- zenwolf -

Download this article as a self-extracting text file
View this article in printer-friendly plain-text format
E-mail this article to a friend

Security and privacy have always been important issues, but never more than today with the advent of computers and the extensive use of electronic communication. One of the biggest areas of potential violation of security and privacy is also the most commonly used: e-mail. E-mail provides us with fast and easy communication with much greater options than traditional communication, but the risks are greater as well. E-mailed file attachments are the biggest spreader of viruses, Trojans and worms. In addition, there is always the privacy issue of not knowing who has seen your e-mail, or even whom it really came from. E-mail can be easily intercepted by almost anyone who so desires by using packet sniffers and other tools readily obtainable on the Internet. So how do you protect your e-mail and keep it private?

Pretty Good Privacy (PGP)

A free (for non-commercial users) and easy solution is an encryption program called Pretty Good Privacy (PGP). PGP has many uses, but this article will focus on using it to secure e-mail in Windows based systems.

First, it is important to understand how encryption works. There are two basic forms of encryption: Conventional and Public Key.

Conventional encryption is also called secret key or symmetric key. To use it, the document is encrypted using a secret key and then sent to the recipient who decrypts it using the same secret key. The sender and recipient must have the same key and a suitably secure way to transfer the key from one to another. "One Time Pads", an extremely secure encryption system that is still used in a limited way by governments are an example of a Conventional encryption system.

Public key encryption works by encrypting the document with the public key of the recipient. The document is then sent to the recipient who decrypts it with their private key. Only the recipient has the private key which is necessary to decrypt the document, while anyone has access to the public key, but it can only be used to encrypt documents for that recipient. Thus anyone who has access to your public key can send you secure documents, even people you have never met. But nobody can use your public key to read encrypted documents sent to you because you and you alone hold the private key which is needed to decrypt the document.

PGP allows users to use public key encryption to easily encrypt and decrypt e-mail. PGP was first released as a DOS program and it was not very user friendly, but times change and now PGP is available in a user friendly environment, that with just a little time and effort will let you send and receive secure e-mail.

Using PGP

First you must install your copy of PGP. After installation you will need to set up your PGP Key pair (your public and private keys). You do this by going to Start/Programs/PGP/PGPkeys. This will launch the PGPkeys program. You will see a list of public keys that are included in the program, these are keys from people on the PGP and Network Associates team as well as the public key for Phil Zimmerman. To create our key set, click on the first icon on the task bar (it has a key in it). This will open the Key Generation Wizard which will walk you through the steps needed to create your key pair. You will need to enter your name and e-mail address so that people will know whom the key belongs to. Click Next, and you will come to the screen where you will need to choose the type of key you are going to make: either RSA or Diffie-Hellman/DSS. RSA was the old style, but most users now use the Diffie-Hellman/DSS style. I recommend using the Diffie-Hellman/DSS keys, as that is now the de facto default. Next you will need to choose the key size from 1024 to 4096 bits. The larger the key the safer is but the more time it takes to decrypt; an issue on some slower machines. I recommend choosing 2048, which is safe and doesn't take too much time to process. Click Next again and you will have to decide if you want your key pair to expire on a certain date in the future or if you don't want them to expire. Choosing a time for the key to expire is safer but for now I recommend just sticking with one that doesn't expire. After you have decided, click Next and you will choose your password. PGP has a little bar underneath that gives you an idea of how effective the password you choose is. After you decide on your password and enter it, click Next. Now PGP will generate your key pair (this could take a little time on older machines). When it is done click Next and it will give you the option to send your public key to a PGP Public Key Server (making the key available to anyone who might want to send you secure e-mail). Let's hold off on doing that for now. Click Next and you are done and will be back to PGPkeys.

With your key pair generated, you will see a your keys listed under the key section of the program. Remember to keep your Private key to yourself and do not share it with anyone…it is the key to your secure communications. But feel free to distribute your public key to anyone you like, it will allow them to send you secured e-mail that only you can read.