560 likes | 749 Views
Agenda. Why?Concept ReviewSoftwareEnigmailGnuPGWindows Privacy ToolsConfigurationPutting it all together. Why?. Email is clear textIn some situations you may want to ensure only the intended recipient can read your messageExample: Collaboration with a researcher in IsraelSender cannot be verifiedSpoofing or forging email sender is trivial, as shown in multiple recent virus outbreaks.Example: Beagle spoofs email from jekrous@lbl.gov.
E N D
1. E-Mail Encryption and Signing Jay Krous
Computer Protection Program
Lawrence Berkeley National Laboratory
2. Agenda
Why?
Concept Review
Software
Enigmail
GnuPG
Windows Privacy Tools
Configuration
Putting it all together
3. Why? Email is clear text
In some situations you may want to ensure only the intended recipient can read your message
Example: Collaboration with a researcher in Israel
Sender cannot be verified
Spoofing or forging email sender is trivial, as shown in multiple recent virus outbreaks.
Example: Beagle spoofs email from jekrous@lbl.gov
4. Disclaimer
Email encryption is not for everyone
Not the recommended configuration
5. Agenda
Why?
Concept Review
Software
Enigmail
GnuPG
Windows Privacy Tools
Configuration
Putting it all together
6. Concept Review Public / Private Key encryption
A key pair is created – public/private pair
Public key is made public. In other words, given to anyone who may want to send you an encrypted message.
Anyone wanting to send you a encrypted message, encrypts the message with your public key.
Only the private key can decrypt the message
7. Concept Review 2 http://www.gnupg.org/gph/en/manual/x195.html
“Public-key ciphers are based on one-way trapdoor functions. A one-way function is a function that is easy to compute, but the inverse is hard to compute.”
“All that is required is that some time before secret communication the sender gets a copy of the receiver's public key. “
8. Agenda
Why?
Concept Review
Software
Enigmail
GnuPG
Windows Privacy Tools
Configuration
Putting it all together
9. Software Enigmail
A Mozilla plug-in that facilitates and seamlessly integrates GnuPG into Mozilla
GnuPG
GnuPG is a complete and free replacement for PGP
Windows Privacy Tools
A Windows GUI into GnuPG. One useful function is to facilitate key management
10. Software Alternatives Enigmail
Windows,Linux, Mac OS X, FreeBSD, Solaris
EudoraGPG - plugin for Eudora
GPGOE Outlook Express MUA
GnuPG
PGP ($70)
GPGMail - for MAC OS X.
Windows Privacy Tools
KGpg - KDE frontend for GnuPG.
11. Software Alternatives http://www.gnupg.org/(en)/related_software/
12. Agenda
Why?
Concept Review
Software
Enigmail
GnuPG
Windows Privacy Tools
Configuration
Putting it all together
13. Installing Enigmail
http://enigmail.mozdev.org/download.html
Enigmail consists of two installation pieces enigmail and enigmime
Express Install
Direct install from your Mozilla browser
Download first, then install
Download, then open with Mozilla
14. Enigmail Express Install 1
15. Enigmail Express Install 2
16. Enigmail Express Install 3
17. Agenda
Why?
Concept Review
Software
Enigmail
GnuPG
Windows Privacy Tools
Configuration
Putting it all together
18. GnuPG – Gnu Privacy Guard
http://www.gnupg.org/
Not much to installing GnuPG, it’s just a zip file that needs to be extracted to c:\gnupg
19. GnuPG Install
20. GnuPG But we *are not* going to install GnuPG like the previous slide.
Instead, we will let Windows Privacy tools provide GnuPG for us!
21. Agenda
Why?
Concept Review
Software
Enigmail
GnuPG
Windows Privacy Tools
Configuration
Putting it all together
22. Windows Privacy Tools http://winpt.sourceforge.net/en/
WinPT Tray is a "Frontend" which allows access to the GnuPG encryption engine.
WinPT handles all of your key-management and key-server access needs.
WinPT Tray can be used as a universal plug-in for all email programs because it allows you to cut and paste from any email application, and encrypt the data while it resides in your clipboard.
23. Windows Privacy Tools Install 1
24. Windows Privacy Tools Install 2
25. Windows Privacy Tools Install 3 Cancel on the last screen, we don’t need to do any of this.
26. Windows Privacy Tools Install 4
27. Agenda
Why?
Concept Review
Software
Enigmail
GnuPG
Windows Privacy Tools
Configuration
Putting it all together
28. Enigmail to GnuPG glue 1
Enigmail needs to know where GnuPG lives!
In our case, since we let WinPT install GnuPG,
the default path will be:
C:\Program Files\Windows Privacy Tools\GnuPG\gpg.exe
29. Enigmail to GnuPG glue 2
30. Enigmail to GnuPG glue 3
31. Generate key 1
32. Generate key 2
33. Generate key 3
You could also import a existing OpenPGP compliant key you created previously
You can view the key with gpg from the command line or with Windows Privacy Tools key manager application.
34. Generate key 4
35. Generate key 5 Public Key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (MingW32)
mQGiBEE/8LwRBACkfpCdKYgBp97jFspo0nGP/03bfzvxdEEDgtFEP+iWwlU7me+9
D68oJdLFk8uxELI2TbKrbO9/SbMqhwrBNgGq4AhxqDsqohtseTJfOKQW2NE8qyd3
liyQSwsIuZ8fekB0Nu4xE25IF7ykH78xcQfj4ZkpN2JQD6ez0TEksVvzNwCgqvEH
K+NsCeAW/4woVM77gs1o1IcEAIbYFBDOhz6Q3RyldBS6B3qHe5FXmKk6A5qgz5iw
ayUj26wZJJ9KktcSvqYh5AdEpFz0wU5yatkd8jebqbxbmMM7F6GIwy+i/PIBtptu
e+ZpDoH86DDloE0kvWe+S4NZ/W279nNd2Mpul4wAoZNAO7GRHdlODD6mQQqLJW3m
hl5PA/91aLEd9RSt2NdIPpHqmG2usi7opPJnuK8O5eaadMAyrjFy1pGGlK+f8oSm
U59/VDV6f1SAI+oBE5woGO1P4dmRCyzjftjPT+9VX7OZNlyCi7Y+OlXFxqEBKq0q
B3o4vnOu6K/oU47z+zcopzDnTOVyzEQhld3hPGpOoOr4RfSexrQ0SmF5IEtyb3Vz
IChCZXJrZWxleSBMYWIgR251UEcga2V5KSA8amVrcm91c0BsYmwuZ292PohZBBMR
AgAZBQJBP/C8BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRB8YVSgp8Mh2GZdAJ46DH7N
0SHRvZSqvy8zTxLl701HDgCghdT6AxE5v38fPL5VLeZ0H4zcSTu5AQ0EQT/wvhAE
APjZLe6mw6Xt+WkvNoC4tlo+oxYGQhaCWpx7rDeLdN1tQ9I0P7LiFtLfia3Nae10
2xuFf8g//YFXjn54FA8CHV0k23gZaLRgadl19L4aLEG518IEqZnx8kUmAj1uzBPV
WeZDtxoNhW0UjAINxkdCvzJJBsmJaX4JVhp9lNcbzpJ/AAMFBADycQO33eDq+ab5
Eq6cOC4W+XDRqG8PAqH5GCafSGV8248xgBbfhGvrK7SAy/DoGae7j7qoCOA4oRKT
7pngv0N/IQhuPFTsaPM+jQrx3knXnaTRa0bx5Gda9hW+EK6fzjYoFHtHNaAUdi9i
EWjGjEf7D+qzsHuCnqB+VdwuxFIGFohGBBgRAgAGBQJBP/C+AAoJEHxhVKCnwyHY
9QEAn2sBz/Tqo0lh6YwUNSlIg8U2APcrAJ4zH9TsRMgsE+0LBbdLTCo+yK1DzQ==
=B7i+
-----END PGP PUBLIC KEY BLOCK-----
36. Get your public key out there 1
Send it to those that need it
Publish in email
Post on a webpage
www.lbl.gov/~jekrous/pgp.txt
Put on keyserver
http://keyserver.veridis.com/en/
37. Get your public key out there 2
38. Get your public key out there 3
39. Get your public key out there 4
40. Get your public key out there 5
41. Importing other peoples public keys In order to send encrypted messages to other people, you need their public key. We will look at two ways to import their public key.
Import using enigmail
Import using WinPT
42. Import with Enigmail 1
43. Import with Enigmail 2
44. Import with Enigmail 3
45. Import with WinPT
46. Agenda
Why?
Concept Review
Software
Enigmail
GnuPG
Windows Privacy Tools
Configuration
Putting it all together
47. Signing and Encrypting 1 Lets look at some examples of how to send a signed or encrypted message to someone
Signing – recipient can verify the message originated from you
Encrypted – only recipients with an appropriate private key can decrypt the message
48. Signing and Encrypting 1
49. Signing and Encrypting 2
50. Signing and Encrypting 3
51. Signing and Encrypting 4
52. Signing and Encrypting 5
53. Signing and Encrypting 6
54. Signing and Encrypting 7
55. Some common settings
Automatically decrypt – so you don’t have to manually decrypt each message
Encrypt to self – so you can see encrypted messages you send
Key Selection – display selection when necessary
Passphrase cache – set an appropriate time (60 minutes)
56. Reference GNU Privacy Handbook
http://www.gnupg.org/gph/en/manual.html
Enigmail website
http://enigmail.mozdev.org/download.html
Windows Privacy Tools
http://winpt.sourceforge.net/en/
LBNL Computer Protection Program
http://www.lbl.gov/ITSD/Security/
57. Questions?