1 / 56

E-Mail Encryption and Signing

Agenda. Why?Concept ReviewSoftwareEnigmailGnuPGWindows Privacy ToolsConfigurationPutting it all together. Why?. Email is clear textIn some situations you may want to ensure only the intended recipient can read your messageExample: Collaboration with a researcher in IsraelSender cannot be verifiedSpoofing or forging email sender is trivial, as shown in multiple recent virus outbreaks.Example: Beagle spoofs email from jekrous@lbl.gov.

lala
Download Presentation

E-Mail Encryption and Signing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. E-Mail Encryption and Signing Jay Krous Computer Protection Program Lawrence Berkeley National Laboratory

    2. Agenda Why? Concept Review Software Enigmail GnuPG Windows Privacy Tools Configuration Putting it all together

    3. Why? Email is clear text In some situations you may want to ensure only the intended recipient can read your message Example: Collaboration with a researcher in Israel Sender cannot be verified Spoofing or forging email sender is trivial, as shown in multiple recent virus outbreaks. Example: Beagle spoofs email from jekrous@lbl.gov

    4. Disclaimer Email encryption is not for everyone Not the recommended configuration

    5. Agenda Why? Concept Review Software Enigmail GnuPG Windows Privacy Tools Configuration Putting it all together

    6. Concept Review Public / Private Key encryption A key pair is created – public/private pair Public key is made public. In other words, given to anyone who may want to send you an encrypted message. Anyone wanting to send you a encrypted message, encrypts the message with your public key. Only the private key can decrypt the message

    7. Concept Review 2 http://www.gnupg.org/gph/en/manual/x195.html “Public-key ciphers are based on one-way trapdoor functions. A one-way function is a function that is easy to compute, but the inverse is hard to compute.” “All that is required is that some time before secret communication the sender gets a copy of the receiver's public key. “

    8. Agenda Why? Concept Review Software Enigmail GnuPG Windows Privacy Tools Configuration Putting it all together

    9. Software Enigmail A Mozilla plug-in that facilitates and seamlessly integrates GnuPG into Mozilla GnuPG GnuPG is a complete and free replacement for PGP Windows Privacy Tools A Windows GUI into GnuPG. One useful function is to facilitate key management

    10. Software Alternatives Enigmail Windows,Linux, Mac OS X, FreeBSD, Solaris EudoraGPG - plugin for Eudora GPGOE Outlook Express MUA GnuPG PGP ($70) GPGMail - for MAC OS X. Windows Privacy Tools KGpg - KDE frontend for GnuPG.

    11. Software Alternatives http://www.gnupg.org/(en)/related_software/

    12. Agenda Why? Concept Review Software Enigmail GnuPG Windows Privacy Tools Configuration Putting it all together

    13. Installing Enigmail http://enigmail.mozdev.org/download.html Enigmail consists of two installation pieces enigmail and enigmime Express Install Direct install from your Mozilla browser Download first, then install Download, then open with Mozilla

    14. Enigmail Express Install 1

    15. Enigmail Express Install 2

    16. Enigmail Express Install 3

    17. Agenda Why? Concept Review Software Enigmail GnuPG Windows Privacy Tools Configuration Putting it all together

    18. GnuPG – Gnu Privacy Guard http://www.gnupg.org/ Not much to installing GnuPG, it’s just a zip file that needs to be extracted to c:\gnupg

    19. GnuPG Install

    20. GnuPG But we *are not* going to install GnuPG like the previous slide. Instead, we will let Windows Privacy tools provide GnuPG for us!

    21. Agenda Why? Concept Review Software Enigmail GnuPG Windows Privacy Tools Configuration Putting it all together

    22. Windows Privacy Tools http://winpt.sourceforge.net/en/ WinPT Tray is a "Frontend" which allows access to the GnuPG encryption engine. WinPT handles all of your key-management and key-server access needs. WinPT Tray can be used as a universal plug-in for all email programs because it allows you to cut and paste from any email application, and encrypt the data while it resides in your clipboard.

    23. Windows Privacy Tools Install 1

    24. Windows Privacy Tools Install 2

    25. Windows Privacy Tools Install 3 Cancel on the last screen, we don’t need to do any of this.

    26. Windows Privacy Tools Install 4

    27. Agenda Why? Concept Review Software Enigmail GnuPG Windows Privacy Tools Configuration Putting it all together

    28. Enigmail to GnuPG glue 1 Enigmail needs to know where GnuPG lives! In our case, since we let WinPT install GnuPG, the default path will be: C:\Program Files\Windows Privacy Tools\GnuPG\gpg.exe

    29. Enigmail to GnuPG glue 2

    30. Enigmail to GnuPG glue 3

    31. Generate key 1

    32. Generate key 2

    33. Generate key 3 You could also import a existing OpenPGP compliant key you created previously You can view the key with gpg from the command line or with Windows Privacy Tools key manager application.

    34. Generate key 4

    35. Generate key 5 Public Key -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.1 (MingW32) mQGiBEE/8LwRBACkfpCdKYgBp97jFspo0nGP/03bfzvxdEEDgtFEP+iWwlU7me+9 D68oJdLFk8uxELI2TbKrbO9/SbMqhwrBNgGq4AhxqDsqohtseTJfOKQW2NE8qyd3 liyQSwsIuZ8fekB0Nu4xE25IF7ykH78xcQfj4ZkpN2JQD6ez0TEksVvzNwCgqvEH K+NsCeAW/4woVM77gs1o1IcEAIbYFBDOhz6Q3RyldBS6B3qHe5FXmKk6A5qgz5iw ayUj26wZJJ9KktcSvqYh5AdEpFz0wU5yatkd8jebqbxbmMM7F6GIwy+i/PIBtptu e+ZpDoH86DDloE0kvWe+S4NZ/W279nNd2Mpul4wAoZNAO7GRHdlODD6mQQqLJW3m hl5PA/91aLEd9RSt2NdIPpHqmG2usi7opPJnuK8O5eaadMAyrjFy1pGGlK+f8oSm U59/VDV6f1SAI+oBE5woGO1P4dmRCyzjftjPT+9VX7OZNlyCi7Y+OlXFxqEBKq0q B3o4vnOu6K/oU47z+zcopzDnTOVyzEQhld3hPGpOoOr4RfSexrQ0SmF5IEtyb3Vz IChCZXJrZWxleSBMYWIgR251UEcga2V5KSA8amVrcm91c0BsYmwuZ292PohZBBMR AgAZBQJBP/C8BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRB8YVSgp8Mh2GZdAJ46DH7N 0SHRvZSqvy8zTxLl701HDgCghdT6AxE5v38fPL5VLeZ0H4zcSTu5AQ0EQT/wvhAE APjZLe6mw6Xt+WkvNoC4tlo+oxYGQhaCWpx7rDeLdN1tQ9I0P7LiFtLfia3Nae10 2xuFf8g//YFXjn54FA8CHV0k23gZaLRgadl19L4aLEG518IEqZnx8kUmAj1uzBPV WeZDtxoNhW0UjAINxkdCvzJJBsmJaX4JVhp9lNcbzpJ/AAMFBADycQO33eDq+ab5 Eq6cOC4W+XDRqG8PAqH5GCafSGV8248xgBbfhGvrK7SAy/DoGae7j7qoCOA4oRKT 7pngv0N/IQhuPFTsaPM+jQrx3knXnaTRa0bx5Gda9hW+EK6fzjYoFHtHNaAUdi9i EWjGjEf7D+qzsHuCnqB+VdwuxFIGFohGBBgRAgAGBQJBP/C+AAoJEHxhVKCnwyHY 9QEAn2sBz/Tqo0lh6YwUNSlIg8U2APcrAJ4zH9TsRMgsE+0LBbdLTCo+yK1DzQ== =B7i+ -----END PGP PUBLIC KEY BLOCK-----

    36. Get your public key out there 1 Send it to those that need it Publish in email Post on a webpage www.lbl.gov/~jekrous/pgp.txt Put on keyserver http://keyserver.veridis.com/en/

    37. Get your public key out there 2

    38. Get your public key out there 3

    39. Get your public key out there 4

    40. Get your public key out there 5

    41. Importing other peoples public keys In order to send encrypted messages to other people, you need their public key. We will look at two ways to import their public key. Import using enigmail Import using WinPT

    42. Import with Enigmail 1

    43. Import with Enigmail 2

    44. Import with Enigmail 3

    45. Import with WinPT

    46. Agenda Why? Concept Review Software Enigmail GnuPG Windows Privacy Tools Configuration Putting it all together

    47. Signing and Encrypting 1 Lets look at some examples of how to send a signed or encrypted message to someone Signing – recipient can verify the message originated from you Encrypted – only recipients with an appropriate private key can decrypt the message

    48. Signing and Encrypting 1

    49. Signing and Encrypting 2

    50. Signing and Encrypting 3

    51. Signing and Encrypting 4

    52. Signing and Encrypting 5

    53. Signing and Encrypting 6

    54. Signing and Encrypting 7

    55. Some common settings Automatically decrypt – so you don’t have to manually decrypt each message Encrypt to self – so you can see encrypted messages you send Key Selection – display selection when necessary Passphrase cache – set an appropriate time (60 minutes)

    56. Reference GNU Privacy Handbook http://www.gnupg.org/gph/en/manual.html Enigmail website http://enigmail.mozdev.org/download.html Windows Privacy Tools http://winpt.sourceforge.net/en/ LBNL Computer Protection Program http://www.lbl.gov/ITSD/Security/

    57. Questions?

More Related