In 2013 Edward Snowden exposed the National Security Agency’s program of systemically collecting email data without a warrant. Much of the world was shocked. Yet, little has actually changed since then. Most people still send their emails unencrypted over the internet for anyone to see. It is vital that everyone must learn how to send encrypted emails to gain privacy.
Email encryption is based on the use of a public key architecture. People cannot share a simple symmetric key over the internet as anyone can intercept it in transit. Public keys are based on what are called one way trap door functions. These functions are not easily reversible without a hidden secret. Thus, it allows someone to encrypt a message using them. However, they are unable to decrypt that same message unless they have the secret data used to generate it.
Each person who will use encrypted email must generate his own public key using a program such as Gnu Privacy Guard. The secret key is shared on his computer, while the public key is given out to the recipient. The recipient would then take that public key and use it to encrypt the message. When the recipient will send a response message a different public key is used so a response could be received.
It is also important to verify a public key prior to using it. Someone can intercept the public key sent by email and replace it with its own key. Someone doing this could record all the conversations if he could intercept all incoming and outgoing connections from the servers. This is known as a man in the middle attack. It can be thwarted by verifying the public keys. Each key comes with a finger print, which represents a hash of the key. By calling your friend and verifying the fingerprint with the one he sent, you know the key is valid.
Setting up encrypted email is relatively easy if you have a desktop email client such as Thunderbird. First of all, you need to make sure you install Gnu Privacy Guard. This can be downloaded for free on the internet. Linux have it already installed in their systems. Thunderbird users also need to install the Enigmail add on. This extension will facilitate all the encryption between Gnu Privacy Guard and the email client. That way, the user does not have to worry about what goes on in the background.
Once Enigmail is installed and all the email account information has been loaded into Thunderbird, a public key will be generated. You can now go into the “Key Manager” and hit “Generate Key”. Choose at least a 4096-bit RSA key. Once you have it, send it as an attachment to your recipient. Your recipient only has the authority to import the key and he can use his version of Thunderbird to both attach his key and send you an encrypted message. After the handshake icon has been completed, all messages between the two addresses will be encrypted by default.
Learning how to send encrypted emails is indeed not that hard if you use software such as Enigmail and Thunderbird. Once set up, you no longer need to worry about the NSA snooping on your emails again.