Encrypting E-mail with GnuPG, Thunderbird and Enigmail

From SOBAC Wiki
Revision as of 18:48, 6 November 2013 by BobJonkman (talk | contribs) (Expand MITM first time, add ? for four-digit answer)
Jump to navigation Jump to search

On Monday, 2 December 2013 I'm giving a presentation at KWLUG on Encrypting E-mail with GnuPG, Thunderbird and Enigmail which will be followed by a Formal Keysigning with a keysigning party signing key and a keyring of all participants, and formal declarations and introductions like this: 

 Bob: "I'm Bob Jonkman, and my keyID is Delta Two Charlie Charlie Echo
       Five Echo Alpha"

 Andrew: "I've known Bob since the early days, and that's really him"

I'm using this page to develop my presentation notes. If you have comments, criticisms, or suggestions please put them on the Talk page.

--Bob.


Intro to Crypto

Why use Encrypted E-mail?

  • Security
    • Your mail cannot be read by a Man In The Middle (MITM)
  • Authenticity (Integrity)
    • Signed mail cannot be modified in transit, accidentally by mis-configured servers, or maliciously by MITM
  • Non-repudiability
    • Signed mail can only come from the sender

Why NOT use Encrypted E-mail?

  • Need the other party to use the same encryption
  • Locked-in format
    • Lose your secret key, lose your mail
    • Need to keep revoked keys to read old mail
    • If your key is compromised, all your old mail is compromised (no forward secrecy)
  • Non-repudiability
    • Politicians? CEOs?
  • Rubber Hose Cryptography
  • It's hard!
    • and looks geeky...

Crypto Theory

Symmetric Key Encryption

  • Substitution cipher, Caesar cipher
    • Key = -1
      • Encrypt: IBM -1> HAL
      • Decrypt: Khmtw Trdq Fqnto +1> Linux User Group
    • Key = 13 (ROT13)
      • Encrypt: Linux User Group +13> Yvahk Hfre Tebhc
      • Decrypt: Yvahk Hfre Tebhc +13> Linux User Group
  • Need a secure way to share key

Public/Private Key Encryption

The Math
  • Based on One-way function: Easy to do, hard to reverse
    • 59 x 61 = ????
      • 59 x 61 = 3599
    • 3551 = ?? x ??
      • 3551 = 53 x 67
The Practice
  • Generate a keypair
    • Public Key, Private (Secret) Key
    • Anything encrypted by one key is decrypted by the other
      • Encrypt: Hello World +P> |-|3110 '//0|21|)
      • Decrypt: |-|3110 '//0|21|) +S> Hello World
      • Encrypt: Linux Is Cool +S> 1!/\/|_|>< !5 (001
      • Decrypt: 1!/\/|_|>< !5 (001 +P> Linux Is Cool


Demonstration

Install Enigmail

Use Wizard

Generate keypair

Retrieved from "https://sobac.com/mediawiki/index.php?title=Encrypting_E-mail_with_GnuPG,_Thunderbird_and_Enigmail&oldid=148"