Did you people know that most emails are actually processed in the clear? No no, I don’t mean you can really intercept an email halfway and read it easily, especially if you are using SSL/TLS or STARTTLS to talk to your email server, but it more of the mail servers can see your messages in the clear. This means that the ISP’s or e-Mail service providers can actually read all your messages upon receiving it from another SMTP server.
There are 3 points where people considers a need for data protection. Storage, Transmit and Process. Each of them requires different methods of protection. So in the case of eMails, we actually need to protect all 3 of them.
So how do we go about it? Encryption. I don’t want to bore readers with much technical details, but the encryption is just merely messing up the message so that it could not be easily read or understood without the proper way to decrypting it. What’s interesting is that there are actually 2 different encryption methods and both are equally good.
The 1st one is S/MIME, this one requires 2 certificates signed from a CA each, and an authorized CA will work Trusted out of the box.While a self-signed one will usually have some trust warning issues. This one is rather easy. Get your certificate, install them and configure your favorite eMail client to use it for signing (ensuring integrity) or encryption (ensuring integrity and confidentiality). Do remember though, to use encryption, you need keys from both communicating parties (your own private key (usually the one u use to generate your own certificate) and the receiving party’s private key (usually his certificate itself)).
The other one is PGP or Pretty Good Privacy which I recently got myself interested in, as I haven’t really studied PGP nor worked on it before. Anyway, PGP doesn’t work in Outlook 2010. So I had to use my alternate eMail client Thunderbird. After the successful installation of Thunderbird, I added on enigmail which is the PGP add-on.
Following which depending whether you are on Linux or Windows, you need to generate your PGP keys. For windows you can download gpg4win as the PGP software, while most Linux OS have GnuPG built in. In windows, gpg4win has Kleopatra, a key manager. You could use Kleopatra to generate your PGP key , but I’m not sure why it’s limited to a 3K bit key.
As for linux, you can run
gpg --gen-key
and follow it’s instructions accordingly. 1 problem I faced is the problem with generating from terminal is the issue with entrophy. There is this issue with needing additional bytes, so you will really have to keep moving your mouse or run another process in the background to generate the key. This method allows you to generate a 4K bit key. For more information you can refer to the gnupg manual.
After generating the key, make sure Thunderbird can use the key that you had generated. After the successful installation of the addon – enigmail you should be able to see on the menu bar “OpenPGP”. If you are on windows, you have to open up OpenPGP’s preferences and pinpoint where is the gpg file, which in today’s case is actually gpg2.exe that is from the gpg4win that was installed earlier.
Then accordingly, you can select a relevant key to do the signing and encrypting of your messages so as to satisfy Confidentiality, Integrity, Authenticity and Non-repudiation.
Anyways, My PGP key 0xBF5CF327 is as follow, if you need to contact me privately. Alternatively you can get my key from keyserver.pgp.com, just search for my email [email protected].
Yap Yao Jun <[email protected]> Key ID: 0xBF5CF327 Key fingerprint: 548C 6DC2 E09D CF39 F2EE E56C 83C8 B967 BF5C F327