Introduction: Encrypt Your Gmail Email!
If you want to be sure that your email can be read by no one but you, then it needs to be encrypted. You'd be surprised to find out who might want to read your email. I was.
One of the best encryption systems is called GPG encryption which is an open-source version of PGP encryption. PGP stand for Pretty Good Privacy and is actually an understatement made by a programmer who didn't want to be too optimistic about how secure it is. However, as it turns out, PGP is has actually proven itself to be extremely good. It's been around for many years, being maintained by the best coders in the world and it hasn't been cracked.
In this Instructable, I'll walk you through the simple process of setting up GPG and then installing a Firefox plugin that will make it easy to encrypt your Gmail.
One of the best encryption systems is called GPG encryption which is an open-source version of PGP encryption. PGP stand for Pretty Good Privacy and is actually an understatement made by a programmer who didn't want to be too optimistic about how secure it is. However, as it turns out, PGP is has actually proven itself to be extremely good. It's been around for many years, being maintained by the best coders in the world and it hasn't been cracked.
In this Instructable, I'll walk you through the simple process of setting up GPG and then installing a Firefox plugin that will make it easy to encrypt your Gmail.
Step 1: How It Works
The principle behind GPG encryption is easy. Anyone who wants to play creates a public key and a private key. Your public key is the part of the encryption that you make public. Your private key is the part of the encryption that you never share with anyone under any circumstance.
The two keys work together so that you need both to decrypt anything. To send an encrypted message to someone you lock the message with their public key and when they get it, they can unlock it with their private key. If they want to respond, then they encode the message with your public key and you can read it with your private key.
Of course, this only works so long as you can trust that you have been given the right public key and that you know who you are talking to. One of doing this is by having a key signing party with your close friends. You all show up at a given location at a given time and exchange public keys. Then you have a list of trusted public keys with which you can communicate. This is often referred to as a web of trust.
The two keys work together so that you need both to decrypt anything. To send an encrypted message to someone you lock the message with their public key and when they get it, they can unlock it with their private key. If they want to respond, then they encode the message with your public key and you can read it with your private key.
Of course, this only works so long as you can trust that you have been given the right public key and that you know who you are talking to. One of doing this is by having a key signing party with your close friends. You all show up at a given location at a given time and exchange public keys. Then you have a list of trusted public keys with which you can communicate. This is often referred to as a web of trust.
Step 2: Install GPG on Your Operating System
Like I said before, getting your email protected is a two-step process. First, we have to get GPG installed on our operating system. Getting Gmail set up is on the next step.
I got GPG working on Mac OS X without too much trouble. I used the instructions and downloads at http://macgpg.sourceforge.net/ and summarized the process below. If you're on OS X, open that link in another window and get ready. For other operating systems, you can check the links on http://www.gnupg.org/download/.
Now, start downloading and installing! I've adapted the information from the Mac GPG FAQ, so you can also go there for more details. Here are the things I downloaded (you should got to the downloads page and get the latest):
First, open the DMG for GPG that you downloaded and run the installer. I just used all the defaults. This is the actual encryption engine that everything else runs on.
Once the installation is complete, open a Terminal window and type gpg, then hit [Return]. My installation gave me a "Go ahead and type your message ..." which I think means that GPG was up and running, so I ctrl-C'd out of that and closed the Terminal window.
Next, I installed GPG Preferences. That put a GPG icon in my System Preferences pane; I didn't change anything.
Finally, I installed GPG Keychain Access. This was easy: just unzip the ZIP file and drag the application into your Applications folder.
By the way, you can also do all of this from the command line. Here's a great tutorial for that.
Next up: Set up Gmail and start sending seeekrit messages!
I got GPG working on Mac OS X without too much trouble. I used the instructions and downloads at http://macgpg.sourceforge.net/ and summarized the process below. If you're on OS X, open that link in another window and get ready. For other operating systems, you can check the links on http://www.gnupg.org/download/.
Now, start downloading and installing! I've adapted the information from the Mac GPG FAQ, so you can also go there for more details. Here are the things I downloaded (you should got to the downloads page and get the latest):
First, open the DMG for GPG that you downloaded and run the installer. I just used all the defaults. This is the actual encryption engine that everything else runs on.
Once the installation is complete, open a Terminal window and type gpg, then hit [Return]. My installation gave me a "Go ahead and type your message ..." which I think means that GPG was up and running, so I ctrl-C'd out of that and closed the Terminal window.
Next, I installed GPG Preferences. That put a GPG icon in my System Preferences pane; I didn't change anything.
Finally, I installed GPG Keychain Access. This was easy: just unzip the ZIP file and drag the application into your Applications folder.
By the way, you can also do all of this from the command line. Here's a great tutorial for that.
Next up: Set up Gmail and start sending seeekrit messages!
Step 3: Generate Some Keys
Then, I ran the app and it had me generate my two keys (one public, one private). I typed in my secret passphrases which, of course, I will never tell anyone.
The last step with my keys was to select my public key and export it to a text file. Once you do this, you can attach it or copy and paste the contents into an e-mail to send to you PGP/GPG wielding friends.
The last step with my keys was to select my public key and export it to a text file. Once you do this, you can attach it or copy and paste the contents into an e-mail to send to you PGP/GPG wielding friends.
Attachments
Step 4: Open an Anonymous Gmail Account
Before you can encrypt anything, you need to make sure that you open a Gmail account that by no means can be traced back to you. This means that you have to be liberal about giving them your real name and address when you sign up. You should also always use a TOR server.
Step 5: Install FireGPG in Firefox
Once you have done all that you need to install FireGPG into Firefox. Go to this link and click the link to download it to your computer. From here it should coach you through the process.
Restart Firefox, and now you have new buttons in your compose view for encrypting and signing messages. Now you can discuss your nefarious plans in private!
Restart Firefox, and now you have new buttons in your compose view for encrypting and signing messages. Now you can discuss your nefarious plans in private!
Step 6: Encrypt Anything!
Encrypting your Gmail is just an example. Now that you have GPG installed, there are a whole bunch of programs you can use to encrypt and sign stuff. For example:
GPGDropThing - This is a simple program which lets you encrypt text to people whose public keys are on your keyring, and also allows you to decrypt messages that they have written. GPGDropThing is especially useful when writing encrypted mail to your friends as some clients don't have GPG support built in. So far only Apple Mail and Mulberry have GPG support. Your can encrypt text on your hard drive, this way, or even paste encrypted snippets into your IMs.
GPGMail - For encrypting your email going through Apple's Mail.app.
GPGDropThing - This is a simple program which lets you encrypt text to people whose public keys are on your keyring, and also allows you to decrypt messages that they have written. GPGDropThing is especially useful when writing encrypted mail to your friends as some clients don't have GPG support built in. So far only Apple Mail and Mulberry have GPG support. Your can encrypt text on your hard drive, this way, or even paste encrypted snippets into your IMs.
GPGMail - For encrypting your email going through Apple's Mail.app.