! ARCHIVE (outdated) - New URI blog.4momo.de
! ARCHIV (veraltet) - Neue URI blog.4momo.de
! ARCHIV (veraltet) - Neue URI blog.4momo.de
When it comes to security, many people think of a small group of paranoid computer experts with white haired beards and a knowledge that wouldn't fit into the Encyclopaedia Britannica itself. People seem to have accustomed to security lacks. That's something bizaarely insane in times of digital spying and never seen before tracing of just about everyone. EMails are one of the most sensitive forms of your privacy. It's likely that certain persons are interested in reading them, as well. But, don't worry: There are mechanisms out there that protect the information you send via eMail in a very secure and -- with the help of this little guide -- even simple to understand way, that is considerd not be hacked in the next ten years, at least.
Please note: This document won't give you a detailed description, which would allow you to write your own security applications. Instead, I guarantee that you will understand the basic facts and know how to use it best and savely in minutes -- and I think that is the point for most of you.
The keyword is encryption. Encryption means to make a message unreadable for someone. If someone sent you the phrase "Hppe", you'd surely not know what to do with that -- except if you knew that you have to go one character in the alphabet back and replace its original with it. This is what you call "Decryption". (You'd clearly come to the word "Good".) Now, we're right at the point where GnuPG comes into play: It's a programe that does exactly what I've explained above automatically for you. GnuPG will create much better encryption rules for you, of course.
However, GnuPG's a bit more complex, as it's the safest encryption/decryption software. An abstractation of the former paragraph is: To decrypt an encrypted message, the reciever needs the rule that the sender used.
Extra information: GnuPG manages this tricky issue with what they call keys: A GnuPG keypair consists of a private and a public key. The public key is to encrypt text, and the private one is to decrypt text. (Thus the private key is a thing to be cared about as it was your right hand!) Let's make things less confusing with an example: John wants to send you an eMail. He asks you for your public key to encrypt the message. Once he has the text, he wants to send, coded (encrypted, "Hppe") with it on his computer, only you will be able to decrypt, that means to make it readable again ("Good"), it with your private key ("Go one character back") on your machine. So, if you want to reply him to his mail -- what do you need? Exactly, his public key!
GnuPG automatically manages that your public key is created in such a manner that it fits to your private key, and vice versa. Though, nobody will be able to draw conclusions from your public key to your private one. And, you can't use the public key to decrypt the text again, as we did in our little example. This is all what GPG or its proprietary pendant PGP is about -- isn't that beautiful, is it?
Go to www.gnupg.org and click "Downloads". Scroll down the page until you see "Binaries" and select your appropriate operating system. If you don't know, choose Windows (it's the link unluckyly named "FTP" you have to click on). Install the thing and create yourself a keypair. (My linux commandline command to do this is gpg --gen-key. Windows users may have a coloured programe to do so.) Take the "DSA and ElGamal" (default) algorithm and change your key length to 4096 bits, if you're not against high-pressure deadlines. If you are about to take a passphrase for your key, be creative! Try to arrange your birthdate between a mixture of the initials of your relatives and special characters, or something like that. You should end up with a phrase similar to "C8b!1Ef30_gI39.p". You will need to enter it to de/encrypt messages, so make sure you'll not forget it (keep it in a secure place, e.g. on Proxima Centauri.)
You will find further notes on how to set this up on their website, GnuPG.org, or via Google. Linux users may wanna have a look at the GnuPG Gentoo user guide, not only for Gentoo. I like the "GNU privacy assitant" to handle all the public keys I have and Sylpheed Claws as my mail application. They're working really fine together.
It's just a small step from here, don't jack up, now!
Share your public key with whoever you want -- and hide your private key!
Feel free to submit your public one to me and to write me an email encrypted with my public key to any address provided by the key information.
4momo.de, (c) 2003, 2004, 2005, 2006 by Moritz Beller