Saturday, October 13, 2012

Email Security

Email encryption and digital signature are ways to protect your emails from spying eyes and to make sure the recipient knows that you are the original sender of the email. Enigmail is an Add-on for the Mozilla Thunderbird mail client that allows you to send securely emails.
The term e-mail is a little misleading. When you send a mail trough the post you write something on a paper and put it into a sealed envelope, so the people handling your mail can't actually see what is inside. Now most people think that the e-mail is similar to this, however in reality its more like a postcard...When going trough the servers, basically anyone who knows how to, can read them. This is where Enigmail and OpenGPG appear and add a layer of security.

Digital signature 

Digital signature is the equivalent of a signature in the computer world. It helps to uniquely identify -in this case- the sender of the email. So if A and B are talking (assuming both of them have the software of course) and A sends an e-mail to B and signs it with his own signature, then B knows for sure that the e-mail came from A and it wasn't altered, the information can be trusted.
Digital signature doesn't prevent others from reading your message on its way, but it cannot be altered and the recipient can be sure that the e-mail comes from the right source. You can also sign e-mails and send to a person who doesn't have the software and they will still be able to read it.

Encryption 

Encryption is encryption. You encrypt the whole message making others unable to read it except for the person you have sent it to. This is considered as secure messaging and the contents of the email remain hidden from spying eyes.
The basics for the encryption used here is the use of encryption keys. So if A and B are e-mailing both of them have a key pair on their system, a private key and a public key.
  • Private key - Must be kept secret and protected from everyone. It is used to decrypt messages sent TO you.
  • Public key - You can share this key with friends and basically anyone. It is used BY OTHERS to send encrypted messages TO YOU.
So for starters A and B have to exchange their public keys, this will identify them and allow to send and receive encrypted e-mails. Here is how it goes briefly:
A takes the public key of B and uses it to encrypt the message and sends it to B. B then receives this message and decrypts it with his own private key. If this private key is secret, only B is able to read the message. Similarly when B replies he encrypts the message with A's public key and A can decrypt it with his own private key.

Step 1. Installing Enigmail for Thunderbird

There are two components to install: Enigmail, the Add-on for Thunderbird and GnuPG encryption software.
Enigmail can be simply downloaded from the Add-on tab of Thunderbird, it is very straightforward, but it uses GnuPG to work so without that it's useless.

  1. Open Mozilla Thunderbird
  2. Go to Tools/Options/Manage Add-Ons
  3. Search for "Enigmail" and download it

(If you can't seem to find it there, download from Mozdev and install, or you can upgrade to the latest Thunderbird version which should be able to find it)

That is Enigmail done.


Step 2. Installing GnuPG

First of all GnuPG depends on the following packages: libgpg-error, libgcrypt, libksba and libassuan.

Now these not installed by default with Ubuntu so if you have not installed them before you will have to do it now. The easiest way to do this is with the synaptic package manager (sudo apt-get install synaptic if you do not have it already). Simply search for each of the above packages and mark them for installation and install them all.

Go to gnupg.org and download GnuPG 2.0 which will come in a .tar.bz2 file. Extract this file and open up a terminal window, cd to the extracted folder and build GnuPG from source as you would do normally:
sudo ./configure
sudo make
sudo make install
If you are still missing a package and error message will warn you at the end of ./congfigure similar to this:
Instructions are straightforward, simply install missing packages and everything will go smoothly. After running make and make install (takes some time) you will get a confirmation of GnuPG installed:

Step 3. Check configuration

First of all Thunderbird and Enigmail need to be set up to use GnuPG, usually it is done by default, but do a manual check. Open Thunderbird and check the new OpenPGP menu point and select Properties and you will be presented the following window
All you have to make sure that the router to gpg is correct (usually it is), however if it is not, specify the correct router in the box below.

DONE.

You can either import you key files from another machine or if this is the first time using Enigmail and OpenGPG then you will need to create a new key pair. This is beyond the installation tutorial, but a step-by-step (quickstart) guide is available on enigmail.net

1 comment:

  1. Thanks for very useful information about secure email Add-on. Email actually is the not protected from hackers, therefore the security with digital signature and encryption are very important for those who like me needs security. I will try the Enigmail Add-on.

    ReplyDelete