Everyone knows the problem. Certain U.S. government agencies seem to believe that the Internet is their own private property. They monitor and record anything going on, including World Wide Web traffic and any other traffic, including email. If you don't want them reading your private email, you must be proactive about it.
The solution is to encrypt emails. The most common encryption method involves something called public key encryption. This means that if you wish to send an encrypted email to someone, you obtain their public key and use that to do the encryption. They can then use their private key to decrypt the message so it can be read. A cryptographic digital signature can also be provided for the message, so the receiver can verify the message is really from you. You can obtain someone's public key either directly from the person or from a public key server.
If the message requires a reply, the receiver can obtain your public key and encrypt the reply with it. You can then decrypt the reply with your private key.
The program that does all this encryption and decryption is called GnuPG - Gnu Privacy Guard. It is an OpenPGP compliant command line program that does all the encryption and decryption work. This means that it can also work with messages sent by the original PGP (Pretty Good Privacy) email encryption program developed by Phil Zimmermann. Since GnuPG is command line only, several front ends have been developed to provide it with a graphical user interface. These front ends are limited to use with actual email clients. If you primarily use web-based email, such as gmail, yahoo, hotmail, etc. then you are out of luck. There doesn't appear to be any comparable system for web mail.
We will be discussing the use of one of these front ends called Enigmail. It is designed to be used with the Thunderbird and SeaMonkey email clients. It works with all operating systems supported by the email clients and GnuPG.
Before we attempt to install Enigmail, we have to determine if GnuPG is present on your Linux box. This is fairly easy to do. Open up a terminal and type
If GnuPG is installed on your computer, you should see something like this:
If it tells you that you have version 1.4 or higher, you are good to go. If it is an older version or is not installed, you will have to install GnuPG before installing Enigmail.
You must perform the following steps to install the Enigmail plug-in into Thunderbird.
A digital signature is a way to certify that a particular email has actually come directly from you. It also is used to time-stamp the email. If the email is modified in any way after it leaves you, the signature verification will fail.
A signature is created using your private key. The signature is then verified using your public key, so the recipient can verify the message actually came from you.
To use your signature, find a person that you know that also uses GnuPG. Compose a message to them, then select the OpenPGP | Sign Message to have Enigmail include your digital signature. When you click the Send button, the signature will be added to the email.
If you don't currently know anyone that can verify an email with a signature, try using Adele, the Friendly OpenPGP Email Robot, whose email address is firstname.lastname@example.org
IMPORTANT NOTE: Enigmail does not work very well with HTML email, so use plain text to compose your emails.
In order to send an encrypted email to someone, they need to have a public key that you can use to encrypt the email. Their public key needs to be available to you, so it should be on a public keyserver.
To find someone's public key, open the Key Manager. In that dialog, click on Keyserver | Search for keys. Enter the person's key ID in the search box. It should start with '0x' because the ID is hexadecimal. (Example: 0x26998C26) When you click on Ok, Enigmail will search the keyserver looking for the key you need. If it is found, it will be added to your local copy of keys.
Once you have your correspondent's public key, you are all set to send an encrypted email. Write the email as you normally would, entering their email address, the email subject and the text body. Before sending the email, click on the OpenPGP menu item and select “Encrypt”. Once that is done, click “Send”.
If the email address you entered is the same address that is in your local key list, the email will be sent. If there is a problem matching, you will be asked to manually select a key from your list.