Want really secure Gmail? Try GPG encryption
If you're a Gmail user spooked by Chinese cyber attacks on Google, here's a way to encrypt your e-mail. Be warned: better security comes at a cost.
Perhapshas made you skittish about just how private your own messages are on the Google e-mail service.
Well, if you want to take a significant step in keeping prying eyes away from your electronic correspondence, one good encryption technology that predates Google altogether is worth looking at. It's called public key encryption, and I'm sharing some instructions on how to get it working if you want try it.
Unfortunately, better security typically goes hand in hand with increased inconvenience. But some human rights activists who used Gmail right now likely wish they'd put up with a little hardship to help keep hackers at bay. I'm not going so far as to recommend you use e-mail encryption, but I think this is a good time to take a close look at it.
Specifically, I'll show here how to use a collection of free or open-source software packages: GPG, or GNU Privacy Guard, Mozilla Messaging's Thunderbird e-mail software, and its Enigmail plug-in. CNET Download.com also hosts Thunderbird for Windows and Mac and Enigmail for all platforms.
But first, some background about how it works.
Public key cryptography
Encryption scrambles messages so that only someone with a key (or a tremendous amount of computing horsepower, or knowledge of how to exploit an encryption weakness) can decode them. One form is called, curiously, public key encryption, and this is what GPG and Enigmail use.
Here's the quick version of how it works. You get a private key known only to yourself and a public key that's available for anyone else to use. The person you're corresponding with also has such a pair of keys. Although the public and private keys are mathematically related, you can't derive one from the other.
To send a private message, someone encrypts it with your public key; you then decrypt it with your private key. When it's time to reply, you encrypt your message with the recipient's public key and the recipient decodes it with his or her private key.
Messages in transit from one machine to another are a bunch of textual gobbledygook until decoded. If you're being cautious enough to encrypt your e-mail, you should be aware that there's still some information that leaks out to the outside world. The subject line isn't encrypted, and somebody might take interest in the identity of your active e-mail contacts and the timing and frequency of communications.
So how do you find out what your correspondent's public key is? You can either fetch the key firsthand from the correspondent, or you search for it on public computers on the Net called key servers--mine is stored at pool.sks-keyservers.net.
This form of encryption has another advantage: you can sign your e-mail electronically so the recipient knows it really is from you. This time the process works in reverse: you sign your e-mail with your private key, then your recipient verifies it's from you using your public key.
Weighed against the encryption advantages of privacy and message signing is the fact that you'll lose access to service you may like or depend on.
When you see an encrypted e-mail in the Web-based Gmail, it's gibberish. Google doesn't index it, so Gmail search doesn't work. And the strong points of cloud computing--reading your e-mail from your mobile phone, your friend's computer, a computer kiosk on the airport--isn't possible. You're once again anchored to your PC with the encryption software installed.
Another doozy is that the technology, while conceptually manageable in my opinion, quickly gets complicated. It's the kind of thing where you benefit from some hand-holding from your technologically sophisticated pal. Encryption is chiefly used by the expert crowd, so the documentation quickly gets technical, the options quickly go beyond most people's comprehension, and the help quickly can shift from Spartan manuals to grasping at straws on a search engine results page.
Given time and experience, intractable technology can be beaten into submission, though. The bigger problem with encrypted mail is convincing others to install the software and use it. Until then, you'll be like the proverbial owner of the world's single fax machine: nice technology, but there's nothing you can do with it until someone else gets one.
My personal hope is that encrypted e-mail will become more common and that wider use will encourage some flavor of it that will work more transparently with existing systems, perhaps through local plug-ins on a computer such as FireGPG, though there appears to be challenges getting it to work with Gmail.
Meanwhile, here's one collection of software that's available today for public key e-mail encryption.
Install the software
First, install Thunderbird e-mail software, if you haven't already. I recommend the new version 3.0, which is available for Windows, Mac OS X, and Linux. One particularly nice feature is that the software will ask you for your e-mail address and password on its first launch, and Gmail users will find the software automatically handles the tangle of configuration details that previously had to be manually set.
Next up is GPG, the command-line software that handles the actual encryption, decryption, and key management behind the scenes. Fetch the appropriate copy for your operating system from the "binaries" links at the GPG downloads page. Technophiles will like using this actual software from the command line, but don't worry--you don't have to.
Last is installing the Enigmail plug-in for Thunderbird. Fetch the appropriate version from the Enigmail download site and make a note of where you save the file.
Enigmail isn't the kind of file you double-click to install. Instead, go to Thunderbird, open the Tools menu and click Add-ons. In the lower-left corner of the dialog box that appears, click "Install..." When prompted for a location, point to where you saved the plug-in; the filename should be "enigmail-1.0-tb-win.xpi" or some other operating system-appropriate variation.
Set up the software
Next, it's time to get started. Enigmail offers useful instructions that generally are up to date, though they don't mention Thunderbird 3.0 and some other matters.
You'll likely get a setup Wizard from Enigmail, which is fine. My advice: set it to sign encrypted messages by default but not to encrypt messages by default unless you're confident you're going to use it a lot.
The first task is generate your public and private keys--your "keypair." Enigmail can handle this chore. In Thunderbird, click the OpenGPG menu, then the "Key Management" option. A new window will pop up with its own set of menus. Click the rightmost one, "Generate."
The default options are pretty good, though setting the key not to expire might be preferable for some people. That can be changed later, if you have second thoughts. For your passphrase, the usual password rules apply: the longer it is and the farther away from anything in a dictionary it is, the harder it is to crack.
Now comes the best part of the whole thing: helping out the random number generator while the keys are being generated. It doesn't take long, but doing something else while it happens--browsing a Web page or loading a word processing file, for example--creates events that actually inject a little helpful unpredictability into the algorithm. It's one of those wacky computer science moments.
Once the keys are generated, upload yours to a key server so your pals can find your key. It's easy: click the "Keyserver" menu, "Upload Public Keys," and go with the default pool.sks-keyservers.net server.
Try it out
Now it's time to get viral. You have to find somebody to experiment on. Go through your list of nerdy, security-minded, perhaps somewhat paranoid friends and start recruiting. A tinfoil hat isn't a prerequisite for using e-mail encryption, but there's a connection.
Once you've got a companion--or set up a second keypair with another e-mail account--start a new e-mail message and type in a subject line and some text. In the OpenPGP menu, select "sign message," "encrypt message," and if your message recipient is using Enigmail, "Use PGP/MIME for this message." (The latter option has some advantages, but isn't supported universally.)
When you send the message, you'll need to use your recipient's public key to encrypt the message and your own passphrase to sign the message with your private key.
When it's time to read, you'll need the public key of your correspondent to verify the signature and your own passphrase to decrypt it.
Sending and receiving is where those public key servers come in handy. Seek, and if ye don't find, ask your friend to e-mail you the public key.
There's a whole new world of encryption out there--the web of trust, key signing, fingerprints and such--that I won't get into here. I recommend a look at the Enigmail configuration manual and the Enigmail Handbook.
If you're a command-line nut, I recommend Brendan Kidwell's practical introduction and, with my usual reservations about the utter lack of informative examples, the GPG man page. History buffs can check the Wikipedia pages (the saga of Phil Zimmermann vs. the U.S. government concerning GPG's precursor, PGP, or Pretty Good Privacy, is particularly notable), and one 10th-anniversary GPG retrospective from founder Werner Koch.
In closing: backup your key
There is one last task you should attend to: export your keypair. Enigmail can handle this fine: In the search field, type your name until your key appears, click it to select it, then click "File" and "Export Keys to File."
This backup will be useful for decrypting your mail on a new computer, installing software from scratch, or otherwise managing the inevitable digital transitions in your life. But be warned: that private key is what somebody needs to crack your encryption, so don't leave it where somebody can find it.
I'm not convinced that GPG will rule the world. Indeed, I'm concerned that so much documentation I encountered for this article was written before Windows Vista arrived.
But I am convinced there are serious holes with our current security and privacy arrangements. A 2,048-bit encryption key won't thwart phishing scams or other social engineering attacks that appear to have been employed in the Google-China case, but it's a good place to start.
And using encryption sends a message to the technology world: perhaps it's time to start taking our security more seriously., even though it will tax their servers with more processing, which is a good start. Better security can be inconvenient and expensive, but don't forget to consider the drawbacks of poor security.