EMail Encryption and Signing - PowerPoint PPT Presentation

1 / 57
About This Presentation
Title:

EMail Encryption and Signing

Description:

Direct install from your Mozilla browser. Download first, then install. Download, then open with Mozilla. Enigmail Express Install 1. Enigmail Express Install 2. ... – PowerPoint PPT presentation

Number of Views:150
Avg rating:3.0/5.0
Slides: 58
Provided by: gabort
Category:

less

Transcript and Presenter's Notes

Title: EMail Encryption and Signing


1
E-Mail Encryption and Signing
  • Jay Krous
  • Computer Protection Program
  • Lawrence Berkeley National Laboratory

2
Agenda
  • Why?
  • Concept Review
  • Software
  • Enigmail
  • GnuPG
  • Windows Privacy Tools
  • Configuration
  • Putting it all together

3
Why?
  • Email is clear text
  • In some situations you may want to ensure only
    the intended recipient can read your message
  • Example Collaboration with a researcher in
    Israel
  • Sender cannot be verified
  • Spoofing or forging email sender is trivial, as
    shown in multiple recent virus outbreaks.
  • Example Beagle spoofs email from jekrous_at_lbl.gov

4
Disclaimer
  • Email encryption is not for everyone
  • Not the recommended configuration

5
Agenda
  • Why?
  • Concept Review
  • Software
  • Enigmail
  • GnuPG
  • Windows Privacy Tools
  • Configuration
  • Putting it all together

6
Concept Review
  • Public / Private Key encryption
  • A key pair is created public/private pair
  • Public key is made public. In other words, given
    to anyone who may want to send you an encrypted
    message.
  • Anyone wanting to send you a encrypted message,
    encrypts the message with your public key.
  • Only the private key can decrypt the message

7
Concept Review 2
  • http//www.gnupg.org/gph/en/manual/x195.html
  • Public-key ciphers are based on one-way trapdoor
    functions. A one-way function is a function that
    is easy to compute, but the inverse is hard to
    compute.
  • All that is required is that some time before
    secret communication the sender gets a copy of
    the receiver's public key.

8
Agenda
  • Why?
  • Concept Review
  • Software
  • Enigmail
  • GnuPG
  • Windows Privacy Tools
  • Configuration
  • Putting it all together

9
Software
  • Enigmail
  • A Mozilla plug-in that facilitates and seamlessly
    integrates GnuPG into Mozilla
  • GnuPG
  • GnuPG is a complete and free replacement for PGP
  • Windows Privacy Tools
  • A Windows GUI into GnuPG. One useful function is
    to facilitate key management

10
Software Alternatives
  • Enigmail
  • Windows,Linux, Mac OS X, FreeBSD, Solaris
  • EudoraGPG - plugin for Eudora
  • GPGOE Outlook Express MUA
  • GnuPG
  • PGP (70)
  • GPGMail - for MAC OS X.
  • Windows Privacy Tools
  • KGpg - KDE frontend for GnuPG.

11
Software Alternatives
  • http//www.gnupg.org/(en)/related_software/

12
Agenda
  • Why?
  • Concept Review
  • Software
  • Enigmail
  • GnuPG
  • Windows Privacy Tools
  • Configuration
  • Putting it all together

13
Installing Enigmail
  • http//enigmail.mozdev.org/download.html
  • Enigmail consists of two installation pieces
    enigmail and enigmime
  • Express Install
  • Direct install from your Mozilla browser
  • Download first, then install
  • Download, then open with Mozilla

14
Enigmail Express Install 1
15
Enigmail Express Install 2
  • ..then restart Mozilla

16
Enigmail Express Install 3
17
Agenda
  • Why?
  • Concept Review
  • Software
  • Enigmail
  • GnuPG
  • Windows Privacy Tools
  • Configuration
  • Putting it all together

18
GnuPG Gnu Privacy Guard
  • http//www.gnupg.org/
  • Not much to installing GnuPG, its just a zip
    file that needs to be extracted to c\gnupg

19
GnuPG Install
20
GnuPG
  • But we are not going to install GnuPG like the
    previous slide.
  • Instead, we will let Windows Privacy tools
    provide GnuPG for us!

21
Agenda
  • Why?
  • Concept Review
  • Software
  • Enigmail
  • GnuPG
  • Windows Privacy Tools
  • Configuration
  • Putting it all together

22
Windows Privacy Tools
  • http//winpt.sourceforge.net/en/
  • WinPT Tray is a "Frontend" which allows access to
    the GnuPG encryption engine.
  • WinPT handles all of your key-management and
    key-server access needs.
  • WinPT Tray can be used as a universal plug-in for
    all email programs because it allows you to cut
    and paste from any email application, and encrypt
    the data while it resides in your clipboard.

23
Windows Privacy Tools Install 1
24
Windows Privacy Tools Install 2
25
Windows Privacy Tools Install 3
  • Cancel on the last screen, we dont need to do
    any of this.

26
Windows Privacy Tools Install 4
Notice the new icon in the system tray
27
Agenda
  • Why?
  • Concept Review
  • Software
  • Enigmail
  • GnuPG
  • Windows Privacy Tools
  • Configuration
  • Putting it all together

28
Enigmail to GnuPG glue 1
  • Enigmail needs to know where GnuPG lives!
  • In our case, since we let WinPT install GnuPG,
  • the default path will be
  • C\Program Files\Windows Privacy
    Tools\GnuPG\gpg.exe

29
Enigmail to GnuPG glue 2
30
Enigmail to GnuPG glue 3
31
Generate key 1
32
Generate key 2
33
Generate key 3
  • You could also import a existing OpenPGP
    compliant key you created previously
  • You can view the key with gpg from the command
    line or with Windows Privacy Tools key manager
    application.

34
Generate key 4
35
Generate key 5
Below are examples of what public/private keys
look like. Remember your private key should be
kept private!
  • Public Key
  • -----BEGIN PGP PUBLIC KEY BLOCK-----
  • Version GnuPG v1.2.1 (MingW32)
  • mQGiBEE/8LwRBACkfpCdKYgBp97jFspo0nGP/03bfzvxdEEDgt
    FEPiWwlU7me9
  • D68oJdLFk8uxELI2TbKrbO9/SbMqhwrBNgGq4AhxqDsqohtseT
    JfOKQW2NE8qyd3
  • liyQSwsIuZ8fekB0Nu4xE25IF7ykH78xcQfj4ZkpN2JQD6ez0T
    EksVvzNwCgqvEH
  • KNsCeAW/4woVM77gs1o1IcEAIbYFBDOhz6Q3RyldBS6B3qHe5
    FXmKk6A5qgz5iw
  • ayUj26wZJJ9KktcSvqYh5AdEpFz0wU5yatkd8jebqbxbmMM7F6
    GIwyi/PIBtptu
  • eZpDoH86DDloE0kvWeS4NZ/W279nNd2Mpul4wAoZNAO7GRHd
    lODD6mQQqLJW3m
  • hl5PA/91aLEd9RSt2NdIPpHqmG2usi7opPJnuK8O5eaadMAyrj
    Fy1pGGlKf8oSm
  • U59/VDV6f1SAIoBE5woGO1P4dmRCyzjftjPT9VX7OZNlyCi7
    YOlXFxqEBKq0q
  • B3o4vnOu6K/oU47zzcopzDnTOVyzEQhld3hPGpOoOr4RfSexr
    Q0SmF5IEtyb3Vz
  • IChCZXJrZWxleSBMYWIgR251UEcga2V5KSA8amVrcm91c0BsYm
    wuZ292PohZBBMR
  • AgAZBQJBP/C8BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRB8YVSgp8
    Mh2GZdAJ46DH7N
  • 0SHRvZSqvy8zTxLl701HDgCghdT6AxE5v38fPL5VLeZ0H4zcST
    u5AQ0EQT/wvhAE
  • APjZLe6mw6XtWkvNoC4tlooxYGQhaCWpx7rDeLdN1tQ9I0P7
    LiFtLfia3Nae10
  • 2xuFf8g//YFXjn54FA8CHV0k23gZaLRgadl19L4aLEG518IEqZ
    nx8kUmAj1uzBPV

Private Key -----BEGIN PGP PRIVATE KEY
BLOCK----- Version GnuPG v1.2.1
(MingW32) lQHhBEE/8LwRBACkfpCdKYgBp97jFspo0nGP/03
bfzvxdEEDgtFEPiWwlU7me9 D68oJdLFk8uxELI2TbKrbO9/
SbMqhwrBNgGq4AhxqDsqohtseTJfOKQW2NE8qyd3 liyQSwsIu
Z8fekB0Nu4xE25IF7ykH78xcQfj4ZkpN2JQD6ez0TEksVvzNwC
gqvEH KNsCeAW/4woVM77gs1o1IcEAIbYFBDOhz6Q3RyldBS6
B3qHe5FXmKk6A5qgz5iw ayUj26wZJJ9KktcSvqYh5AdEpFz0w
U5yatkd8jebqbxbmMM7F6GIwyi/PIBtptu eZpDoH86DDloE
0kvWeS4NZ/W279nNd2Mpul4wAoZNAO7GRHdlODD6mQQqLJW3m
hl5PA/91aLEd9RSt2NdIPpHqmG2usi7opPJnuK8O5eaadMAyr
jFy1pGGlKf8oSm U59/VDV6f1SAIoBE5woGO1P4dmRCyzjft
jPT9VX7OZNlyCi7YOlXFxqEBKq0q B3o4vnOu6K/oU47zzc
opzDnTOVyzEQhld3hPGpOoOr4RfSexv4DAwIkOFOYR515 UGDU
sw2duKWQbaFwo1p9CXAzX0K2a7iM8nrQjrwzw8Nfck5XYrTYe
JLJSIUNWRN 8YtdRbQ0SmF5IEtyb3VzIChCZXJrZWxleSBMYWI
gR251UEcga2V5KSA8amVrcm91 c0BsYmwuZ292PohZBBMRAgAZ
BQJBP/C8BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRB8 YVSgp8Mh2
GZdAKCNXq4haDRDoErfwvGZt6hwxeRYACfT0HVwrauLSb8om/
8DTfj DoQzNGGdAVgEQT/wvhAEAPjZLe6mw6XtWkvNoC4tlo
oxYGQhaCWpx7rDeLdN1t Q9I0P7LiFtLfia3Nae102xuFf8g//
YFXjn54FA8CHV0k23gZaLRgadl19L4aLEG5 18IEqZnx8kUmAj
1uzBPVWeZDtxoNhW0UjAINxkdCvzJJBsmJaX4JVhp9lNcbzpJ/
AAMFBADycQO33eDqab5Eq6cOC4WXDRqG8PAqH5GCafSGV82
48xgBbfhGvrK7SA y/DoGae7j7qoCOA4oRKT7pngv0N/IQhuPF
TsaPMjQrx3knXnaTRa0bx5Gda9hW EK6fzjYoFHtHNaAUdi9
iEWjGjEf7DqzsHuCnqBVdwuxFIGFv4DAwIkOFOYR515 UGBI
1G0QpBV82Eu36hEUPopQl6uaObVsueTq8mQx/ddrnhklx2Gk3
xNF7GzLBZ5 /Q00HhBH6uYewdjli2sy5IhGBBgRAgAGBQJBP/C
AAoJEHxhVKCnwyHY9QEAnjoO /cDI7vM1QhxjSOdCLjH4BHNV
AJ9/Fzek0qvRs5JmOjj6NY953CvpQ RCh5 -----END
PGP PRIVATE KEY BLOCK-----
36
Get your public key out there 1
  • Send it to those that need it
  • Publish in email
  • Post on a webpage
  • www.lbl.gov/jekrous/pgp.txt
  • Put on keyserver
  • http//keyserver.veridis.com/en/

37
Get your public key out there 2
38
Get your public key out there 3
39
Get your public key out there 4
40
Get your public key out there 5
41
Importing other peoples public keys
  • In order to send encrypted messages to other
    people, you need their public key. We will look
    at two ways to import their public key.
  • Import using enigmail
  • Import using WinPT

42
Import with Enigmail 1
43
Import with Enigmail 2
44
Import with Enigmail 3
45
Import with WinPT
46
Agenda
  • Why?
  • Concept Review
  • Software
  • Enigmail
  • GnuPG
  • Windows Privacy Tools
  • Configuration
  • Putting it all together

47
Signing and Encrypting 1
  • Lets look at some examples of how to send a
    signed or encrypted message to someone
  • Signing recipient can verify the message
    originated from you
  • Encrypted only recipients with an appropriate
    private key can decrypt the message

48
Signing and Encrypting 1
Notice the new options provided by Enigmail
49
Signing and Encrypting 2
50
Signing and Encrypting 3
Message recipients notice a PGP envelope
51
Signing and Encrypting 4
52
Signing and Encrypting 5
Message recipients notice garbled gook
53
Signing and Encrypting 6
until they decrypt the message
54
Signing and Encrypting 7
55
Some common settings
  • Automatically decrypt so you dont have to
    manually decrypt each message
  • Encrypt to self so you can see encrypted
    messages you send
  • Key Selection display selection when necessary
  • Passphrase cache set an appropriate time (60
    minutes)

56
Reference
  • GNU Privacy Handbook
  • http//www.gnupg.org/gph/en/manual.html
  • Enigmail website
  • http//enigmail.mozdev.org/download.html
  • Windows Privacy Tools
  • http//winpt.sourceforge.net/en/
  • LBNL Computer Protection Program
  • http//www.lbl.gov/ITSD/Security/

57
Questions?
Write a Comment
User Comments (0)
About PowerShow.com