Security and privacy have always been important issues. One of the biggest areas of potential violation of security and privacy is also the most commonly used: e-mail. E-mail provides us with fast and easy communication with much greater options than traditional communication, but the risks are greater as well. E-mailed file attachments are the biggest spreader of viruses, trojans and worms. In the past, if you received an attachment from someone you did not know, you might suspect that the attachment contained a virus. But new viruses are sending themselves through the e-mail addresses of your friends and family. It is becoming more and more difficult to know whom to trust.

In addition, there is always the privacy issue of not knowing who has seen your e-mail, or even whom it really came from. E-mail can be intercepted and is hardly ever considered a secure way to communicate. So how do you protect your e-mail and keep it private?

A free (for non-commercial users) and easy solution is an encryption program called Pretty Good Privacy (PGP). First, it is important to understand how encryption works. There are two basic forms of encryption: conventional and public key.

To use conventional encryption, the sender and recipient must have the same key and a suitably secure way to transfer the key from one to another.

In cryptography a “key” is an algorithm that is used to turn normal text into a coded message. Public key encryption works by encrypting the document with the public key of the recipient.

The document is then sent to the recipient who decrypts it with their private key. Only the recipient has the private key which is necessary to decrypt the document, while anyone has access to the public key, but it can only be used to encrypt documents for that recipient. Anyone who has access to your public key can send you secure documents, even people you have never met. But nobody can use your public key to read encrypted documents sent to you because you alone hold the private key which is needed to decrypt the document.

Using PGP

After you download and install your copy of PGP you will need to set up your PGP key pair (your public and private keys). The “PGPkeys” program has a Key Generation Wizard that will walk you through the steps needed to create your key pair. You will need to enter your name, e-mail address, security level and password. PGP will even tell you the effectiveness of your password.

Feel free to distribute your public key to anyone you like, it allows them to send secure e-mail that only you can read. But remember to keep your private key to yourself and do not share it with anyone. It is the key to your secure communications.

Sending Encrypted E-Mail

Outlook, Outlook Express, and Eudora will have a PGP icon on their tool bar allowing you to easily encrypt your message.  After you compose your e-mail just click on the PGP icon. Your message will now look like a bunch of unintelligible text and numbers. If you don’t use an e-mail program that has plug-in support for PGP, here is another way to encrypt your message:

Load the “PGPtray” program. It will display a small lock icon in your system tray (the box on your Windows Start Bar that contains your clock). Compose the message you want to send and when you are finished, copy the text to the clipboard (ctrl + c). Then click on the PGPtray icon and select Clipboard and choose Encrypt. Select the recipient’s public key and the program will encrypt the text. To send this message, simply copy the encrypted message and paste it into your e-mail message text window and send it to the recipient in the normal manner.

When you open the encrypted e-mail, all you will see is some unintelligible text. If you are using Outlook, Outlook Express, or Eudora, click on PGP on your tool bar, then choose Decrypt/Verify. Enter your password to your private key to decrypt the e-mail and turn that unintelligible junk you just received into readable e-mail!

If you are not using e-mail with PGP support copy the encrypted text to the clipboard, and then click on the PGPtray icon. Choose Clipboard and select Decrypt & Verify. PGP will ask you for the password needed to use your private key to decrypt the e-mail then it will decrypt the e-mail and allow you to read it.

Now that you know how to encrypt and decrypt e-mails sent with PGP, how do you send and receive public keys so you can communicate with other people using PGP? There are several ways to do this.

You can send your public key to a PGP Public Key Server (an Internet depository of Public PGP Keys). PGP Public Key Servers make it very simple for others to obtain public keys and you avoid having to manually send out your public keys to everyone who asks.

Perhaps the most popular way to exchange PGP public keys is via e-mail. You can export and save your public key as a file. You can then send this file to the person and they can add your key to their key ring.

Now you can use PGP to encrypt and decrypt your e-mail messages. It is not that hard to do and once you have done it a few times it becomes second nature. Encryption not only insures the privacy of your e-mail, it also serves to positively identify the sender of correspondence you receive. You can pick up your free copy (for private non-commercial use) of PGP from the Massachusetts Institute of Technology at http://web.mit.edu/network/pgp.html.

LOMA : Tech Talk : Articles	[prev] | [next]