Oct 08
8
Encrypt GMail To Protect Your Private Data
Installing the Software
First things first, you need a copy of GPG. Developed for Linux based systems initially (check your packages if you’re using a Linux system) but ports have been made, including GPG4Win for Windows. GPG4Win has a lot of extras included in the download, including Outlook 2003 integration (and Outlook 2007 too!), and GUI front-ends. The current version is dated 2007, but I can confirm it is in active development with the new version currently in Beta. Visit the site and hit the download button in the header to get the full copy (not the light one). When it’s finished downloading, run the install program.
Go next through the wizard until you hit the Choose Components screen. I installed everything, because it doesn’t take up a lot of space, and perhaps in the future you may have some use for some of the other stuff. Accept the rest of the defaults to install the program. Note though that it warns you before it starts the install that you will need things like Outlook to be closed, and explorer windows. Go ahead and do this, as Outlook can be problematic with installed addons if it’s running. If GPG4Win has problems installing any of the addons, you will be prompted to reboot the computer.
Creating your first “key-pair”
Navigate through the Start Menu and look for GnuPG for Windows. Select the GPA application (Gnu Privacy Assistant). The program may throw an error when you first start it, as you don’t have a default key pair yet. Once into the program, go to the Edit menu and select Preferences. Make sure the advanced mode is turned on (it will give as more power over the creation of our new key pair).
Now go to the Keys menu, and select New Key… The Algorithm is fine (really the only choice) but make sure the key size is set to 2048 bits. It gives you added security to ensure your key can never be hacked. It slows down the whole process slightly, but unless you’re using a Pentium MMX, you won’t notice the difference. Fill in your UserID, which is normally in the format of Firstname Lastname, and your email address. You can also add a comment to the key if you would like. Now select a passphrase to encrypt your key with.
It’s called a “passphrase” because “password” assumes a single word. The passphrase should be as complicated as you can make it, while still being easy enough to remember of course! This passphrase is only used to encrypt your private key. This makes sure it’s protected against theft – otherwise the thief would be able to read your intercepted messages. This is why it’s important to make it complex – this key is everything to the public key system. Next there is an expiration box that allows you to make the key only valid for a certain time – after which it cannot be used. It’s kind of like the self-destructing tape in Mission Impossible. This is an added security feature for the truly paranoid.
Clicking next will normally flash up a warning about your password, and then the generation process will begin. It can take a few minutes – not to bore you too much, but it’s because it’s looking for very large prime numbers to generate the key-pair. Once finished the keys will be visible in the pane below, which shows any key-pairs (two keys icon) or public keys (single key icon) that you will pick up from time to time. Remember this key-pair is the key to decrypting emails people send you (as long as they have a copy of your public key.) Because of this, I suggest making a backup of what are called the “keyrings”. There are two – the Public keyring, and the Secret (or private) keyring. I would suggest putting them on a USB stick – especially if you use multiple computers. So to export the keyrings, simply right-click your key-pair and select Backup. Choose a location and hit OK.
It’s at this point that you may choose to upload your new public key to one of the key servers located on the internet. All of the key servers talk to each other so all of them will get a copy of your key eventually. If you’re happy to send your public key, right click the key and select “Send Keys To Server…” – don’t worry the text is a little misleading – it won’t send both of them, just your public key.
You also might want to take a look at the “WinPT” program, available in the GPG folder on your Start Menu. It’s more of a grown-up version of the GPA, with a nicer interface.
Next page – Installing the Firefox Add-on