Sunday, July 19, 2020

How to communicate via Secure Email

OpenPGP Email Encryption Technology

Hey there!

You may have received email from us with the following signature:

Do you use PGP and wish to exchange email, securely?
Download my public key. Key fingerprint should end with "56AE 2C8C 0902 D966"
and are wondering "what is secure email, and why should I be bothered?"

1) How is Secure Email different from what I send now?

Email is inherently not a secure digital communication method.  The content of your email, which includes your written words and attachments, can be intercepted and read by individuals who have access to the various email servers between your email software (for example, Gmail) and the people with whom you are communicating.   This information, as well as what is called "metadata" (for example, the date and time the email was sent, who you are, who you are sending the email to) is sent as "clear text" where anyone with access can read it.

The use of secure email guarantees the sender and receiver are the sole parties that are allowed to read its contents, and no one else.

2) What is PGP ?

PGP is a way to secure email message contents on the internet, as the message itself is transmitted between computers, and while it resides in storage until the receivers view it.

PGP stands for "Pretty Good Privacy".   It was developed by Phil Zimmerman starting in 1991 to provide secure email via encryption.  The encryption is implemented "end to end" which means only the sender and recipient are allowed to see the contents of the mail.  This integrity is realized since both users have sole access and control of the encryption keys used to scramble the message contents.   PGP also provides reasonable assurances to the email recipient that the email originated from the sender. 

Since its creation, PGP has evolved to become an open internet standard for email security, and supported by multiple different email programs.   It has remained a viable secure digital communication system since then.  In 2013 Edward Snowden reported that the NSA still has not been able to break messages encrypted with PGP technologies, assuming no direct access to the keys used to encrypt the message contents.

3) What is a convenient PGP email program to use with Gmail and Yahoo Mail ?

You may want to check out Mailvelope for this.   It is fairly easy to set up and use.   There are a few YouTube Videos to guide you through this process.   This  one is particularly helpful.

4) What is the main weakness of using PGP?

The security of PGP relies primarily on each user guarding the access to, and the integrity of, the encryption keys they used to send and read secure email.   It is helpful to treat access to these keys with the same care as the passwords to your personal banking accounts.   By doing so, you protect the information you send to others, as well as the information that they send to you.

5) I went through the YouTube video and I'm all set up.  So now how do I send you secure email?

Good!  What you need to do at this point is download our public key using the links in our email signatures, and send us an email informing us that we can download your public key from the Mailvelope Key Server.   Then we should be all set.

6) What is the "key fingerprint" you listed in the email signature?

The key fingerprint is a unique series of numbers and letters that identify the uniqueness and authenticity of keys.   This is especially helpful if keys are downloaded from public key servers, and not directly obtained from the person with whom you want to exchange secure email.

After you import our public key into Mailvelope, you should verify the last sixteen letters and numbers match those listed in our email signatures.   By doing so you are assured that you obtained the correct key we will use decode and read the secure email you send us. 

Share to Social Media!

No comments:

Post a Comment

Comments are subject to our Terms Of Use