Charlotte linked a website for email encryption certificate generation (PGP) at the end of her post about Aaron Swartz. We talked a little about that and she asked me to write a short guest post on PGP. To get started, let’s talk about these topics (feel free to skip any of them if you know enough):
– Why encrypt?
– Modern encryption
– PGP (encryption for mail)
– How do I use it?
There are many reasons why people might want to use encryption. Here are some of the best:
1. You have a right to communicate privately (most countries have laws protecting the privacy of postal letters too, right?)
2. There have been extended periods in history when people have been under serious threat for belonging to one group or another (e.g. ethnic, religious, political, sexual, or occupational groups like journalists, hackers and activists). You might not live in a country where that is the case for you right now. But do you want all this data to be at hand if your country’s political situation changes?
Moreover, if the only people who use encryption belong to the aforementioned groups, encryption will be seen as a suspicious act of people who’ve “got something to hide”. There have been cases of people being killed by regimes just for using encryption (or other ‘suspicious’ communications). Making encryption mainstream protects those who are part of a disadvantaged group. And everyone else, too.
3. What about criminals? Are we protecting those too? Are we protecting criminals by locking our doors to random police searches? Crime is no reason not to encrypt! The police also need a warrant to search a house and cannot force you to give them the keys. And you shouldn’t hand the keys to them, even if you have “nothing to hide”. (The sex toys on your nightstand? Those too are perfectly legal, but none of their business)
4. Even if you think that your communication does not contain any dangerous information, think twice. There have been many cases where people have come under suspicion just for using the “wrong” words (even completely out of context). Maybe you’ve joked about bombs with a friend once. Or you’ve asked someone about gunshot wounds for a book you’re writing. And you should be free to do all of these things without worrying or censoring yourself!
5. Terror is no reason not to encrypt! Firstly, the secret services have enough information as it is, mostly it’s a matter of using this information to the right ends. If Snowden is to be believed, the NSA’s extensive spying programs are actually detrimental to national security, because the agency has no way of mining all the data they’re collecting. It just begins clogging up their desks until they don’t even know what they have.
Never let terrorism succeed in taking basic rights such as privacy from you! If you think about the direct impact terrorism has on your life you’ll probably find there isn’t any. The impact you get to feel is the indirect one: fear-mongering in the news, surveillance, states of emergency (I guess last year around the same amount of people died in Europe/North America from skiing accidents as did through terrorism).
(Exactly! We’re scared of the entirely wrong things. Are we afraid to get into cars or to handle toasters? Not really, no, even though the statistical likelihoods say we should. At the same time, if companies leak chemical waste into rivers and poison thousands of people, it’s labelled an accident. What if terrorists leaked chemical waste? Scary now?
Terror has long been the perfect front to justify surveillance states. Cory Doctorow’s novel Little Brother explores how a terrorist attack can be exploited by authorities to limit people’s privacy under the guise of security. The attack makes it possible to call out a state of emergency and ultimately leads to the creation of a totalitarian surveillance state serving its own agenda. This is pretty much what happened after 9/11.)
There are many schemes around to protect your data from a third party spying on you. Most historic schemes work in a symmetric fashion: the encryption does the exact opposite of the decryption.
An example of classic encryption – Caesar
In the simplest case of Caesar our key is a number, e.g. three. To encrypt we shift each letter of the sentence three letters in the alphabet:
To get the message back, we simply shift the same amount of letters backwards.
(If you want an easy way to work with this method, you can make yourself a little crypto-wheel:
The word ‘Hello’ would now read “KHOOR”.)
These symmetric schemes have one major flaw: both parties need to know the mechanism and both parties need to know the key. The spy can’t know any of this. It’s already hard to ensure this, but with the rise of fast computers most of these schemes can easily be broken, even if the spy does not have mechanism or key (e.g. by automatically testing out a lot of possibilities and using the fact that certain letters are being used more often).
How to break Caesar
Every letter is associated with one fixed other letter. In our example above, every A is a D, every E an H and so forth. In most (I guess actually all) languages some letters are being used more often (e.g. vowels) and others are used less often. If we have a longer text, we can just count letters. The letter with the highest occurrence will be a vowel.
We can of course devise more and more complicated symmetric encryption schemes, e.g. the enigma encryption machine in WWII, but in that case we can still search for patterns (e.g. the Nazis always wrote “Heil Hitler” as their first word). If you send an email or request a website, every one of these start with some general information (who is sending the mail to whom, when, etc) which is called meta information or header. This pattern would be a great starting point for someone to break a symmetric encryption.
So how can you still safely do internet banking?
Public and Private Keys
Fortunately some clever mathematicians have come up with a clever way to do it. Since explaining the maths would takes a few pages, I’ll explain it in metaphors.
Basically, I prepare a safe deposit box and leave it unlocked, but keep the key to open it. Then I send that box and the open lock to you. You put your secret in there and close the lock. Not even you can get your secrets out now – but I can, since I kept the key. The nice thing is that I can hand out these locks (they are called ‘public keys’) to everyone, and I only need to keep the key (called ‘private key’) secret. Of course you can also prepare such a box for yourself (e.g. if you use an encrypted drive).
(Of course, these keys aren’t really keys or locks but large generated numbers)
It turns out that we can actually do some more things other than encrypt with this scheme:
If someone has our public key (e.g. the bank) and we have the private key (e.g. on the chip of our bank card), the bank can encode a number, which we can decode using our key. Now the bank knows that we are who we claim to be (or at least have access to the private key/bank card).
We can sign a message, meaning that with some tricks the other party can check if anybody modified the message in between.
If you are interested (it’s really awesome maths), you can check out these explanations (German: http://aypac.de/Dateien/RSA-Verschluesselung.pdf, English: http://doctrina.org/How-RSA-Works-With-Examples.html). Fair warning: it’ll also take an afternoon and can be rather dry at times.
(Luckily, a lot of instant messaging services encrypt your messages for you, so you don’t need to worry about sending everyone your public key separately. Have a look at the EFF’s Secure Messaging Scorecard to see whether your messaging service uses encryption: https://www.eff.org/de/node/82654 Unfortunately, e-mails are another matter.)
PGP (encryption for mail)
Mails are often compared to postcards – by default they are not encrypted at all. When you send your mail, it travels through WiFi (where it might be intercepted by a bystander), goes through the router (where the owner of the router can intercept it), then is processed by your ISP (Internet Service Provider, who can read it or allow secret services to read it), then is forwarded from one server to the next (often crossing country border in the process, where again secret services and providers have access) until it finally ends up with your email provider who stores the mail for you (and can be forced by law enforcement to grant access, even if you are living in a different country from your mail provider). More or less anyone who is interested can read your mails.
This is what PGP is for.
It basically uses the encryption scheme described in the previous chapter. Unfortunately it also makes things a little more complicated. Why? To encrypt, you will need software. That software needs to run on your device, to be sure that no one else can gain access to your private key (the code to the safe). This means you can’t simply use a regular website to check you mail, but you need a piece of software, a so called mail client (e.g. Microsoft Outlook, Thunderbird, Opera Mail, but also think of your mobile phone) to read your mail, and this mail client needs to be able to do the encryption for you. Most have plugins or add-ons able do that for you.
The mails will not be plain text any more – this means that the person on the other side also needs a similar setup – you can only send encrypted mails with other people using PGP! And you need to exchange your public keys (the save deposit locks) once. You can either do that via mail or you can use a key server (a server that keeps the public keys for you).
Okay, let us talk a little more about the private key. The private key is a small file, that is itself again (optionally) password protected. This is the password you have to enter when using PGP. If you lose your key (the file or the password to it), you can’t read old encrypted messages anymore, you need to tell everyone to delete the old public key, generate a new one and give everyone the new public key. This is why you need to keep a backup of your keys (public & private) somewhere. That somewhere should be offline and/or well protected. If you must, use Dropbox (or better, Owncloud) but it’s better to burn it on CD, an (old crappy) USB stick or that back-up hard-drive you have and keep it somewhere safe.
You might switch computers one day, or use several different devices. In that case you need to import that key into each of the installations – you cannot create and use different keys on each device!
Lastly, we have revocation keys. They are basically again a small key to tell everyone to not use your public key anymore if you lost (control of) your private key.
How do I set up PGP?
Now, that you have understood the basics of the theory, you should be able to understand what the different steps and files are for. Software is a changing thing, so rather than giving precise instructions here, I’d rather stick with a general outline of the steps and rely on you using your favorite search engine [https://www.ecosia.org] to find concrete instructions for your operating system and email client.
1.) Decide on, install and setup mail client (if you haven’t already)
2.) Download PGP add-on/plugin for your mail client (if it doesn’t come with PGP capability)
Enigmail for Thunderbird: https://addons.mozilla.org/en-GB/thunderbird/addon/enigmail
3.) Set up PGP client. Create Public and private key(s)
Thunderbird with Enigmail: https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages
4.) Export and backup private key(s) and revocation key(s)
5.) Search key servers or ask your friends for their public keys
Thunderbird with Enigmail: Menu→ Enigmail→Key Management→Keyserver→Find keys for all contacts→Continue→Yes→Select contacts→Ok
6.) Distribute your public key
Thunderbird with Enigmail: https://enigmail.wiki/Key_Management#Distributing_your_public_key
7.) Repeat steps for other device, replacing the key generation with import and skipping backup
Thunderbird with Enigmail: https://enigmail.wiki/Key_Management#Importing_an_existing_key_pair
(Here’s a German explanation. Video! Cool.)
featured image: https://tinyurl.com/h65yh2n