Anyone sending email unencrypted needs to be aware that everyone can intercept or tap into it. Thus, it's highly advisable to encrypt your communications. Two encryption methods have prevailed over the years, S/MIME and OpenPGP. Both are open standards that are constantly being monitored for vulnerabilities by security experts.

S/MIME, like the HTTPS protocol, is based on the name-checking of commercial certificates of Certification Authorities (CAs). It's used mainly in the corporate world, whereas OpenPGP is more prevalent in the private sector. This article focuses on the open source OpenPGP that the free software GnuPG [1] provides under Linux.

In this article, I'll provide some basic guidelines for encrypting your email and explains how to encrypt and decrypt messages with the common Linux mail clients KMail and Thunderbird. This scenario can also be used with other mail programs that support GnuPG. An important part of this process is ensuring that both senders and recipients are prepared to send and receive encrypted email traffic.

One-Way Street

Both encryption methods mentioned here rely on a combination of a publicly documented process and a key coding independent of the algorithm. The private key should never be publicly revealed. If it is, after a key change, you can at least continue to use the participating programs (GnuPG and the email client).

How do you secure the key against prying eyes? The answer: You can't. In the age of global telecommunication surveillance, this process definitely requires some personal responsibility. To deal with this, GnuPG uses asymmetric public key cryptography, with two keys that are mathematically linked – a public key for encryption and a secret one for decryption (Figure 1).

Figure 1: The public key encryption concept is like a padlock requiring different keys for opening and closing. The locking key (in green) can remain inserted but provides no method of entry. Only the owner of the private key (in red) can open the lock.

More important than mathematical details, however, is the public key cryptography's role in the encryption process. Anyone knowing the public key of the pair can encrypt messages so that they can be decrypted only via the corresponding private key. The latter secret key is normally known only to the recipient; thus, the sender himself can't even decrypt his own message to change it.

With OpenPGP, key servers handle the global availability of public keys. If you want to send an encrypted email to someone with a publicly available PGP key, you can just query one of the independently synchronized key servers for the recipient's email address.

Safety Net

The system, however, has a catch: Anyone can create and publish a key for any email address. If you encrypt an email with the wrong key, its owner can't decrypt it again, because his private key won't correspond to the public key you used.

Things get critical when an attacker uses a spoofed key to successfully intercept your email (Figure 2), because he also has the corresponding private key for decryption. After encrypting it, he can forward the message – even with changes made to its content – to the actual recipient encrypted with the authentic key pair. This so-called man-in-the-middle scenario can occur without the recipient's or sender's knowledge.

Figure 2: In a man-in-the-middle attack, an attacker can attach a spoofed public key (the green key bordered in black) while intercepting the message, along with a corresponding private key (the red key bordered in black), then send it encrypted with the authentic public key (in green) to the recipient. The recipient sees only the message encrypted with the authentic key.

OpenPGP provides two methods to ensure authentication of the two keys. Each PGP key has a fingerprint consisting of 10 four-digit hexadecimal numbers. Because spoofing a key with a number of that size is technically impossible, this process virtually ensures its authenticity.

Before sending security-critical emails, you should contact your recipient offline by telephone and compare the OpenPGP key fingerprints. It doesn't help any potential attacker to eavesdrop on your correspondence as long as he can't manipulate it. The key can then be considered trustworthy for any further messaging.

The second method for ensuring key authentication is to have it signed by a third party that vouches for its authenticity based on your OpenPGP key.

Because of potential signature falsification, however, the third-party method works only if you can authenticate it with the recipient's trusted fingerprint. The signature method technically guarantees only that certain fingerprints can't be generated to indicate possession of a specific private key.

Three-Step Process

Communicating an encrypted email via OpenPGP/GnuPG requires the following prerequisites for the sender as well as the recipient:

• Generating a key pair
• Exchanging public keys
• Importing the partner's public key in your keyring

As a Thunderbird user, you should install the Enigmail [2] extension via the add-on manager (Tools | Add-ons | Search add-ons). The menu list then includes the OpenPGP entry that controls all encryption and signing functions.

The PGP function is already built into KMail, and you get to it with Tools | Certificate management. Both programs provide a GUI for the console commands described as follows.

The gpg --gen-key command generates a new key pair. The program prompts for a key type and length, with the currently recommended values being RSA/RSA 2048-bit for compatibility and security reasons. Then, you need to set the key's validity period. Beginners should not use the default 0 = key does not expire value, because, once published, a forgotten private key value can no longer be retrieved from key servers.

Next, you need to enter the name, email address, an optional comment, and a password, which is required for use of the key. Keep in mind when entering the password that it can be more easily cracked than a 2048-bit RSA encrypted one.

The program then generates a secret key based on a 2048-bit random number sequence. To ensure attacker unpredictability when generating the secret key, GnuPG figures in external events, such as mouse movements and keyboard input, so the use of mouse and keyboard accelerates the process.

The key pair is generally available in less than a minute. GnuPG then adds the key pair to your keyring, which becomes available for Thunderbird, KMail, and all other mail programs that GnuPG uses for encryption.

Exported Goods

Check that your keyring actually contains the generated keys. The gpg --list-secret-keys or gpg -K command lists the private key, while gpg --list-keys or gpg -k lists the public key. To make the public key exchangeable, first export it to a local file, as follows:

$ gpg -a --export <ID> > my_pubkey.asc

The -a option specifies the ASCII format, making it easier to exchange via email. When a remote partner requests your PGP key, send it to her so that she's capable of sending you encrypted messages.

To allow others to send you encrypted mail without a key request, you can publish the key to a key server, as follows:

$ gpg --keyserver hkp://keys.gnupg.net --send-keys <id>

If you're wondering about hkp://, that's not a typo; it stands for the HTTP key server protocol. A number of key servers are available – the most popular of which even synchronize among themselves.

Closed Society

To send encrypted emails yourself, you can import the recipient's public key to your keyring, as follows:

$ gpg --import <key_file>.asc

The file extension doesn't matter. If you don't have the recipient's public key, you can search for it on a key server by using the following command:

$ gpg --keyserver hkp://keys.gnupg.net --search-keys "<name>|<email_address>"

To import the key, simply enter the resulting ID. If the software already recognizes the imported ID, use the following command to store it on your keyring:

$ gpg --keyserver hkp://keys.gnupg.net --recv-keys <id>

Keep in mind, as previous noted, that keys can be spoofed with incorrect email addresses and names. The gpg --fingerprint <id> command shows the fingerprint that you should compare via a tamper-proof communication with your encrypted email's recipient.

You can check the key signatures with the gpg --check-sigs <id> command (Figure 3), substituting the email address or name for the ID. By default, not all certifying keys are included in the keyring (marked in red in Figure 3). GnuPG considers any unaudited signatures as untrustworthy and ignores them. An exclamation point identifies a successfully verified credential.

Figure 3: The gpg --check-sigs command verifies the signatures for all known names in your personal keyring.

Trust and Identify

If you want to find the names of all signed individuals, use the gpg --list-sigs <id> command (with the ID identified in the second column of the output) and download the corresponding keys with the following command:

$ gpg --keyserver hkp://keys.gnupg.net --recv-keys <id>

The key fingerprint may also appear on the individual's homepage, which reduces forgery risks. Once you trust a particular key, you can open it with gpg --edit <id> to edit it. Then, you can personally sign it with the "local sign" (lsign) command or with sign. To publish your signature later, use the following command:

$ gpg --keyserver hkp://keys.gnupg.net --send-keys <id>

KMail displays a warning for an unsigned key, but the key can still be used after you confirm it. After installation, Thunderbird's Enigmail has the option Always trust keys in OpenPGP | Settings. Thus, it accepts any key by default. And this wasn't intended as an acceptable practice by GnuPG developers. You are recommended to disable this option, after which, the program refuses to consider any unsigned keys.

If you have a lot of mail contacts, signing all their keys can be annoying. To lessen the number of required signatures, OpenPGP provides the "Web of Trust" concept, whereby you can assign restricted or full trust to individuals on your keyring.

If one trustworthy and three partially trustworthy individuals publicly signed a key, then the key is automatically considered signed on your system.

You can set the trust level using gpg --edit <id> followed by trust at the GnuPG command prompt. The value 5 ("absolute trust") is normally set for your own keys only; values between 3 and 4 are normally set for closer acquaintances. The "no trust" value 2 is assigned to less reliable individuals.

Going for It

After signing and integrating the recipient's keys in your keyring, the next step is to configure the email client. In both Thunderbird and KMail, all you need to do is associate an identity with a secret key (Figure 4) that matches its email address. If Thunderbird finds just one matching private key in your keyring, it automatically selects it.

Figure 4: After GnuPG configuration, in both KMail (top) and Thunderbird (bottom), you can simply select a private key for each identity.

After this preparation, sending an encrypted email is a mouse-click away. In Thunderbird, select OpenPGP | Encrypt message; in KMail, select Options | Encrypt message. The email client then asks whether the public key selected based on the email address is the correct one. To unlock the keyring, enter the password of the private key associated with the particular identity.

Upon receiving an encrypted message, KMail decrypts it by default when you click Decrypt message. Thunderbird decrypts the email either unprompted or displays the source code of the OpenPGP encrypted message.

Clicking Decrypt shows the plaintext message after you enter the private key password. Obviously, the private key password is local to your computer only and is not sent to the mail server. Thus, you need to decrypt all emails again after restarting the program.

Thunderbird behaves differently depending on the message because of the two methods that GnuPG uses to embed the encrypted test in the message. The older approach writes the encrypted message text into the mail body ("Inline OpenPGP").

The newer one, OpenPGP/MIME, uses the MIME attachment method and creates the encrypted text as an attachment of type application/pgp-encrypted. Newer email programs don't provide such pgp-encrypted attachments as downloads; instead, they encrypt the included text and display it in the message window.

The benefit of MIME embedding is that encryption includes message attachments that are easier for mail programs to recognize. However, older or simpler programs may not be able to handle MIME types.

In KMail, you can select Options | Message encryption format between Inline-OpenPGP and OpenPGP/MIME. The Thunderbird option is OpenPGP | Use PGP/MIME.

Preventing Key Loss

Losing a private key prevents access to any previously encrypted messages. Therefore, a secure key backup on external media is essential.

The easiest way is to save to the secring.gpg file in the ~/.gnupg directory. Copying the file to the same directory of any Linux installation ensures that the private keys remain accessible. To export private keys, use the following command:

$ gpg --export-secret-keys -a > <MySecretKeys.sec>

To import the keys, use the command gpg --import MySecretKeys.sec. Conversely, to remove compromised or no longer sufficiently secure keys from your keyring, you can create a so-called certificate revocation, as follows:

$ gpg --gen-revoke <id> > revoke.asc

Next, you can import the revocation to your keyring using gpg --import revoke.asc and then import the revoke key to the key server via the following command:

$ gpg --keyserver hkp://keys.gnupg.net --send-keys <id>

The revoked key should already be present in case of a compromised published key and should never fall into the wrong hands.

Conclusion

You don't drape curtains on your street-facing windows to conceal crimes. You do so to have some privacy. Thanks to Edward Snowden's courageous revelations, it's become clear that any (and maybe all) email messages can be compromised at strategic points of the Internet, so email encryption is a necessity if you want to maintain your privacy.

Complaints that email encryption is too cumbersome can be countered with the argument that configuring GnuPG takes less work than installing curtain rods. Those not console-savvy can use graphical tools for Thunderbird or KMail instead of the command-line instructions presented in this article.