The European Union recommends that all private and business emails be encrypted.
The UK government recommends that all private and business emails be encrypted.
The European Union says this because their companies have already lost major contracts through intercepted email.
My university says they're scanning email.
The UK goverment just gave themselves extra powers to read email.
Australia, France, and many ISPs also have active spying programmes
Yet people email
me all the time, and don't even bother to encrypt it. Why?
How about, every email you send me, I display it on the website. That's about the level of privacy you're getting from plaintext email. Think about the last 3 emails you sent. Now think what problems it would cause you if they were visible to the whole world.
You're not just screwing with your own personal information, you're putting mine at risk too, every time you email me.
Go go pgpi.org and download the latest version of PGP.
It's available for your operating system, I already checked.
It has been peer-reviewed to check for security holes.
It's also completely free, in every sense of the word. It costs nothing to download, nor to use, nor to generate keys.
Generate a key. It's as simple as Ctrl-N in the windows version, and it'll take you through every step.
Your key has 2 parts: The public key is like a stack of stamped, addressed envelopes with your name on them. Look at my key here - import it into your keyring if you like. This is my "self-addressed envelope". If you encrypt a message with my key, then only I can read it. If I encrypt a message with your key, then only you can read it.
The private key is your super-letter-opener. It can open anything placed in one of those "self-addressed envelopes". It can decrypt anything encrypted with your public key. Keep it secret. It's password-protected, and PGP probably won't let you tell it to anyone even if you tried.
Test your key-pair. Send the public key to someone you know who uses encryption. Ask them to encrypt a message to you, and see if you can decrypt it correctly.
Once you have the "stack of self-addressed envelopes" (public key) then distribute it to anyone who might want to contact you. Publish it on your website. Put it on your email-signature. Publish it to a keyserver.
Whenever you send an email, try to get hold of the person's public key. It may be on their website, it may be on a keyserver, you may have to ask them for it. Once you have their public key, you may want to send a test message to check it's really theirs, or phone them to confirm its fingerprint (a short number to identify the key)
Compose your message
Copy it to clipboard
Go to PGP, and select "encrypt and sign clipboard".
Click on the public keys of the people you want to send the email to. Now, only they can open it. You may want to include yourself in this list, so that you can also open it.
You'll need to give the password of your private key. This is so you can digitally sign the message, so people will know that it came from you, and that it hasn't been modifed in transit. (choose "encrypt" not "encrypt and sign" if you don't want this)
The encrypted message is now in your clipboard. Paste it back into your email, replacing the plain-text version.
Send the email. Congratulations, you've got encryption working.
PGP International, the free, standard program
GPG, the open-source command-line version
PGP, the commercial product
Schneider's excellent crypto books
Other privacy/encryption links
If you're having any trouble configuring GPG for linux, you're welcome to email me - I just finally figured out how to make it work, and how to setup KMail to use it. (you need to specify a level of trust for each key or KMail refuses to use the key)
