Fri Jul 24, 2009
For many years I’ve been curious about how encrypted e-mails work, but I never took the time to figure it out. A few years ago I installed Enigmail, which I thought was everything I needed for encrypting e-mails in the popular Thunderbird e-mail client. But after a few minutes I realized it was not working, and I forgot about it.
I also never took the time to understand what this thing about public key and private key means.
So finally I have set it up, and I thought I could share some links and explain the idea, maybe someone is motivated to try it out.
What is encrypting an e-mail? When you encrypt an e-mail, the content is transformed so it’s not readable anymore without the use of a password. Why do that? People often send passwords or even credit card and bank information by e-mail, which is like a post card. People working at companies might send confidential information around. People sometimes save the password in their browser, so anyone accessing their computer could read all the e-mails… maybe there are details about a surprise birthday party someone should not see :) or health issues or thoughts which are meant just for one person, and not for others.
One interesting thing I did not know is that you encrypt a message for only one person. So this person first has to give you a thing called public key, which is a short text. You will use this public key every time you want to send an encrypted message to this person. The same way you collect e-mail addresses in your address book, you will collect public keys of people, so you can send them encrypted messages.
To set up encryption in your computer, normally you need two programs. One is the encryption program itself, which is command line software. To avoid having to use this command line software, you normally install a second program that makes it easy to use the command line tols, for example Enigmail for Thunderbird.
Another important thing is creating public and private keys for yourself. The public key is what you have to give to any person when you want that person to send you an encrypted e-mail. This public key is not secret. You can send it by e-mail, you can put it on your website, or print it in your t-shirt. To create this keys you use one of the programs you installed. You basically have to enter your name, e-mail and a passphrase, which is like a long password that you will have to type every time you want to read an encrypted e-mail sent to you.
Update (June 4th, 2018): To learn more about encryption and being secure online, I recommend studying the Electronic Frontier Foundation website. Here’s one of their articles about PGP: How to turn PGP back on as safely as possible.