Control Your Privacy: Start Encrypting Your Emails

Sending an email to another person is not as secure as one would think. When you send an email, your email does not travel directly to the computer of the person that expects the email; it needs to hop through a bunch of other mail and proxy servers until it reaches its destination. During all this hopping from server to server, your email content is visible to everyone that knows a little bit about sniffing the network, but more importantly, Internet companies and mail providers can read the content. Think of it as sending a postcard where everyone with access to the postal system (of your postbox) can read the content of the postcard.

A lot of people claim that they have nothing to hide, which I sympathize with, after all, we haven’t done anything wrong, so why should we hide things? However, that is not the point. The point is that you are having a private conversation with another person and sometimes you don’t want anybody else outside that conversation to know what you talked about. And that is your right to have that sort of privacy. The same goes for email and other digital means of communication, where only you and the destination should be reading the content of your email, not a telecom company, not someone sniffing the network, and definitely not your email provider. For the same reason that you do not give up your favorite social media password to anyone, no one should be able to access and read what is yours.

Taking a step further with the introduction of the GDPR law, Denmark is the first country that forces companies to encrypt all communications[1][2][3].

Email and Encryption

If encrypting communication is so important, why isn’t email automatically encrypted, by default?

That’s a very good question, and the answer lies in the history of the email itself. Email and the technical protocols that it relies on are (in a digital context) quite old. Back then, a lot of things weren’t encrypted or secure at all; people were just happy they worked in the first place, not imagining that thirty years from now, the infrastructure of the world would rely on it.

Just like HTTP (what is used to serve websites) received an encryption extension later (HTTPS), email can also be encrypted via an extension. Though, just in case, we have to put in a bit more effort to install the necessary tools, similar to how it is a bit more effort to put a letter into an envelope.

But before we can talk about encryption, we need to get a better understanding of how it works. Then, we will explain the difference between digitally signing and encrypting an email, and finally, we can provide a step-by-step guide on how to start easily signing and encrypting your emails (even on Gmail!).

Symmetric Encryption

While symmetric encryption is not directly involved in the process of encrypting email, it is helpful to understand what it is and then learn about asymmetric encryption.

So, what is the symmetry about? The encryption keys!

Imagine the encryption key to be just like a regular key that opens a lock. In symmetric encryption, the same key is used to encrypt and decrypt, or lock and unlock, a given thing.

You probably know this from hard drive encryption or using a password to (un-) lock a safe.

Asymmetric Encryption

If symmetric encryption uses one key for en- and decrypting, then asymmetric encryption uses two different keys for en- and decrypting. Where do the two keys come from? You generate them!

For asymmetric encryption, you need to generate a key pair. The keys in the pair are referred to as a public and private key; this is why it’s also called public-private-key encryption. This key pair fits together cryptographically perfectly. No other public key fits with your private key and vice versa.

You keep the private key on your computer where nobody else has access to it. The public key, on the other hand, can (and should!) be distributed to other people. Upload it to a keyserver or to your homepage, attach it to your own emails, etc.

Why do you need to distribute the public key? Because that is the key that other people need to talk to you. The other person uses your public key to encrypt an email and send it to you. You receive the email, and then, because only you have access to your private key on your computer and because only one private key can belong to the public key, you can decrypt that email and read it.

It is a pretty smart system that makes sure only the person the email is intended to can read it. The same system is also used in HTTPS, where the server and your browser exchange keys to encrypt and decrypt your internet traffic.

If you paid close attention, now you might have noticed that, in order to encrypt an email, the recipient already needs to have a key pair. But unfortunately, not a lot of people have it set up.

Is there anything else you can do if the person that you want to talk to does not have a key pair? Yes, there is, you can digitally sign an email. This method does not allow you to keep a conversation private, but it provides more trust in the integrity of the email author and not-tampered-with content.

As soon as you have your own key pair, you can start signing emails. Think of a digital signature as of a real signature under a letter, but instead of a pen, you sign it with your private key. Since only you have access to your private key on your computer, only you can create such a signature. A person who has your public key could then verify that signature because only your public key fits with your private key. This verifies your identity (or that of the key at least). I think you get the system now.

If the person who sends a message does not have a key pair, then the communication is not private and goes through the servers as plain text. One less powerful alternative to encrypting emails is digitally signing your emails. This guarantees that the person that receives the message can trust that you are who you claim to be, i.e., the message was sent from the address displayed and no one tampered with the content of the message.

If you understood this article so far, you are doing great. Now, for the same reason that you do not hold a master key that opens all doors, in asymmetric key encryption, you will need subkeys for different purposes. One subkey will be for encrypting messages, another for digitally signing messages, and one more subkey for authentication, e.g., authenticate to a server via ssh. This last one is optional, but I highly recommend to create it.

Let's continue with the step-by-step guide and help you keep your conversations private.

Step-by-Step Guide to Keep Your Privacy

Most of the steps have been collected from different guides [4][5][6] but we put them together under this guide and remove the cases that are not interesting.

1. Requirements

Most Linux distributions already have the GNU PG software tools installed by default. If your system does not have it, please type:

$ sudo apt-get install -y gnupg2 gnupg-agent

If you use OS X, then download and install the GPG Suite.

2. Create Your Key Pair

Generate your key pair by entering the command:

gpg --expert --full-gen-key

Next, select that you would like to create an RSA key, option 1, with key and subway sizes 4096 and select when the keys should expire; I selected after 5 years.

gpg (GnuPG/MacGPG2) 2.2.10; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (13) Existing key
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want for the subkey? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 5y
Key expires at Sat Dec  2 08:57:53 2023 CET
Is this correct? (y/N) y

Afterward, you need to build your identity, i.e., basically, you need to enter your real name, email address, and a comment (this last field is optional). After typing these, it will ask you to type the passphrase of your key.

GnuPG needs to construct a user ID to identify your key.

Real name: Kiko Fernandez-Reyes
Email address: kiko.fernandez@it.uu.se
Comment: Opensource.com example key gen
You selected this USER-ID:
    "Kiko Fernandez-Reyes (Opensource.com example key gen) <kiko.fernandez@it.uu.se>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

gpg: key 9875D74CCB07B287 marked as ultimately trusted
gpg: revocation certificate stored as '/Users/kikofernandezreyes/.gnupg/openpgp-revocs.d/79C7340807D02F0909FAA0E99875D74CCB07B287.rev'
public and secret key created and signed.

pub   rsa4096 2018-12-03 [SC] [expires: 2023-12-02]
      79C7340807D02F0909FAA0E99875D74CCB07B287
uid                      Kiko Fernandez-Reyes (Opensource.com example key gen) <kiko.fernandez@it.uu.se>
sub   rsa4096 2018-12-03 [E] [expires: 2023-12-02]

Finished! Your key has a key ID. In my example, we use 9875D74CCB07B287. Keep this key ID around as we still need to do some more steps.

So far, you created a master key with Signing and Certificate capabilities, indicated by the SC as shown here:

pub   rsa4096 2018-12-03 [SC] [expires: 2023-12-02]

And, we have a subkey for encrypting messages, marked as [E]:

sub   rsa4096 2018-12-03 [E] [expires: 2023-12-02]

So far, you would be able to digitally sign and encrypt messages.

To add SSH authentication capabilities, type:

gpg --expert --edit-key 9875D74CCB07B287

gpg (GnuPG/MacGPG2) 2.2.10; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   4  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: next trustdb check due at 2020-04-19
sec  rsa4096/9875D74CCB07B287
     created: 2018-12-03  expires: 2023-12-02  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa4096/A97872108A05292A
     created: 2018-12-03  expires: 2023-12-02  usage: E
[ultimate] (1). Kiko Fernandez-Reyes (Opensource.com example key gen) <kiko.fernandez@it.uu.se>

Next, type that you would like to add an authentication key by typing addkey and selecting option 8, which will set your own capabilities.

gpg> addkey
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (12) ECC (encrypt only)
  (13) Existing key
Your selection? 8

As you can see, the currently allowed options are Sign and Encrypt. Turn them off by typing S and then E. Afterwards, toggle on Authenticate by typing A and finish the process typing Q:

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? S

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? E

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions:

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? A

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Authenticate

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? Q

Now, set the keysize to 4096 and select the same expiration date as before — 5 years. You will need to type the password of your key after validating the process.

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 5y
Key expires at Sat Dec  2 09:11:41 2023 CET
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

sec  rsa4096/9875D74CCB07B287
     created: 2018-12-03  expires: 2023-12-02  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa4096/A97872108A05292A
     created: 2018-12-03  expires: 2023-12-02  usage: E
ssb  rsa4096/47CEEF9E329ECB6E
     created: 2018-12-03  expires: 2023-12-02  usage: A
[ultimate] (1). Kiko Fernandez-Reyes (Opensource.com example key gen) <kiko.fernandez@it.uu.se>

gpg> q
Save changes? (y/N) y

Congratulations! You have created a key pair that you can use to digitally sign, encrypt emails, and authenticate via ssh!

Set up Mailing Client

Thunderbird has an extension to easily sign and encrypt your emails. To start using it, download and install Thunderbird from https://www.thunderbird.net/. Next, follow the installation steps from Enigmail official documentation, which basically amount to:

1. Open Thunderbird and select Tools → Add-ons from the menu
2. Select Enigmail from Extensions, or click on Search and search for it. Once you’ve found it, click on Install.
3. Restart Thunderbird

The final step is to setup Enigmail to use your newly created key pair. Here, we provide basic steps but you can find more information in the Enigmail official documentation.

1. Open Thunderbird and select Enigmail → Setup Wizard from the menu
2. Choose the option that says that you prefer a standard configuration and click Continue:
3. Choose the newly generated key pair and click Continue.
4. You just finished, click Done.

To sign an email, enter the address of the person you want to write to and click on the pencil icon, which will light up. Continue by filling the title of the email and the body of the message and click on send. You may be asked to type your password before sending the email.

To encrypt an email, the first thing is to look to see if the person that you are writing has a key pair. If this person signs their emails, then you can immediately reply and Enigmail will automatically highlight the encrypting icon (the lock icon will light up). If you are writing to this person for the first time:

1. Click on Enigmail → Key Management from the menu
2. Click on Keyserver → Search for Keys
3. Type the email of the person and, once found, mark the checkbox and click OK.
4. The email has been added to your keyring and you can start a private conversation with that person.

If you followed this guide, please use the “Search For Keys” and find the co-author “kiko.fernandez@it.uu.se.” I have two keys, just add the one created in 2018-11-09. You are more than welcome to send me an email, let me know your thoughts, or simply say “Hi!” The good thing is that, whatever you tell me, it is only between you and me.