Mail and communication security is a basic right of all citizens. Whatever country you live in, you should be assured that no one else has read your letter before it's delivered to you.

The constitutional right of privacy protects all written messages from the prying eyes of others. Similar rules apply to digital communication, although that's recently been put to test by revelations made by the likes of Edward Snowden, which leads us to believe that the intelligence community has little respect for this privacy.

The problem is that email messages pass through the Internet like postcards for everyone to read. To address this issue, in 1991, Phil Zimmermann, a Symantec employee, developed Pretty Good Privacy (PGP), a robust process for encrypting emails.

Over the years, PGP has become OpenPGP as an open standard, which the Free Software Foundation implements as GnuPG (GPG) for Linux. In this article, I will show you how GnuPG works and how you can set up the Thunderbird email client to protect yourself from eavesdropping.

How PGP Works

PGP is based on a public key infrastructure, which has its own implications. Anyone participating in the PGP system has a unique pair of digital keys – a private key that only they know, and a public key that all can see and which is passed on to the communication partner.

If Alice and Bob, owners of two PGP key pairs, want to communicate privately and encrypt their messages, they exchange public keys (the key IDs) offline so that they keys are not intercepted over the Internet.

Alice encrypts her email with Bob's public key. She also adds her private key to digitally sign the email, a kind of signature. Bob can open her mail only with his own private key. Bob has the assurance that the email actually comes from Alice, because only she can validate her signature with her private key.

Public and private keys are like locks and keys. When Alice encrypts the message with Bob's public key, it forms a lock that only Bob can open with his private key. Mallory, who intercepts the lock, sees only the lock and not its contents.

The infrastructure is based on the assumptions that the participants know each other, can verify their identities, and have exchanged key IDs. The more participants, the more secure the communication. Therefore, the network of GnuPG participants has been called the "Web of Trust."

A Rough Start

The algorithm behind GnuPG is highly complex, but that is not a problem for the end user. All you need is an email client such as Mozilla Thunderbird with the GnuPG Enigmail plugin. Of course, there are other mail clients that use GnuPG: KDE's KMail or Evolution from the Gnome desktop environment are also viable alternatives. The following example, however, is based on cross-platform combination of Thunderbird, Enigmail, and GPG.

You need to do a bit of GPG preparatory work before you start to encrypt your messages. First, you need a key pair of public and private keys, which requires you to have GPG installed. In Ubuntu, you may already have it but, if not, run the following:

$ sudo apt-get update
$ sudo apt-get install gnupg

And, you're done.

Private Key

GnuPG has several graphical front ends, although no single official program exists that provides the same interface for all operating systems and desktops. However, you can use the gpg program on the command line to generate key pairs for GnuPG.

I'll use this technique throughout to describe things as generically as possible. To create a key pair, you need to open a terminal window and use the --gen-key option, as follows:

$ gpg --gen-key

The default response to the question in the first dialog, DSA and RSA (default) , is normally the best one, so you just need to press Return (Figure 1). Next, enter the cryptographic length of the new GPG key, which literally defines the number of characters of the key. Basically, the longer the key, the longer it takes to crack it, so higher values provide better security.

Figure 1: Generating a GPG key first involves selecting a key type.

Critics might say that longer keys take longer to sign and encrypt the messages, but modern CPU powerhouses make the argument moot. Also, think in terms of the future; what is well encrypted today might be easy to crack tomorrow. Thus, a key length of 4096 bits is recommended (Figure 2).

Figure 2: A key length of 4096 bits might be safe for years.

The next dialog requests how long you want the key to be valid. At first glance, setting it to Infinity might seem like a good idea. Think, however, that at times it might be best to have the key expire automatically. If the private part of the key is lost and you don't have a handy certificate to revoke it (more on this later), the key would circulate indefinitely over the Net. With an expiration date, it would disappear automatically from the database. A safe bet is an expiration of 1y (one year). Using the private key you can always extend the key validity later on.

You next enter your personal data, your name and email address, and possible comments and aliases. You must then do the most important thing, which is to enter the passphrase that protects the key. The usual rules apply: not your wife's name, kid's birthday, or your pet's name. Combinations of thematically disparate words work the best in that they produce longer pass phrases. The example from "xkcd" comics [1] of correct horse battery stable is, therefore, a good one.

GPG then generates a new key. The algorithm uses a lot of entropy for random number generation. To get the best entropy, open a browser and watch a video or move the mouse around.

After a few minutes, GPG exits and the new GPG key is on your hard drive. Before you exit the terminal jot down the key ID. You'll find it on the line pub after 4096R/ ; in my case, it was 6001B852 (see Figure 3).

Figure 3: As soon as GPG has enough entropy, it generates the key on your hard drive.

To make it possible for others to send you email, load the public part of the key with the --send-keys option (Listing 1, first line) on a GPG key server. If you want a specific key server, add the option --keyserver (on the second line).

$ gpg --send-keys Key-ID
$ gpg --send-keys Key-ID --keyserver Key-Server

You can find a reliable key server at MIT at pgp.mit.edu . The key servers sync data at short intervals anyway, so using a particular server isn't really necessary.

Enigmail for Thunderbird

To use the newly created GPG key, get your Thunderbird email client ready by installing the Enigmail [2] GnuPG plugin. Either drag-and-drop the XPI file to the Addon Manager or download Enigmail directly from the extension manager, much like with Firefox (Figure 4). Some distributions also have Enigmail in their repositories.

Figure 4: You can get Enigmail for Thunderbird directly from the mail client's Addon Manager.

Enigmail is quite effective right out of the box and handles the GnuPG encryption more or less automatically. You can easily accept the default settings of the setup wizard. If you have a private GnuPG key, Enigmail assumes that it belongs to you.

You simply connect the entered GnuPG key with an existing Thunderbird identity. Open Edit | Account Settings from the menu and select the account used for the PGP. Pick OpenPGP Security and add a check mark to the Enable OpenPGP support (Enigmail) for this identity option.

You then determine in Message Composition Default Options whether you want mails in this account signed and/or encrypted. Alternatively, you can determine this for each message you send by clicking the Enigmail button (Figure 5).

Figure 5: Enigmail is active after being set up in Thunderbird and lets you determine with each message sent whether you want it encrypted.

GnuPG in Everyday Use

If friends and relatives want to send you encrypted emails, they only need to have your key ID. As soon as an encrypted message appears in your Thunderbird mailbox, Enigmail automatically takes care of the decryption by asking you for the password of your private key.

A similar process takes place when you want to send an encrypted message to someone. For Enigmail to select the proper public key associated with recipient for encryption, you organize it through a key server. On the command line, you do this again with the gpg command, this time with the option --recv-keys (Listing 2, first line).

$ gpg --recv-keys Key-ID
$ gpg --search-keys 'Max Mustermann'
$ gpg --search-keys email@max-mustermann.de

As an alternative, you can search for the name or email address of the recipient with the --search-keys option (Listing 2, lines 2 and 3). By entering the number returned by the search, you import the key.

If you want to add more addresses to the key or remove some, GPG provides the ability to edit the information in the key. On the command line, use the --edit-key option followed by the key ID (Listing 3, first line).

$ gpg --edit-key Key-ID
$ gpg --send-keys Key-ID

This step will open a command line within gpg. You can add a new address at this point with the adduid command. The subsequent steps are like those for creating the key.

At the end, you quit GnuPG with the save command (Figure 6). Remember to upload the current key again to the public key server so that third parties can get the update (Listing 3, line 2). Using deluid you can also remove an existing IP from the keychain. The help command provides help for various commands.

Figure 6: You can add further identities to an existing key with the adduid command.

Key Signing

In your work with GnuPG, you'll probably notice that the subject of trusted and untrusted keys comes up. In the latter category are all the keys you import, but have not signed yourself.

Before you sign a key for another person, you should always authenticate its identity – sometimes an official document or driver's license will do it. Then, you can sign the key as follows:

$ gpg --sign-key <Key-ID>

To enhance your key in the Web of Trust, you might consider visiting a so-called key-signing party. Linux and open source conferences like FOSDEM [3] often include such parties in their programs.

If there's any reason to believe your key has been compromised, you should revoke it as soon as you can. If someone were to steal your laptop or break into your house, the key would be considered compromised, if only because of the chance that someone else might have had access to it.

In such cases, it's recommended to have a revocation certificate handy, which you can create with the --gen-revoke option and the --output option to write it to a file (Listing 4). You should subsequently protect the revert.asc file so no one has access to it. A safe or safety deposit box would make good protected places.

$ gpg --gen-revoke Key-ID --output revcert.asc
$ gpg --import revert.asc
$ gpg --send-keys Key-ID

In case you are compromised, import the certificate with --import to the keychain and send it to a public key server. The key is then considered invalid and is removed from all key servers.

Evangelizing

The methods I have described here using GnuPG, Enigmail, and Thunderbird are not limited to Linux. Mac OS X allows you to encrypt your emails with this combination and the additional GPG tools for Mac OS X [4]. Windows provides the Gpg4win project [5] as a GnuPG implementation.

Thunderbird also has alternatives. For example, the Mac OS X mail client has a native GnuPG implementation with its GPG Suite plugin [6], and Windows also has workable GnuPG mail programs. The biggest hurdle isn't the technology but the willingness to embrace the email encryption concept.

My experience shows that a bit of evangelical work helps in spreading the GnuPG gospel. It has some concrete benefits: The better the PGP's Web of Trust works, the harder it is for third parties to spy on your emails.