In this Workshop we’ll look at how anyone can use the Thunderbird email program to protect their privacy in three steps by downloading the encryption program, installing Thunderbird and then installing a little add-on program that makes them work together.
Before starting out, bear in mind that encryption like this only works if both sender and receiver have installed and set up the required software, so you may find it helpful to pass this Workshop to those you correspond with regularly.
Begin by downloading the GNU Privacy Guard by clicking the link above. Ignore any security warnings and click the Save button and then choose a download location for the software and click Save again. Double-click the new icon on the Windows Desktop to install the software and if Windows displays a security warning, just click Run. Then follow the defaults to install the software. If you’d prefer to locate it manually, got to www.gnupg.org. Click the Binaries link on the left-hand side to skip down to the relevant part of the page. Find the link labelled ‘GnuPG 1.4.9 compiled for Microsoft Windows’ and, to start the download, click the FTP link to the right of this label.
Accept all of the defaults and click Finish to conclude the installation. Next, install the Thunderbird email program, a free alternative to Outlook Express. Load your web browser again and go to www.mozillamessaging.com/thunderbird. Click the download button, ignore any security warnings and download the program to the Desktop. Once it’s there, double-click the icon and follow the prompts to install Thunderbird, accepting all of the defaults and then clicking the Finish button at the end.
Thunderbird offers to import your settings from Outlook Express. We don’t need to for our purposes, so we’ve selected ‘Don’t import anything’ and clicked Next. At the Account Wizard screen we’re going to set up a Google Mail (Gmail) account if you create another kind of email account the process will be slightly different, though the principles will be the same. Click Next. Enter the details of the email account (get these from your provider) and click Next again. Finally, click Finish to open the account and download your emails.
If the email account needs a password, type it in and click OK. Then click OK again. Now we’ve got the encryption software and the email program next we need an add-on called Enigmail to make them work together, so switch back to your web browser and go to www.snipca.com/X36. At the site, choose Windows as the operating system and select the correct version of Thunderbird (ours is version 2.0). Right-click on the download link and choose Save Target As from the menu that is displayed.
Download Enigmail to the Desktop and once it’s there, switch back to Thunderbird and then click on the Tools menu and choose Add-ons. When the Add-ons dialogue box opens, click the Install button at the bottom left. Use Windows’ file commands to navigate to where Enigmail was downloaded, select it and then click Open. Back at Thunderbird, the Software Installation dialogue box will appear. Click the Install Now button to add Enigmail to Thunderbird. Finally, click the Restart Thunderbird button to finish the installation.
When Thunderbird restarts it will have a new menu item OpenPGP. Click this and then choose Key Management from the menu. The first thing we need to do is set up a key for this email account that we can send to other people as proof of our identity. Since we may want to set up other keys for different email accounts and the wizard only loads the once, we’ll select the manual configuration option and click Next. Then we can click Finish. This opens the Key Management dialogue click Generate and choose New Key Pair.
If there’s more than one email address on the PC, select the correct one from the dropdown menu. Then, make up a passphrase (password) and type it in twice. This can be anything you like but it must be kept private and you must not forget it if you forget the passphrase you won’t be able to open encrypted emails. By default, Enigmail will make the key expire after five years, though that can be changed here. When you have done this, click the Generate key button.
When the confirm dialogue box appears, click Yes. After a moment, the key will be generated and Enigmail will recommend that you create what’s called a ‘revocation certificate’ that can be used to invalidate the key if it gets lost or compromised this is a good idea, so click Yes. Use Windows’ file commands to store it somewhere easy to find like the Desktop and at a later date, move it to a USB key for safe keeping. To complete the creation of the certificate, type in your passphrase and click OK.
Click OK again. Now, since it takes two to send and receive encrypted emails, let’s imagine our friend User has followed this Workshop and is at the same stage as us that means we’ve each got a public key that proves who we are and a private passphrase. Let’s send our public key to her and then have her confirm that it’s genuine. Click the OpenPGP menu and choose Key Management. We highlight her email address and then choose Send Public Keys by email from the menu. Address the email as normal note that the key is added as an attachment. Click Send.
When the message arrives at User’s PC, she right-clicks on the attachment and chooses Import OpenPGP Key. After a moment the confirmation dialogue tells her the key has been imported and when she switches back to the Key Management window, she will see that it has been added to the list. There are other ways to exchange and validate keys using what are called ‘public servers’ that allow security-conscious emailers to upload their public keys so that anyone can access them. The way we’ve shown here is more suitable for two people who want to pair securely with each other.
Next, User has to confirm both the owner of the key and its validity there’s no point in accepting a key of dubious origin. Because she knows it came from us, she can right-click on its entry in the Key Management list and choose Sign key. When the dialogue opens, she can select the highest level of trust ‘I have done very careful checking’ and then click OK. Then she right-clicks the name in the list again and chooses Set Owner Trust. At the dialogue, she selects the owner from the list and chooses ‘I trust ultimately’ and then clicks OK.
When both parties and have sent each other their public keys and confirmed that they’re genuine like this, they can start sending each other encrypted emails. Just create a message as normal and then click on the OpenPGP button on the button bar and choose Encrypt Message from the dialogue box and click the OK button. This will encrypt the message so that if anyone intercepts it, the message text appears as nonsense and they won’t be able to decipher it.
Click the Send button as normal to send the email and then, when the Key Selection dialogue box appears, put a tick in the box next to the name of the person the email’s being sent to in our case it’s User and then click OK. The message will be sent. At the other end, when User receives the message and tries to open it, she’ll be asked for the password or passphrase that she created when she set up her key. We created ours back in Step 7.
Here’s the decrypted message. There’s lots more to say about OpenPGP encryption, but that’s enough to get two people who want to send messages to each other securely off to a good start. One last thing, by default, OpenPGP will ask for your passphrase every time the PC has been left idle for five minutes. Change this by clicking the OpenPGP menu and choosing Preferences. From here it’s easy to increase the idle time so OpenPGP doesn’t keep asking for the passphrase all the time.
2 komentar :
wow....nice info gan...keep blogging and posting
@Prost...
thankz 4 visit me
Post a Comment
Your comments are inputs for our