Tuesday, May 28, 2013

How to send and receive emails securely?

Believe it or not, the email you are using (gmail, hotmail,yahoo etc)  is absolutely insecure. "Well," you might say, "my password is pretty long and gmail is pretty secure, no? Whats there to fear?"
Plenty! Your account can get hacked, someone may be sniffing your traffic through MITM attack, or intelligence agencies might be snooping.
In this day and age, it is very difficult to keep one's data safe online. Our communications are often intercepted. So, how do we send email securely over the internet? By encrypting our email communications.
 There is an amazing encryption technology called PGP (Pretty Good Privacy). PGP is free, open source, unbreakable and hack proof.  PGP is an asymmetric encryption algorithm. It means there is a public and private key system to secure your information. Although PGP was developed in the year 1991 it did not gather much public support despite its awesomeness  This is mainly because PGP is not very user friendly and implementing it requires extra few steps, which is not very convenient. But now things have changed. PGP has become much more easier to implement and use. PGP can be used to send and receive secure emails.

Note: Although this secure from of communication can be used by anyone, I doubt you will use it for your day to day email exchanges. Nevertheless,  I highly recommend you use it.  It is a must if you are handling confidential data such as government documents, corporate information, tax and accounts information, personal information etc. This is probably the most secure form of online communication today.

So, how do we implement PGP in Gmail or Yahoo?

There is an excellent extension in Chrome and Firefox called Mailvelope.  It uses a Browser based PGP system. You need to install the extension in your browser, and the person to whom you want to send the email also needs to have the same extension installed.  After you install, you have to generate a Public and Private key pair for yourself. This is very easy as you just have to navigate through the menu. There is an entire, easy to follow tutorial on the website.

Once you are done generating the public-private key pair, you need to give your public key to anyone who wants to communicate with you.

Public key looks like this-

Version: OpenPGP.js v.1.20121015
Comment: http://openpgpjs.org


The public key contains the name and email address of the owner.  You can distribute your public key by email, your blog, or register yourself in a Key server. My key is here. Feel free to drop me an email! The public key is absolutely safe to distribute anywhere. When someone sends you an email using your public key, your private key will be used to decrypt the message. 
If you want to send someone a PGP email, get hold of their public key by copying the entire text and importing/pasting into Mailvelope. 

Once again, the settings and tutorial for setting up mailvelope can be found here. If you have any doubts, feel free to ask in the comment section.

1 comment:

  1. Hey there would you mind letting me know which hosting company
    you're utilizing? I've loaded your blog in 3 completely different internet
    browsers and I must say tthis blog loads a lot faster then most.
    Caan you suggest a good web hosting provider aat a honest
    price? Thanks a lot, I appreciate it!