(public key) Email encryption – Why, about, and how

I’ve ranted a little in the past about how you should encrypt your information and how you could carry your information around on a USB stick. If you did that ,most everything you need would be with you at all times. Unfortunately, I have never dealt with the reasoning for all this 007-ish activity.

My uncle has said to me before, “Do you really think the NSA can’t crack PGP?” Perhaps he is right. Maybe the NSA or another spook organization can crack the encryption algorithms. So what? I’m not trying to keep them out of my email, I’m trying to keep the kid up the street with too much time on his hands from reading about how I leave my back door open at night. Now, I don’t really do that, but it is a good example of why you should encrypt your emails. I don’t want that kid coming by at night and coming in to make himself a sandwich or whatever. Therefore, I wouldn’t send that message on a postcard to my uncle, for when he gets into town late next week.

The same is true of email. When you send an email across the internet, it is in plain English for anyone to read. Also, any server that your email passes through may keep a copy of it for an unknown period of time. If the local dial-up company’s server got hacked, how many emails could someone flip through and read? Quite a few if they aren’t encrypted. How about if someone manages to infect your computer with a virus? If your email is encrypted, they can see garbled letters and symbols, but nothing else.

That about covers the “why” of encrypting your email.

About encrypting your email is a little more difficult to explain. I will try to explain what encryption does to your email in generalities. There is no need to go into detail unless you are a cryptologist. If you are, why are you reading this?

In its simplest form, encryption takes your message, scrambles it, and then sends it on to the recipient. The reality of encryption is much more detailed, but that is too deep for me or this article.

Public key encryption is a lot like having 400 keyed-alike locks, and sending them out to your friends, only in reverse. Imagine all of your friends locking their door, but you have the key and can get into their homes. You have the one key that unlocks all of those doors, and as long as you have that key, you can drop by anytime. You trust your friends not to change the lock, and they trust you with your key.

Public key encryption operates on the same principle. Your friends “lock” the email with the public key that they have for you. They send it to you, and only you can unlock the email with your “private key” that you control. It is that simple on the surface. You could dive a LOT deeper if you want, but I will leave it with that example.

Now, you may ask, how can this secure, crypto-magically safe email be mine? How much does it cost? In order, by doing very little clicking and typing, and the cost is free!

Yes, boys and girls, FREE!

I won’t try to explain step by step how to install and setup GPG encryption here. There have already been numerous articles written that explain how to set this up. I will provide links for you to get on your way to secure email below. If you get stuck at any point, please google to find help. You will get a plethora of results.

Mozilla’s Thunderbird – This is my preferred email client. GPG encryption is enabled by using the Enigmail plug-in. If you are familiar with Outlook Express, this is very similar.

Outlook – If you are stuck using Outlook at work or home, you are not completely left in the dark. I came across this step by step guide to setting up PGP in Outlook. It has pretty screen shots and everything. If you are feeling a little braver, you can try WinPT which is completely free. PGP is for-profit.

PGP – For those of you who are of the mind that security has to be paid for to be good, there is always PGP.