guide to online security, or authoritative in ANY WAY. But it took my all evening for me to work out how to do this, so in order to save people time, and to get people sending emails that nobody can get their prying eyes into, read on....
The instructions below describe how to send your first encrypted email using a Windows PC, browsing with Firefox, and collecting and sending emails with Outlook 2007. But I reckon it shouldn’t be too different doing this in Thunderbird or under Internet Explorer.
If you use webmail – e.g. Googlemail, Yahoo, Riseup, etc., then you should first set up a mail client (such as Thunderbird or Outlook Express) to handle all of your emails first and then try and get the emails encypted. It is well worth doing this if you get the chance just for usability’s sake.
1) Get a “Digital Signature” for yourself. This isn’t a signature like you have in your emails at work with a phone number and other personal information. It’s a piece of information that identifies you digitally. I tried a few software programmes for free to create a signature, but none of them would work with Outlook 2007. Forget telling me that Outlook is corporate crap by the way...it’s quite good, and besides, it’s a free copy (courtesy of the Pirate Bay). To get a digital signature that worked in Outlook, I got one from
http://www.comodo.com/products/certificate_services/email_certificate.html. I do not know much about this company, but it’s probably as secure as any other. Fill in your details, and you will get your Signature. Follow the instructions on the screen, and do some background reading if you want to – Wikipedia is a good place to start (Google threw up a lot of very old websites and old software which was pretty irrelevant).
2) I got my certificate and thought...where the heck has it been saved to? Luckily I found it... it had been added to Firefox itself! To find your signature (if using Firefox 3), go to Tools > Options > View Certificates > Your Certificates. Here you will see your signature, from The UserTrust Network. Anyway, click on the name you gave yourself when requesting a Digital Certificate from Comodo, and click on the button “Backup”. Here, enter the password you chose, and save it somewhere easy to find – e.g. your desktop.
3) Now, load up Outlook 2007, and go to Tools > Trust Centre > Email Security. From here, import your Digital ID that you saved. You will want to automatically sign all of your email, and to encrypt them when you are communicating with anyone who you hold a Digital ID for - click the appropriate options.
4) What I did to check it was all working, was to send myself an email with a few words in the main body of the text (the message itself – not the subject), and sent it to myself, and to another email address where I could look at the email that had been sent. The email I sent myself I could open correctly and read; there was a little icon on the email message which indicated it had a signature and was signed, and was encrypted. The email that I copied (CC’d) to another email address that I have access to, I could open, but could not read – the message contents were just a load of garbage...it had been encrypted!
I do not count myself as an expert in this, and the only reason I have written the above is because I have wanted to get my mail secured for ages, and have never been able to work it out. I looked online, and it seemed like a matter of luck discovering how to go about doing it....especially when I didn’t want to spend a penny doing it... so if even one person manages to get their email signed, and then later, encrypted, then it has been worthwhile.
I discovered how to do this just now... it is not a guide to online security, or authoritative in ANY WAY. But it took my all evening for me to work out how to do this, so in order to save people time, and to get people sending emails that nobody can get their prying eyes into, read on....
The instructions below describe how to send your first encrypted email using a Windows PC, browsing with Firefox, and collecting and sending emails with Outlook 2007. But I reckon it shouldn’t be too different doing this in Thunderbird or under Internet Explorer.
If you use webmail – e.g. Googlemail, Yahoo, Riseup, etc., then you should first set up a mail client (such as Thunderbird or Outlook Express) to handle all of your emails first and then try and get the emails encypted. It is well worth doing this if you get the chance just for usability’s sake.
1) Get a “Digital Signature” for yourself. This isn’t a signature like you have in your emails at work with a phone number and other personal information. It’s a piece of information that identifies you digitally. I tried a few software programmes for free to create a signature, but none of them would work with Outlook 2007. Forget telling me that Outlook is corporate crap by the way...it’s quite good, and besides, it’s a free copy (courtesy of the Pirate Bay). To get a digital signature that worked in Outlook, I got one from
http://www.comodo.com/products/certificate_services/email_certificate.html. I do not know much about this company, but it’s probably as secure as any other. Fill in your details, and you will get your Signature. Follow the instructions on the screen, and do some background reading if you want to – Wikipedia is a good place to start (Google threw up a lot of very old websites and old software which was pretty irrelevant). 2) I got my certificate and thought...where the heck has it been saved to? Luckily I found it... it had been added to Firefox itself! To find your signature (if using Firefox 3), go to Tools > Options > View Certificates > Your Certificates. Here you will see your signature, from The UserTrust Network. Anyway, click on the name you gave yourself when requesting a Digital Certificate from Comodo, and click on the button “Backup”. Here, enter the password you chose, and save it somewhere easy to find – e.g. your desktop.
3) Now, load up Outlook 2007, and go to Tools > Trust Centre > Email Security. From here, import your Digital ID that you saved. You will want to automatically sign all of your email, and to encrypt them when you are communicating with anyone who you hold a Digital ID for - click the appropriate options.
4) What I did to check it was all working, was to send myself an email with a few words in the main body of the text (the message itself – not the subject), and sent it to myself, and to another email address where I could look at the email that had been sent. The email I sent myself I could open correctly and read; there was a little icon on the email message which indicated it had a signature and was signed, and was encrypted. The email that I copied (CC’d) to another email address that I have access to, I could open, but could not read – the message contents were just a load of garbage...it had been encrypted!
I do not count myself as an expert in this, and the only reason I have written the above is because I have wanted to get my mail secured for ages, and have never been able to work it out. I looked online, and it seemed like a matter of luck discovering how to go about doing it....especially when I didn’t want to spend a penny doing it... so if even one person manages to get their email signed, and then later, encrypted, then it has been worthwhile.
Krop
Additions
Other places to get your Digital Signatures From
12.01.2009 13:52
Visit here:
http://kb.mozillazine.org/Getting_an_SMIME_certificate
---
Comodo - as in the guide above, is listed as the easiest place to get a Digital Signature.
http://kb.mozillazine.org/Getting_an_SMIME_certificate ---
Comodo - as in the guide above, is listed as the easiest place to get a Digital Signature.
Dr Encro
Comments
Hide the following 9 comments
One slight problem
12.01.2009 10:14
loppy
au contraire
12.01.2009 13:30
I can see no argument for not encrypting, unless one supports the right of unhindered access to emails by government and the police.
In particular though, anyone organising a demonstration, or a campaign, should ensure that the people their are communicating with online use encryption.
There is NEVER a reason for not encrpting when you have the opportunity to do so.
Krop
re-read
12.01.2009 13:31
you ARE using your normal email account. You are simply scrambling the contents of the messages that you send and receive from it.
It's not a new email account! Or anything even remotely unusual for that matter.
Krop
Actually
12.01.2009 14:18
But if you were to be using computers for anything illegal and needing to be told to encrypt, you are probably going to be busted anyway.
The common sense aspect of encrypting any activism related material, is this:
1. Any 3rd rate network admin can tell you that you can you use even the lamest Microsoft network analysis tools to record network data (if you can access that network... legally or illegally) and if you can "sniff packets" and those packets contain unencrypted text you can sit and read those messages straight out the data capture... I used to do it just out of boredom at work.
So, remember unencrypted data is totally visible if anyone can get into your network.
ISPs make all sorts of bold claims about their firewalls and security measures, but people get scanned for Trojans from within their own ISPs all the time, so do not expect ISPs to be AHEAD of the game, but rather always playing catch up.
And hey, they could even use your wireless router if you are not diligent.
2. You may not be doing anything illegal, but someone nearby may be, and may be subject to a RIP warrant and because you may be a few degrees away from that person, you may be being watched too. And, who is to say that the non-violent blockade you have planned for next week doesn't get passed on to your local plod & target location and lo and behold they are there before you are when you turn up.
3. Worse than PC Plod, is the private sector of "surveillance". Your average rent-a-spook has been demonstrated time and time again to have the morals of the slimy shits that hire them. If they can easily gain access to your system, they aren't going to worry about warrants and due process, they will just ram their sniffers up your ports to their heart's content.. assuming they have been unable to hack you directly...
But yes, if you are an activist and people are working with other people, it really should be seen as an obligation to to take data security seriously.
Obviously the biggest/toughest issue is infiltration, but that is no reason to lock the doors and leave the windows open.
MNM
I would recommend PGP instead
12.01.2009 23:37
A non-free version is here:
A free version is here:
The second option, GnuPG is very good. It integrates very nicely with the Thunderbird email program using the Enigmail add-on, but you can also use it with other programs such as Outlook or Outlook Express.
I would resist the temptation to download cracked versions of things like PGP or Outlook from places like the PirateBay. They could easily contain trojans or viruses and when security is concerned, this is a massive compromise.
Free software is definitely the way to go for security (that is free as in both speech and beer). Even if the software is paid for, you can't totally trust it unless the "source code" is freely available for inspection.
g33k
PGP
13.01.2009 03:13
Krop
g33k
13.01.2009 12:25
MNM
GPG how to ( for the 3rd time this month!)
13.01.2009 19:24
Gpg4Win is explained here so even a Microsoft engineer can understand it:
The article links to this Linux How To for Gnu Privacy Guard:
Drive encryption:
TrueCrypt offers plausible deniability, meaning you can nest an encrypted volume. That means if the judge orders you to provide a password to it, or a gangster threatens to cut off your fingers unless you unlock it, your sensitive data is still hidden.
xMCSE
GPG = PGP
14.01.2009 23:20
PGP = Pretty Good Privacy, which is the name used for both the open specification and the particular corporate software that is an implementation of it. The software is kind of free as in beer if you use a cut-down version, but it isn't really properly open-source. The non-free part has some other tools like encrypted disks that aren't part of the main PGP specification.
GPG = GnuPG = Gnu Privacy Guard, which is a totally free and open-source software implementation of the PGP standard specification.
PGP and GPG are totally compatible with each other, they are just two programs that do that same basic thing - encrypt and sign emails and other files.
There are a lot of tutorials out there on using them, a previous poster has provided some links.
Personally I would recommend using GnuPG with the Thunderbird email program instead of Outlook or Outlook Express.
g33k