e-mail encryption – Part I

In the crypto scene there’s a lack of an easy tutorial for email encryption. I thought as I would dedicate myself it, as I am using encryption tools for a long time and have witnessed the development of messengers.

I have an idea for an application called ‘Pretty Nice Privacy’, with a user interface – which is a play on words of ‘Pretty Good Privacy’ (en.wikipedia.org/wiki/Pretty_Good_Privacy). Here’s the background story of Pretty Nice Privacy. Pretty Nice Privacy has a cute mascot, that guides you in a smooth way through the process of generating key-pairs.

But here I want to provide a guide without User Interface. This is not a proper tutorial; I am just listing the commands that are most important to me, which I have taken from the GnuPG documentation.

It looks complicated, but it’s actually quite simple 😀 but cumbersome. The tutorial here does not solve the usability problem, which is why I want to design the UI that can be easily installed on a mobile phone or computer.

I chose it to be an open-source project, and here’s why (gnu.org/proprietary/proprietary.html). In a nutshell: Proprietary software is malware.

The problem with my application is that the UI poses a security risk, which is why I would prefer terminal instructions. So I would NOT recommend my own application. :’D Apart from that, I am not an IT security expert.

Prerequisites:

  • Linux (Terminal with bash (gnu.org/software/bash/) (the easiest way is to buy a laptop with linux preinstalled, like ‘tuxedo’, ‘dell xps with ubuntu’ or ‘system76’, ‘pine book’ or others. Or if you’re advanced you can buy a usb stick with a linux iso or create your own bootable livestick. It usually won’t work with a macbook. insert stick, boot, press one of these keys to access bios, common keys include F2, F10, F12, Delete, or Esc while booting. in the bios settings you have to change the boot order, select boot from usb drive, save and exit / restart. go through the install script. sometimes you have use some ‘hacks’, e.g. en/disable secure boot.)
  • having gnupg installed (gnupg.org/ install via package manager)

Here’s some further information, if you’re interested, but you can skip this and continue with Step 1.

What we gonna do is to create a key of pairs (public and private key), that will be used for encrypting and decrypting mails. Your private key should be top secret and treated as a password. The public key can be shared with others or published if you like. (You should also read the chapter about signing keys and the security issues related to uploading keys on official key servers.)

Step 1 – Open Terminal (bash) and type in:

gpg --full-generate-key

Step 2 – Select kind of key (1)

Step 3 – Follow the instructions

gpg (GnuPG) 2.4.5; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(14) Existing key from card
Your selection?

Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072)

I always choose the highest standard – 4096 bits.

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)

Now you specify how long the key should be valid. For testing purposes I just type 1, for 1 day. Then I enter my name, email-adress and follow the instructions.

Key is valid for? (0) 1
Key expires at Mo 19 Aug 2024 22:18:50 CEST
Is this correct? (y/N)
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Chaot
Email address: creative-chaos.dev@proton.me
Comment: Test
You selected this USER-ID:
"Chaot (Test) <creative-chaos.dev@proton.me>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
gpg: directory '/home/username/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/username/.gnupg/openpgp-revocs.d/21AD8FD9D13D55D8E4C8B110B3A11A88B4C5FDC3.rev'
public and secret key created and signed.

pub rsa4096 2024-08-18 [SC] [expires: 2024-08-19]
21AD8FD9D13D55D8E4C8B110B3A11A88B4C5FDC3
uid Chaot (Test) creative-chaos.dev@proton.me
sub rsa4096 2024-08-18 [E] [expires: 2024-08-19]

Here’s my public key listed. But you can access it again with the command ‘gpg –list-keys’. Important: Don’t confuse it with your private key, which we export later.

gpg --list-keys
[keyboxd]
---------
pub rsa4096 2024-08-18 [SC] [expires: 2024-08-19]
21AD8FD9D13D55D8E4C8B110B3A11A88B4C5FDC3
uid [ultimate] Chaot (Test) <creative-chaos.dev@proton.me>
sub rsa4096 2024-08-18 [E] [expires: 2024-08-19]

The long string of characters is your key ID. The short key ID is typically the last 8 characters of this string. In my case my key ID is the last 8 characters, so it’s B4C5FDC3.

Now I would like to export my public key as a file. When I want a plain text, I just type ‘gpg –export –a “Your Name or Key ID”‘ or ‘gpg –export -a “Your Name or Key ID” > publickey.asc’. The flag -a: This option specifies that the output should be in ASCII armor format (plain text).

This is the output of ‘gpg –export -a “B4C5FDC3”. So this is my public key right now in ASCII format. I just can copy paste this piece of text and send to my communication partner – who should also have gpg.

gpg --export -a "B4C5FDC3"
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGbCWkQBEADdPCI+tOrH//gdYRrksGRLiJdDcreHqo3ouQbFX6CKGmnAANRG
gjapIaj9J6iz9uKwcjJKN44sJMXKc2dzOgEmX3RMMhSoODnh2xR7VD9ul7ZadY1+
LgOuOJwocg1wmQnRGSnzo/V07yxvWtKBcVEiuLSFFBpUDeOwTiTIeCaCISPMDWnw
CEzoqsfoY8Lcu0vmgqOrEWTsaaP2yO8NVxFrqC/jcs+zmD8sFUtMAx0TnS8MbnBT
Z8KlnUm4NYDziPayV323A10xkz6Z14HPT2O5nSvsd7DwFeOKEvmFXRzGHRX34NDC
EQsw5MOLn4mJ6wlgvlVCmAIgmiDp4I12/eEVwuBnMYsI/uukyHCzjdAyjki0Ye+V
OAGcVv8W1WwYmT0RbUkFgRY/51ruSDR5PhZpKeGZ5+IOe7DZuIprY5Ovn+TCN/PO
RwzmxL5e7ZDi3bqmovYItPf0okiJCwLL2dkVTCFE1m2C9/VO3LiVt8WOSfQAhd8h
z9VloVYJ9a8Ts/Kf+dRajoVjEQk+GOItTA/q/1JK1/zeJgrGIfQ5IF0Bqzic010k
av2cl2R4s+T78PNU7N29Z7hdEROPF6JuBRNC5Uux463m4iPfvsl1so0MgWuipxPY
nY185Ue8qwHBQqj8MElkllF43gjjzk43IbVjr1Y9xZSGLjUEJgKn0LTjWQARAQAB
tCtDaGFvdCAoVGVzdCkgPGNyZWF0aXZlLWNoYW9zLmRldkBwcm90b24ubWU+iQJX
BBMBCABBFiEEIa2P2dE9VdjkyLEQs6EaiLTF/cMFAmbCWkQCGwMFCQABUYAFCwkI
BwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQs6EaiLTF/cN04xAA1nHzUMmc1G/Q
/j85XnjMmq8PqzeHfmWBiBEMY4aePeskYsz7IC2jWo9TttTrwHHPU6AgIX70glJl
rKD55gopS0VGS6chD7KA2U9I8P2zNJksdeqkAczIPaT+1+3puksqmrvnDtAeCuiC
SFDOZA6QXVRAuwjKbxp8LPaT7+hdMvkZ16iM8bRStGvgnCRqFInA2vadUrFmxtF/
P0Adl+edux/SBD7IUsOU46581mMgApjBdfTzWvNyZjwS8cxMa6V8wZ5FvCLIkJnw
s8UvNhNDvtfl6mhFWN5levJDBrp8Ye8vld9q9+ql00FqhgIxXiBUY7dYkiCR5z4/
IjQIizUE3TQRSymEIgPqbNGqOu137NZl/c3icBsvk8t5kCuruw0qp9RUhxaNa8dT
N/UwVTcak7Y+9zh1ysk/V3WFsJZ4o10oyOP7f7WiOwyu8oh9g0sVsB87dw856HxB
Iq3Hy2uwE0Dmv2nJeepgCHuYXoY0SqlA0JG9MCA3UoyR5SsvuDlz/bW+hWfZZzl5
TOWrUZp3WdNGaPJpobqJJwfIS0CTxpxCYkjJSXHdFoAWfKE66+jaIdd2kDTkSagL
oKtNP/Ove53QcyYPF5S9C9AejtSDoQ647i3cDgNK5TDvPE+zcZbmMpgjWNppOOUj
LDam2UocoGvmJOfeLvz9AA/KPr75rR25Ag0EZsJaRAEQAJ3Jqu3QatGdZ1/b6Fug
9ZoPe30wt05XSeViNodsi8HkCkZVksxPClPcH3Vuwj/JTSDIbGIEK7Q9aPe4ZHZ0
HIynABBJb6YNCcQj5DbIignFTHPlnE2uZTnNBcxIC+bIEykdxAVeXNFB96qwMlyl
KDFCfNTzygPDZmNVKVBrOQVZIeWK2Zo5QDdPv2Vt790ijdkJsS2mbaD7Dz5u/FH+
FyQYXnr/KGVN7SSwm2p3wAJ9SEX8sc3jMOYaAIfxJAoXGa2jRGChT+UhqN2mYAd7
ncjGy0mw0OYe5bwq6RWDQm4pkY4xyeUSMPHtI3R/CaparvAnpsiD4sdTLLMs8EUY
KSYupmvEn++Am+oxDCb396FZMT0ascURzmMsjMwq+pya8u/sjYdF3ZaMwtFLPCCN
7RyRfFb3uRJiuSOtlkvf+AEVxb/5DTMIh/LHD2kL5tU5RQHAWfqpx6GCwiKUTUuy
aCdkAPVn7diBNV8UpSvzOrsII57YICRNe8z2EH4KyN7vFpBUvqV1H8AzteXygd+K
HC0/dnflxVLw7Bl1oFC4yisvzpuM8xCvNGxf7KoB015rI4LMGIYuLOjNNP0UItwt
TqXInCGwSlZfT8Kx3vK2PDTaiDxF5pdUsKw3VF+BdfBMum2OueDRjlAtmlhzKrYu
xxCdaWQNlDz5YgXDQ8VTesVZABEBAAGJAjwEGAEIACYWIQQhrY/Z0T1V2OTIsRCz
oRqItMX9wwUCZsJaRAIbDAUJAAFRgAAKCRCzoRqItMX9w9FPEACTSqUuleHrP1X+
F/ZFya+DFYLEnqbn2CFk/s4OGVFX28zHXKQwqihZJyGHYxz7GJi3cmOzAKcEzOw/
44aU3gFxR5dXkc4QgVOKYhbn+Nxg5mINmKO/ezcjNA8eHqLSBKLWys81OSl6s47f
zyOKk20wePMrsflVczeDb4XmWtssColbEtomGCMtgiatvoDZTTgKPF9thSCk+JZM
Qtj6V1PDGc7JaikYY0kSGtvC49GNmfuchE8RHi34SsmDww7zlQRIXlA4pe5nGDgI
TH7TmIbDiN6fpGk7GsBfYr8km9fz68q4LGkG7A75aC+zmtrlgaf3kNh+gzSgiaM4
qk9ZIT7yy9ZhyE4/+GpLCM+2kbWZGjC0SjHOFIk1MKpb6Hh1YXoJkHYapw4snUec
zHNv+dN/cWfSB07TRTtB9JAMz8EPBcu1dN0LxFXKuqVB/sfZArIdM6dW+ZNx2yWD
ukWgC9X/g3UtXMQ7sSSSbEM7C8ahxb2BWWZq3MZ/hxhr6GyXC2POJjBA2L+g5nwD
G2gy3pPbNlzfWZ7xLIuDrQqCD/xLJVBVveWkzo1Ws2K0l+PW38CLyo4FdKbPQ6PB
vtzX7iCpIen/KltuTq31NXX9zjjTmp7+G2SPBZA/75CnoS88i7DIrReU6n9FHW+P
wqRo6U79a96kyMsm+Of/ZPZEKxH7mg==
=3CoL
-----END PGP PUBLIC KEY BLOCK-----

This key will expire tomorrow [expires: 2024-08-19]. So if you to write me an encrypted message, don’t use this key. I will provide soon another key.

When I type in ‘gpg –export -a “B4C5FDC3” > publickey.asc’, the output will be saved in my home directory.

gpg --export -a "B4C5FDC3" > publickey.asc

I can now open the file with any text editor, e.g. vim (vim.org/), or just access via command line. There will be shown the same output as above. As the file is located in the home directory and I type in ‘cat publickey.asc‘, it shows me the content of the file. The cat (gnu.org/software/coreutils/manual/html_node/cat-invocation.html) command in bash shell is short for “concatenate”. It is commonly used in the terminal to perform several functions related to text files.

cat publickey.asc
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGbCWkQBEADdPCI+tOrH//gdYRrksGRLiJdDcreHqo3ouQbFX6CKGmnAANRG
gjapIaj9J6iz9uKwcjJKN44sJMXKc2dzOgEmX3RMMhSoODnh2xR7VD9ul7ZadY1+
LgOuOJwocg1wmQnRGSnzo/V07yxvWtKBcVEiuLSFFBpUDeOwTiTIeCaCISPMDWnw
CEzoqsfoY8Lcu0vmgqOrEWTsaaP2yO8NVxFrqC/jcs+zmD8sFUtMAx0TnS8MbnBT
Z8KlnUm4NYDziPayV323A10xkz6Z14HPT2O5nSvsd7DwFeOKEvmFXRzGHRX34NDC
EQsw5MOLn4mJ6wlgvlVCmAIgmiDp4I12/eEVwuBnMYsI/uukyHCzjdAyjki0Ye+V
OAGcVv8W1WwYmT0RbUkFgRY/51ruSDR5PhZpKeGZ5+IOe7DZuIprY5Ovn+TCN/PO
RwzmxL5e7ZDi3bqmovYItPf0okiJCwLL2dkVTCFE1m2C9/VO3LiVt8WOSfQAhd8h
z9VloVYJ9a8Ts/Kf+dRajoVjEQk+GOItTA/q/1JK1/zeJgrGIfQ5IF0Bqzic010k
av2cl2R4s+T78PNU7N29Z7hdEROPF6JuBRNC5Uux463m4iPfvsl1so0MgWuipxPY
nY185Ue8qwHBQqj8MElkllF43gjjzk43IbVjr1Y9xZSGLjUEJgKn0LTjWQARAQAB
tCtDaGFvdCAoVGVzdCkgPGNyZWF0aXZlLWNoYW9zLmRldkBwcm90b24ubWU+iQJX
BBMBCABBFiEEIa2P2dE9VdjkyLEQs6EaiLTF/cMFAmbCWkQCGwMFCQABUYAFCwkI
BwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQs6EaiLTF/cN04xAA1nHzUMmc1G/Q
/j85XnjMmq8PqzeHfmWBiBEMY4aePeskYsz7IC2jWo9TttTrwHHPU6AgIX70glJl
rKD55gopS0VGS6chD7KA2U9I8P2zNJksdeqkAczIPaT+1+3puksqmrvnDtAeCuiC
SFDOZA6QXVRAuwjKbxp8LPaT7+hdMvkZ16iM8bRStGvgnCRqFInA2vadUrFmxtF/
P0Adl+edux/SBD7IUsOU46581mMgApjBdfTzWvNyZjwS8cxMa6V8wZ5FvCLIkJnw
s8UvNhNDvtfl6mhFWN5levJDBrp8Ye8vld9q9+ql00FqhgIxXiBUY7dYkiCR5z4/
IjQIizUE3TQRSymEIgPqbNGqOu137NZl/c3icBsvk8t5kCuruw0qp9RUhxaNa8dT
N/UwVTcak7Y+9zh1ysk/V3WFsJZ4o10oyOP7f7WiOwyu8oh9g0sVsB87dw856HxB
Iq3Hy2uwE0Dmv2nJeepgCHuYXoY0SqlA0JG9MCA3UoyR5SsvuDlz/bW+hWfZZzl5
TOWrUZp3WdNGaPJpobqJJwfIS0CTxpxCYkjJSXHdFoAWfKE66+jaIdd2kDTkSagL
oKtNP/Ove53QcyYPF5S9C9AejtSDoQ647i3cDgNK5TDvPE+zcZbmMpgjWNppOOUj
LDam2UocoGvmJOfeLvz9AA/KPr75rR25Ag0EZsJaRAEQAJ3Jqu3QatGdZ1/b6Fug
9ZoPe30wt05XSeViNodsi8HkCkZVksxPClPcH3Vuwj/JTSDIbGIEK7Q9aPe4ZHZ0
HIynABBJb6YNCcQj5DbIignFTHPlnE2uZTnNBcxIC+bIEykdxAVeXNFB96qwMlyl
KDFCfNTzygPDZmNVKVBrOQVZIeWK2Zo5QDdPv2Vt790ijdkJsS2mbaD7Dz5u/FH+
FyQYXnr/KGVN7SSwm2p3wAJ9SEX8sc3jMOYaAIfxJAoXGa2jRGChT+UhqN2mYAd7
ncjGy0mw0OYe5bwq6RWDQm4pkY4xyeUSMPHtI3R/CaparvAnpsiD4sdTLLMs8EUY
KSYupmvEn++Am+oxDCb396FZMT0ascURzmMsjMwq+pya8u/sjYdF3ZaMwtFLPCCN
7RyRfFb3uRJiuSOtlkvf+AEVxb/5DTMIh/LHD2kL5tU5RQHAWfqpx6GCwiKUTUuy
aCdkAPVn7diBNV8UpSvzOrsII57YICRNe8z2EH4KyN7vFpBUvqV1H8AzteXygd+K
HC0/dnflxVLw7Bl1oFC4yisvzpuM8xCvNGxf7KoB015rI4LMGIYuLOjNNP0UItwt
TqXInCGwSlZfT8Kx3vK2PDTaiDxF5pdUsKw3VF+BdfBMum2OueDRjlAtmlhzKrYu
xxCdaWQNlDz5YgXDQ8VTesVZABEBAAGJAjwEGAEIACYWIQQhrY/Z0T1V2OTIsRCz
oRqItMX9wwUCZsJaRAIbDAUJAAFRgAAKCRCzoRqItMX9w9FPEACTSqUuleHrP1X+
F/ZFya+DFYLEnqbn2CFk/s4OGVFX28zHXKQwqihZJyGHYxz7GJi3cmOzAKcEzOw/
44aU3gFxR5dXkc4QgVOKYhbn+Nxg5mINmKO/ezcjNA8eHqLSBKLWys81OSl6s47f
zyOKk20wePMrsflVczeDb4XmWtssColbEtomGCMtgiatvoDZTTgKPF9thSCk+JZM
Qtj6V1PDGc7JaikYY0kSGtvC49GNmfuchE8RHi34SsmDww7zlQRIXlA4pe5nGDgI
TH7TmIbDiN6fpGk7GsBfYr8km9fz68q4LGkG7A75aC+zmtrlgaf3kNh+gzSgiaM4
qk9ZIT7yy9ZhyE4/+GpLCM+2kbWZGjC0SjHOFIk1MKpb6Hh1YXoJkHYapw4snUec
zHNv+dN/cWfSB07TRTtB9JAMz8EPBcu1dN0LxFXKuqVB/sfZArIdM6dW+ZNx2yWD
ukWgC9X/g3UtXMQ7sSSSbEM7C8ahxb2BWWZq3MZ/hxhr6GyXC2POJjBA2L+g5nwD
G2gy3pPbNlzfWZ7xLIuDrQqCD/xLJVBVveWkzo1Ws2K0l+PW38CLyo4FdKbPQ6PB
vtzX7iCpIen/KltuTq31NXX9zjjTmp7+G2SPBZA/75CnoS88i7DIrReU6n9FHW+P
wqRo6U79a96kyMsm+Of/ZPZEKxH7mg==
=3CoL
-----END PGP PUBLIC KEY BLOCK-----

…to be continued.

For further information regarding gnu-pg you can use the command ‘gpg –help’ to display the most important commands. Or just read the GnuPG documentation: gnupg.org/documentation/manuals/gnupg.pdf

gpg --help

Part 2 will be about private key, encrypting and decrypting messages. It will be about signing messages and the issue about key servers.

After this tutorial, I will create some drafts for the user interface of my application, ‘Pretty Nice Privacy,’ and possibly code the script I’ve written.

Back then Whistleblower Edward Snowden had to explain to journalists how to encrypt mails. A user-friendly guide to encryption would have facilitated communication. However, with email encryption, as well as with privacy-focused browsing in general, there are many factors to consider, and many things can go wrong. Additionally, a lot of background knowledge is necessary to do it wisely.

The method of gpg itself is nowadays considered secure if you choose a strong key length and so on. However issues can arise during wrong implementation and usage. Quantum computing might pose in future a threat to traditional encryption methods, particularly those based on the difficulty of factoring large numbers…

I should have mentioned that you should know a few basic Linux commands for operating the shell and navigating through the filesystem, such as listing files, changing directories, and so on. There are many cheatsheets available on the internet.


Comments

One response to “e-mail encryption – Part I”

  1. […] Last time, we exported our public key. As my key expired I created a new pair. […]

Leave a Reply

Your email address will not be published. Required fields are marked *