Encrypting E-mail with GnuPG, Thunderbird and Enigmail

On Monday, 2 December 2013 I'm giving a presentation at KWLUG on Encrypting E-mail with GnuPG, Thunderbird and Enigmail which will be followed by a Formal Keysigning.

I'm using this page to develop my presentation notes. If you have comments, criticisms, or suggestions please put them on the Talk page.

--Bob.

Intro to Crypto

Why use Encrypted E-mail?

• Security
  • Your mail cannot be read by a Man In The Middle (MITM)
• Authenticity (Integrity)
  • Signed mail cannot be modified in transit, accidentally by mis-configured servers, or maliciously by MITM
• Non-repudiability
  • Signed mail can only come from the sender

Why NOT use Encrypted E-mail?

• Need the other party to use the same encryption
• Locked-in format
  • Lose your secret key, lose your mail
  • Need to keep revoked keys to read old mail
  • If your key is compromised, all your old mail is compromised (no forward secrecy)
• Non-repudiability
  • Politicians? CEOs?
• Rubber Hose Cryptography (or $5 Wrench Cryptography)
• It's hard!
  • and looks geeky...

Crypto Theory

Symmetric Key Encryption

• Substitution cipher, Caesar cipher
  • Key = -1
    • Encrypt: IBM -1> HAL
    • Decrypt: Khmtw Trdq Fqnto +1> Linux User Group
  • Key = 13 (ROT13)
    • Encrypt: Linux User Group +13> Yvahk Hfre Tebhc
    • Decrypt: Yvahk Hfre Tebhc +13> Linux User Group
• Need a secure way to share key

Public/Private Key Encryption

The Math

• Based on One-way function: Easy to do, hard to reverse
  • 59 x 61 = ????
    • 59 x 61 = 3599
  • 3551 = ?? x ??
    • 3551 = 53 x 67

The Practice

• Generate a keypair
  • Public Key, Private (Secret) Key
  • Anything encrypted by one key is decrypted by the other
    • Encrypt: Hello World +P> |-|3110 '//0|21|)
    • Decrypt: |-|3110 '//0|21|) +S> Hello World
    • Encrypt: Linux Is Cool +S> 1!/\/|_|>< !5 (001
    • Decrypt: 1!/\/|_|>< !5 (001 +P> Linux Is Cool

Demonstration

Install Enigmail

Use Wizard

Generate keypair