Tuesday, May 28, 2013

How to send and receive emails securely?

Believe it or not, the email you are using (gmail, hotmail,yahoo etc)  is absolutely insecure. "Well," you might say, "my password is pretty long and gmail is pretty secure, no? Whats there to fear?"
Plenty! Your account can get hacked, someone may be sniffing your traffic through MITM attack, or intelligence agencies might be snooping.
In this day and age, it is very difficult to keep one's data safe online. Our communications are often intercepted. So, how do we send email securely over the internet? By encrypting our email communications.
 There is an amazing encryption technology called PGP (Pretty Good Privacy). PGP is free, open source, unbreakable and hack proof.  PGP is an asymmetric encryption algorithm. It means there is a public and private key system to secure your information. Although PGP was developed in the year 1991 it did not gather much public support despite its awesomeness  This is mainly because PGP is not very user friendly and implementing it requires extra few steps, which is not very convenient. But now things have changed. PGP has become much more easier to implement and use. PGP can be used to send and receive secure emails.

Note: Although this secure from of communication can be used by anyone, I doubt you will use it for your day to day email exchanges. Nevertheless,  I highly recommend you use it.  It is a must if you are handling confidential data such as government documents, corporate information, tax and accounts information, personal information etc. This is probably the most secure form of online communication today.


So, how do we implement PGP in Gmail or Yahoo?

There is an excellent extension in Chrome and Firefox called Mailvelope.  It uses a Browser based PGP system. You need to install the extension in your browser, and the person to whom you want to send the email also needs to have the same extension installed.  After you install, you have to generate a Public and Private key pair for yourself. This is very easy as you just have to navigate through the menu. There is an entire, easy to follow tutorial on the website.

Once you are done generating the public-private key pair, you need to give your public key to anyone who wants to communicate with you.

Public key looks like this-


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v.1.20121015
Comment: http://openpgpjs.org

xo0EUI5G5QEEAI7NxVI17OibiyMTAYcLEdForPt/46+4RrUk/DMRNetAV4Ve
UJaFPRLuWcZjq8BFV01nzGQd3NG8CDO8qI37fVUXVGe03mP8f8DB2GP/cmu3
mOzlEpTa4WsaKTgdx8E00qJZ6v66NQVRbm/7JG8Psj/didl2cQHeGCGCYsx9
OrfLABEBAAHNF0pvaG4gRG9lIDxqb2huQGRvZS5vcmc+wpwEEAECABAFAlCO
RuYJEBLyB87MrGtYAADcQgP/dVVIIldGaeozWFAcM94+uMfdbY9tpOK/0kHE
MDL5WqlHj865VloAdtk+rlDZ0NnW2gc92zMGW+a13zYHkvN8oE6UtUsG4uaQ
GqSbqWF5pUQ+KK/fJ49NaH2p+nahdI9IpvmKowXaARKVY8QqBLzaXjGg3/VL
BI86am8qJEULisI=
=5VIW
-----END PGP PUBLIC KEY BLOCK-----

The public key contains the name and email address of the owner.  You can distribute your public key by email, your blog, or register yourself in a Key server. My key is here. Feel free to drop me an email! The public key is absolutely safe to distribute anywhere. When someone sends you an email using your public key, your private key will be used to decrypt the message. 
If you want to send someone a PGP email, get hold of their public key by copying the entire text and importing/pasting into Mailvelope. 

Once again, the settings and tutorial for setting up mailvelope can be found here. If you have any doubts, feel free to ask in the comment section.



0 comments:

Post a Comment