Webmail services are popular. The need for a mail program such as Outlook, which downloads the messages is no longer compelling, after all, GMX, GMail and Co. offer several GB of space on their servers. This is sufficient to store the mail volume from months to years on the servers of the vendors. But even if you only read your webmail via a secure SSL connection via “https” – which we recommend in principle – is vulnerable if a snoop has access to the server of the webmail provider.
Also interesting is
For this, no data leak is necessary, since the "reform of the inventory data information", which was approved by the Federal Council in May 2013, gives the American intelligence service BND access to the passwords of all your e-mail accounts. On the other hand, only the local encryption of the message helps, before sending it. This is best done with a locally installed mail program.
Public and private key
For our workshop, we use the free and open-source mail program Mozilla Thunderbird together with the encryption extension Enigmail. On the first start, the program offers you the creation of a new mail address. If you already have a mail account, click "Skip and use my existing mail address" instead. The wizard for setting up the mail account appears, where you enter the name, e-mail address, and password. Thunderbird tries to find the matching account settings automatically, see image
Set up email encryption
If Thunderbird offers you a choice, you should prefer the IMAP - the POP3 settings. If problems occur, click "Manually Edit". Then, look for the correct server settings on the help pages of your mail provider. Under patshaping.de, you'll also find a list of known mail servers.
Make public keys
For mail encryption, two different cryptic strings, the so-called keys, are used. The "public key" is passed on, it serves other users to encrypt secret message to you. These mails can only be decrypted with your second "private key". The advantage: Even if an attacker knows your public key, he can not decipher the message. It should be clear that the private key can not be issued under any circumstances.
To create and manage all keys, install GnuPT with the default settings. The directory for your key rings is created in the user directory. The key management WinPT is then installed automatically as well: Whether you select "1.4.3" or "1.5.3" does not matter. Start WinTP from the desktop icon, click the associated taskbar icon, and select "Key Management" from the context menu. The "GnuPG Key Pair" option is displayed when you first start. Enter a name, email address, and a new secure password. You will then be prompted for a backup of the keybund, such as a USB key
In Thunderbird, you must install the add-on "Enigmail". You can download this via Thunderbird. Press the "Alt" key and the main menu of Thunderbird appears. Under "Tools" select "Add-ons". In the "Browse all add-ons" search box at the top right, type "Enigmail". After installing the add-on, restart Thunderbird immediately. The new entry "OpenPGP" can be found in the main menu (press "Alt" -key). Select the "OpenPGP wizard". For the sake of simplicity, you simply take over all the specifications. Finally, you end up in the dialog box "Key selection". The previously generated key should appear in the selection list. Select it with the mouse and click "Next."
In order for the recipient to read their secret message, they must know your public key, and you must also have their public key to turn their mail into plain text. This problem solves WinPT again. Select your own key pair in the "Key Management" and click the "Save" icon in the menu bar. The file with the ASC suffix is your public key. Send this file (unencrypted) as a mail attachment to the recipient. In the other way, you also need its public key. If you have received the ASC file of the recipient, restart WinPT. Click the "Open" icon and add the key.
To send a secret message, Thunderbird creates a new message, which can be attached to files as needed. In the window for editing the mail, you will find two small icons at the bottom right: Use the pen to "sign" the message, which only ensures that the mail actually came from you and has not been tampered with. Only when you activate the key symbol, the message text is encrypted before sending it. The subject always remains in the plain text. Thunderbird automatically assigns the public keys automatically to all specified recipients. If this does not work, a selection window appears. If a recipient does not exist, you have not yet imported the key into WinPT.
Send encrypted messages
No comments:
Post a Comment