Lock up your emails

The contents of an email can usually be seen on any machine it passes through. But it doesn’t have to be that way

When it comes to email and data encryption, one of the most well-known tools is PGP – Pretty Good Privacy.

Since version 9.0, Pretty Good Privacy has been a complete solution for data protection on the PC.

As well as encrypting and decrypting emails in Outlook, Outlook Express, Eudora and Entourage, it can also encrypt conversations in AOL’s Instant Messenger.

In addition, PGP can even encrypt entire hard disks to protect them from unauthorised access. The PGP Zip module also enables you to compress and encrypt files and directories. The current version, PGP Desktop Home 9.5, costs about £65 from the PGP online shop.

But you don’t need to spend money to protect your email. GNU Privacy Guard – or GnuPG – has proved itself to be one of the best open-source solutions. It integrates with most email clients to offer powerful encryption technology. If you can’t come to terms with the command-line version, there’s a complete bundle, gpg4win. The installer contains GnuPG and the Windows Privacy Tools (WinPT) key manager.

How it works
Encryption with GnuPG works according to a fairly simple principle, known as public key infrastructure (PKI). Every GnuPG user has a key pair that comprises a public key and a private key. Email and files that are encoded with the public key can only be decoded by using the private key.

The public keys are stored and correlated with email addresses centrally on a database held on a GnuPG key server. The private key is known only to its owner, and a password has to be entered every time it is used. In order to encrypt a message, you have to know the recipient’s public key by getting it from the key server.

Generating keys
Before that, you need to create your pair of keys. Start by clicking on GnuPG Key pair generation and enter your name, email address and password. The program uses this data to generate a public and a private key. You can make the public key available to other users by right-clicking on the WinPT icon in the system tray and choosing ‘Key management’ from the context menu.

In the window of the same name you will find the key that you have just created. Click on the entry and select ‘Send to key server’ from the context menu. Choose a server from the list and confirm your choice by clicking on Yes. The box on the next page shows how to use your GnuPG keys to encrypt email in some of the most popular mail clients.

A key can be used for more than just encrypting messages. Digitally signing an email is the only way to ensure that the recipient can be certain that the message really did come from the person who claims to have sent it.

To use a digital signature in Outlook for example, open the Security setting from Tools/Options/Security.

To generate the electronic signature, click on Request Digital ID. After doing this, you will be sent an email.

Follow the instructions in the email and to finish, click on Settings. The digital signature (ID) will be displayed.

Accept the certificate and activate the options ‘Append digital signature to message’ and ‘Send message as plain text’. The recipient of the email can now look at your certificate by clicking on the signature icon and identify you as the sender.

There are other uses for encryption; in future the Freenigma tool – see box on facing page – will be able to encrypt appointments and entries in Google Calendar. Like the Google webmail program, Freenigma uses Ajax technology to encode the personal contents in Google’s appointment planner.

And if this all sounds a bit too complicated for you, there are free commercial services out there that try to make the whole process painless. One we’ve tried that works very well is Ciphire Mail. It is available for Windows, Mac OS X and Linux clients and works with most email programs.

Secure instant messaging
Very often these days, people use instant messaging software to swap information. Most messaging software lets you use a plug-in to add encryption.

One solution for secure chat in MSN, Windows and Windows Live Messenger is Simp Lite. This program is free for private use; however, for use in a commercial environment the French manufacturer – Secway – insists that you use the paid-for version, Simp Pro. Encrypted connections between Simp Lite and Simp Pro are possible. The multiprotocol Trillian client is also supported for chat with AOL, ICQ and Yahoo users.

Simp Lite uses a 1,024-bit or 2,048-bit RSA key for encryption. If the program is installed on both users’ PCs, then the messaging clients perform the key exchange automatically. The program also enables conversations over unencrypted connections, if one of the users does not have Simp Lite (or Pro) installed.

Alternatively you could simply switch to the Jabber network and protocol. The Jabber Open Source Project has created a communications platform with interfaces to other instant messaging systems. The Jabber protocol allows for SSL encryption of messages. This task is undertaken by the Jabber servers, so that the messaging client doesn’t have to worry about implementing security.

For secure communication between employees and customers, companies can use software from www.jabber.org to set up their own Jabber server. You can then have confidential chats in a closed user group.

Setting up PGP encryption in popular email clients
OutlookTo use encryption in Outlook, you’ll need the English version of the free GnuPG plug-in from G Data. Install it and restart Outlook.

When you receive an encrypted message, you have to type your password to open the mail.

To send an encrypted message, you need to have the recipient’s public key in your keyring.

You can import this by copying and pasting the PGP Public Key Block from your correspondent’s email signature into a text file. The block begins with

—-BEGIN PGP PUBLIC KEY BLOCK——-

and ends with

—-END PGP PUBLIC KEY BLOCK——-

Save the start and end markings and everything between them to a text file and then import that file into WinPT’s Key management. You can access this function by choosing Open and then Import to keyring. Write an email and click on theplug-in icon to activate encryption.

Outlook Express
To encrypt email in Outlook Express using GnuPG, you need the GPGOE plug-in. First of all, install GnuPG. It’s very important not to change the installation path from the default. Next unpack the GPGOE archive to a folder of your choice. The link between GPGOE and GnuPG is created by a new registry entry, generated by double-clicking on the gnupg-w32.reg file. If GnuPG is installed in a different directory to C:\GnuPG, then you’ll have to alter the path in the reg file.

To encrypt a message you need to start the initgpgoe.exe file. It’s a good idea to create a desktop shortcut for this. The program displays an icon in the system tray to show that it’s ready for use. After starting Outlook Express, you’ll see a new Encrypt button in the compose window’s toolbar.

Mozilla Thunderbird
To set up the Enigmail plug-in, start Thunderbird and under Tools/Extensions open the XPI file that you downloaded. Restart Thunderbird and the menu bar will now have Enigmail option. Select Settings from this menu and under General enter the path to the file gpg.exe (this file will be in the GnuPG folder), and then close the window.To send an encrypted message to a recipient with a public key, click on Compose. The mail editor window will have a button labelled OpenPGP. Click on this to encrypt both the message and attachments.

Gmail, MSN Hotmail and Yahoo Webmail
If you use Firefox, you can use Freenigma to protect your Google, Microsoft and Yahoo Webmail boxes. The encryption technology used is GnuPG but a local installation isn’t required. Freenigma is still in beta and before using it you have to register. Freenigma users can swap encrypted emails via the Firefox plug-in.

When you log into one of the supported webmail services, the plug-in brings up a toolbar on screen. You can compose messages to other Freenigma users as normal and encrypt them by clicking on Encrypt. To decrypt incoming messages click on Decrypt and enter your Freenigma password; you can then read the message in the webmail screen.