Encryption Tutorial
From Wolfekipedia
How to use encryption with the Thunderbird email program on Windows
By Claire Wolfe (updated by Jac)
To do this, you must already have the Thunderbird email program. I know for sure that these instructions work for Windows 2000 and Windows 98SE. I don't know about other versions of Windows. But even on a Linux system, these instructions are pretty close. So a little noodling should get you where you need to go.
Step One
Go here and download the free Gnu Privacy Guard (GPG) for Windows. It's listed under "Binaries." This is the basic encryption program that interfaces best with Thunderbird.
Be sure to grab the right file. It's a command-line program, but it comes with a graphical installer. Use the installer. (Typically, the downloader will put an icon on your desktop and all you have to do is doubleclick on it; but this will vary depending on your own personal settings.)
Step Two
Go here and download Enigmail. This is the interface that enables Thunderbird to work with GPG
1) Save the file to your disk. (Do NOT opt to open the file directly from the webpage. You'll get an error message.)
2) Open Thunderbird.
3) Click on Tools --> Extensions. An extensions installer will pop up.
4) Click Install, then go find the Enigmal file you just downloaded. Select it and Thunderbird will install it automatically.
5) Close Thunderbird and reopen it. At the top you'll now see a menu item that will say either "Enigmail" or "Open PGP."
Thunderbird is now almost ready for encryption, but your encryption program isn't yet ready for prime time. That's next.
Step Three (Okay, actually a bunch of steps. This is the hard part. But keep in mind it's also the ONLY place you'll ever have to use a command line. Everything else is good old point-and-click.)
If anything I say here doesn't make sense, check it against the pretty decent manual you'll find here. The manual isn't always perfectly clear, but it's not bad and it might help clarify anything I leave unclear. And remember, the Chivalrous Tech Geeks will help you if something doesn't work!
1. Click your Windows Start menu and find "command prompt" or "MS-DOS prompt" (depending on your version of Windows). On Win 2000, it's under "Accessories." Open the program. You'll get an intimidating looking black void that says only c:\>. That's the command prompt.
2. At the prompt type in cd c:\Program Files\GNU\GnuPG and hit return.
(This assumes you saved GPG to the default directory). You'll get a new prompt, telling you you're now in that directory. (If you have trouble getting to the GNU directory with the single "cd" command above, try reaching it step-by-step. E.g. cd "Program Files" hit return. Then cd GNU and hit return.)
3. When you're in that directory, type gpg --gen-key
Then hit return. This begins the process of creating your personal secret/public key pair. The secret key is for you alone. The public key you'll share with other correspondents. The single process you're now embarked on creates both at once.
4. A list of options for key type will come up. Choose the default option by typing in 1. Hit return.
5. The program will then prompt you for the key size you want. If you have an old, slow machine, choose one of the smaller sizes offered like 1024 or 2024. But if your machine is fairly modern and fast, go for the maximum size, which is 4096. Hit return.
6. The system then asks how long you want the key to remain valid before it expires. It's up to you, but I'd usually choose 0 for "never expires." Hit return.
7. The program will ask you to confirm that this is your choice. Type in y and hit return.
8. Then you'll be asked to type in your name and email address and will be shown the proper format.
Type in your name at the first prompt, your email address at the next prompt, and any brief comment (optional) at the third. (You can use fictional info, but that makes it harder for some people to encrypt to you. The more closely your key ID matches your real name and email address, the easier for your correspondents.)
9. The system will ask you for a password. Give it something easy for you to remember but hard for any hackers or crakers to figure out. Then be sure you do remember it -- but never write it down anywhere. Hit return.
10. Then the system will begin generating your keys, which will take a few minutes -- maybe more than a few, depending on the speed of your system. This process is automatic, but you can help it become more random and more secure by typing on the keyboard, moving the mouse, etc. while all this is going on. When GPG has finished generating keys, you'll get another prompt. And you're done.
Step 3a
For an alternative to the command line fun of the regular GPG, you can go here to download a package that contains GPG, TWO graphical front-ends for key management/creation, and plugins for M$ Outlook 2003 and Internet Explorer (it also contains a whole email client with a GPG plugin, but I can't recommend it, having never used it).
Download whichever version you prefer (I'd recommend Light unless you can read the German docs that come with the Full version) and run the installer. Select the components you wish to install. I'd suggest installing both key managers... I use WinPT for a key manager, but you may prefer GPA. That's what's great about Open Source: the choices! Note: GPGee is a neat contextual menu for encrypting files... I highly recommend installing it.
Next, open your chosen key manager (as I said, I prefer WinPT's interface for key management) and go to the Key (or Keys) menu and follow the steps to create a new key... GPA and WinPT are both pretty easy to use.
And now, back to you, Claire! :)
--Jac
11. Now, open Thunderbird. Choose "OpenPGP" or "Enigmail" -- one of which will appear among the menus at the top of the program now that you've installed Enigmail (as described above). On the drop-down menu choose Preferences. Where it asks you to enter the GPG executable path, type in (or browse to) c:\Program Files\GNU\GnuPG\gpg.exe. Then click OK.
12. Now, open that PGP/Enigmail menu again and choose "Key Management." You should see your own key there.
13. Now, ask somebody else to send you their encryption key. And you're going to send them a copy of yours so you can experiment with your shiny new encryption tech.
Step four
To send your key to someone: Start a message to your chosen encryption partner. With that message window open, select OpenPGP --> Attach my public key. (Note: the OpenPGP icon you're clicking here is the one in the message window, not the one on the main Thunderbird program.)
That will attach your key to the message. Now send as usual.
Step five
Your friend has also attached his or her public key to a message and sent it to you. Now ...
If the key has arrived as an attachment, open it (in NotePad or some other text-only program), highlight and copy it.
Then, in Thunderbird, select OpenPGP --> Key management.
When the Key management window opens, click Edit --> Import keys from clipboard.
That will put your friend's key into your system. Now, you must take one more step before you can use that key. But it's easy. And you're nearly done!
Step six
Open Key Management. Select your friend's key.
Click Edit
You'll see an option for "Sign key."
Click on that.
Check the box for "Local signature only." And select "I have done casual checking."
Click OK.
Go back to the Key management Edit menu.
This time select "Set key trust." Then choose "I trust marginally."
Click OK.
AND YOU ARE NOW READY TO USE ENCRYPTION! Congratulations.
Never give complete trust to a key unless you have 100 percent proof that it really is that person's key. Ditto with signing a key. The reason you choose "local signature" is because you've never gotten any independent verification that your friend's key really is his key. Only after you meet up in person or exchange "key fingerprints" through some reliable method (not going to cover that here) should you totally trust anybody else's key.
Step seven
To use encryption, just compose your message as usual, but before sending, click on the OpenGPG icon in the message window (again, not the one on the main Thunderbird program). Click "Encrypt message." Then when you hit Send, Thunderbird/Enigmail will ask you to type in your passphrase.
Do that ... and your secret message is on its way to your friend.
How to Set Up GPG for Use with Apple's Mail Program
(This information was accurate as of April 2006. I haven't had to set it up again since then so there may be some differences now. -Kirsten)
1. Open Finder. Click on Applications. From the Applications folder, select File > New Folder and rename the new folder GNU Privacy Guard. From this newly created folder, create five new folders and rename them GnuPG, GPGDropThing, GPGFileTool, GPGKeychain, GPGPreferences, and GPGMail.
2. In your web browser's preferences, turn off the option to open downloaded files automatically. To do this in Safari, select Safari > Preferences > General (tab) and uncheck the option to Open "safe" files after downloading.
3. GNU Privacy Guard: the main program
3a. Download
Go to the Mac GNU Privacy Guard website. Scroll down to the section titled Files. Download the version of GNU Privacy Guard that is compatible with your version of Mac OS X by clicking on the version number link, selecting a site on the next page from which to download, and then clicking the Download link. This will download a file called GnuPG 1.4.3.dmg (file name will be slightly different if you were downloading for a version of OS X other than Tiger). Once the download has begun, use the Back button on your browser to return to the Mac GNU Privacy Guard page.
3b. Verify the file
Go to the Finder, select Applications > Utilities and double-click on Terminal to open a terminal window. At the command prompt, change the directory to the one into which you downloaded the file. The command to change directories is cd followed by the pathname of the directory you want to change to. My file downloaded to the desktop so I used the command cd /Desktop. The prompt will change to reflect the new directory you've changed over to. At the prompt, verify the checksum with the command openssl md5 GnuPG1.4.3.dmg (substitute whatever file name you downloaded if you were downloading for a version of OS X other than Tiger) and hit Return to execute the command. A string of numbers and letters will be returned. Compare this string with the string provided under the corresponding section of the Mac GNU Privacy Guard website. They should be the same. If they are not, do not use the file and instead use the contact the management link under the Files section on the Mac GNU Privacy Guard website to report the discrepancy.
3c. Install
Double-click the disk image file called GNUPG1.4.3.dmg (or other file you downloaded) to open it. It will contain three files. Select and drag them to the folder Applications > GNU Privacy Guard > GnuPG. Double-click the file that ends in .mpkg and follow the instructions to install. (It installs command line tools for which you will not see any icons. You can learn to use the command line tools, but it isn't necessary.)
3d. Cleanup
Delete all associated files EXCEPT the three you put in the folder Applications > GNU Privacy Guard > GnuPG by dragging them to the trashcan in the dock, clicking the trashcan icon, and selecting Empty Trash.
4. GPG Keychain Access: GUI for managing keys
4a. Download
Download GPG Keychain Access by clicking on the version number link, selecting a site on the next page from which to download, and then clicking the Download link. This will download a file called GPG_Keychain_Access.0.7.0.1.zip. Once the download has begun, use the Back button on your browser to return to the Mac GNU Privacy Guard page.
4b. Verify
Return to the terminal window. At the prompt, verify the checksum with the command openssl md5 GPG_Keychain_Access.0.7.0.1.zip and hit Return to execute the command. A string of numbers and letters will be returned. Compare this string with the string provided under the corresponding section of the Mac GNU Privacy Guard website. They should be the same. If they are not, do not use the file and instead use the contact the management link under the Files section on the Mac GNU Privacy Guard website to report the discrepancy.
4c. Install
Double-click the file GPG_Keychain_Access.0.7.0.1.zip. This will generate a folder titled GPG Keychain Access- double-click it to open it. It will contain four files. Select and drag them to the folder Applications > GNU Privacy Guard > GPGKeychain.
4d. Cleanup
Delete all associated files EXCEPT the four you put in the folder Applications > GNU Privacy Guard > GPGKeychain by dragging them to the trashcan in the dock, clicking the trashcan icon, and selecting Empty Trash.
5. GPGFileTool: GUI for encrypting and decrypting files
5a. Download
Download GPGFileTool by clicking on the version number link, selecting a site on the next page from which to download, and then clicking the Download link. This will download a file called GPGFileTool-1.0.2.tar.gz. Once the download has begun, use the Back button on your browser to return to the Mac GNU Privacy Guard page.
5b. Verify
Return to the terminal window. At the prompt, verify the checksum with the command openssl md5 GPGFileTool-1.0.2.tar.gz and hit Return to execute the command. A string of numbers and letters will be returned. Compare this string with the string provided under the corresponding section of the Mac GNU Privacy Guard website. They should be the same. If they are not, do not use the file and instead use the contact the management link under the Files section on the Mac GNU Privacy Guard website to report the discrepancy.
5c. Install
Double-click the file GPGFileTool-1.0.2.tar.gz. This will generate a file ending in .tar and then a folder titled GPGFileTool- double-click it to open it. It will contain two files. Select and drag them to the folder Applications > GNU Privacy Guard > GPGFileTool.
5d. Cleanup
Delete all associated files EXCEPT the two you put in the folder Applications > GNU Privacy Guard > GPGFileTool by dragging them to the trashcan in the dock, clicking the trashcan icon, and selecting Empty Trash.
6. GPGDropThing: opens a window allowing you to encrypt and decrypt text
6a. Download
Download GPGDropThing by clicking on the version number link, selecting a site on the next page from which to download, and then clicking the Download link. This will download a file called GPGDropThing-0.4.3.dmg.gz. Once the download has begun, use the Back button on your browser to return to the Mac GNU Privacy Guard page.
6b. Verify
Return to the terminal window. At the prompt, verify the checksum with the command openssl md5 GPGDropThing-0.4.3.dmg.gz and hit Return to execute the command. A string of numbers and letters will be returned. Compare this string with the string provided under the corresponding section of the Mac GNU Privacy Guard website. They should be the same. If they are not, do not use the file and instead use the contact the management link under the Files section on the Mac GNU Privacy Guard website to report the discrepancy.
6c. Install
Double-click the file GPGDropThing-0.4.3.dmg.gz. This will generate a file called GPGDropThing-0.4.3.dmg- double-click it and a disk image file called GPGDropThing will be generated. It will contain three files. Select and drag them to the folder Applications > GNU Privacy Guard > GPGDropThing.
6d. Cleanup
Delete all associated files EXCEPT the ones you put in the folder Applications > GNU Privacy Guard > GPGDropThing by dragging them to the trashcan in the dock, clicking the trashcan icon, and selecting Empty Trash.
7. GPGPreferences:
7a. Download
Download GPGPreferences by clicking on the version number link, selecting a site on the next page from which to download, and then clicking the Download link. This will download a file called GPGPreferences-1.2.dmg. Once the download has begun, use the Back button on your browser to return to the Mac GNU Privacy Guard page.
7b. Verify
Return to the terminal window. At the prompt, verify the checksum with the command openssl md5 GPGPreferences-1.2.dmg and hit Return to execute the command. A string of numbers and letters will be returned. Compare this string with the string provided under the corresponding section of the Mac GNU Privacy Guard website. They should be the same. If they are not, do not use the file and instead use the contact the management link under the Files section on the Mac GNU Privacy Guard website to report the discrepancy.
7c. Install
Double-click the file GPGDropThing-0.4.3.dmg.gz. This will generate a file called GPGDropThing-0.4.3.dmg- double-click it and a disk image file called GPGPreferences 1.2 will be generated. It will contain one files. Select and drag it to the folder Applications > GNU Privacy Guard > GPGPreferences. From the folder you just dragged it to, double click the file (called GPGPreferences-1.2.pkg) and follow the instructions to install. This will generate a GnuPG icon that appears in the Other section at the bottom of the System Preferences screen (accessible from the Apple menu or the dock).
7d. Cleanup
Delete all associated files EXCEPT the ones you put in the folder Applications > GNU Privacy Guard > GPGPreferences by dragging them to the trashcan in the dock, clicking the trashcan icon, and selecting Empty Trash.
8. Generate a key pair
8a. Go to Applications > GNU Privacy Guard > GPGKeychain and open GPG Keychain Access. You will get a message that says You do not have a private or secret key. Select Generate. Follow the instructions in the Make a new key assistant.
8b. At the Introduction screen select Continue.
8c. For the type of key, select DSA and ElGamal and Continue.
8d. Select a key size (I chose 4096) and Continue.
8e. Decide whether or not you want your key to expire and then Continue.
8f. Enter a full name (which can be fictitious), the e-mail address you wish to use this key in association with, uncheck Use my card from Address Book if you so desire, and then Continue.
8g. Set your passphrase and then Continue. You will need to remember this in order to encrypt/decrypt messages.
8h. Confirm your selections and Continue. Your key will be generated. This could take a while depending on the key size you chose.
9. GPGMail: adds GnuPG support to Apple's Mail
9a. Download
Scroll down to the bottom of the " Mac GNU Privacy Guard page to the Links section. Follow the link called GPGMail to another website. Click the link called Download a little way down from the flags. Under the Download section, choose the 10.3 or 10.4 binaries, depending on your OSX version. This will download a file called GPGMail-10.4.dmg (filename will be different for 10.3).
9b. Verify
Return to the terminal window. At the prompt, verify the checksum with the command openssl md5 GPGMail-10.4.dmg and hit Return to execute the command. A string of numbers and letters will be returned. Compare this string with the string provided next to the download link on the GPGMail page. They should be the same. If they are not, do not use the file.
9c. Install
Don't follow the installation instructions on the web page. Instead, double-click the disk image file called GPGMail-10.4.dmg and the double-click the Install GPGMail icon in the .dmg file. From the .dmg file, select and drag the files called CpMac, plistutil, GPGMail.mailbundle, and Install GPGMail to your GPGMail folder. Then double-click the Documentation folder in the .dmg file, and click and drag the English.lproj sub-folder to your GPGMail folder.
9d. Cleanup
Delete all associated files EXCEPT the ones you put in the folder Applications > GNU Privacy Guard > GPGMail by dragging them to the trashcan in the dock, clicking the trashcan icon, and selecting Empty Trash.
