This course will become read-only in the near future. Tell us at community.p2pu.org if that is a problem.
E-mail in its default configuration is not secure. In this challenge we will describe the different methods necessary to secure your e-mail against two known threats.
No sender verification: you cannot trust the 'from' address unless it is signed
Default E-mail communication is unencrypted and can be tapped, just like telephones
Learning to encrypt your email is a great skill to have and to share!
Some background information about email and how you can install software to sign and encrypt it [30-45 mins]
E-mail is one of the oldest forms of communication on the Internet. We often use it to communicate very personal or otherwise sensitive information.
It is very important to understand why e-mail in its default configuration is not secure. In the following tasks we will describe the different methods necessary to secure your e-mail against known threats.
Its easy to make it look like an email comes from someone other than the person who actually sent it.
Just like a real letter, its easy to write a made up return address. We will show you how to sign email, which means that people you email can be confident that the email comes from you.
An e-mail message travels across many Internet servers before it reaches its final recipient. Every one of these servers can look into the content of messages, including subject, text and attachments. Even if these servers are run by trusted infrastructure providers, they may have been compromised by hackers or by a rogue employee, or a government agency may seize equipment and retrieve your personal communication.
There are two levels of security that protect against such e-mail interception. The first one is making sure the connection to your e-mail server is secured by an encryption mechanism. The second is by encrypting the message itself, to prevent anyone other than the recipient from understanding the content. This challenge covers E-mail encryption using PGP within Thunderbird.
Thunderbird is an email client which has many options and add ons which give you better email security. One of these add ons is a tool called Enigmail. Enigmail needs another bit of software called GPG (which is also known as PGP) to work. What Enigmail does when it is installed is to add a menu item called OpenPGP to your Thunderbird email client when you are checking or sending emails.
Before we can continue we need to make sure you have the right tools for the job. In some operating systems it is quite easy to install these tools so that they work well together. It should only take you 5 minutes if you are using Ubuntu. However in other operating systems getting these three tools to play nicely together can be a bit tricky. You may have to do some troubleshooting. We really wish that this stage was easier. If you run in problems, try to have patience and read the instructions. We'll help you if you get stuck.
TIP! It is quite common to make mistakes and run into errors when you are learning how to use encryption. Why not experiment with a new email address that isn't the one you use all the time? When you are confident using the tools then you can use your normal email.
Install Thunderbird, PGP and Enigmail and set up an email account.
If you don't already have Thunderbird, PGP and Enigmail tools installed then;
I had already installed Mozilla Thunderbird (TB) as well as OpenPGP software and Enigmail extension. I'm privacy conscious guy. Actually I wasn't until I read this and this. I was figuring out a way to successfully send an encrypted email to my friends and I stumbled upon to this course. Let's see how it goes.
To install on debian squeeze open a terminal and type:
sudo aptitude install enigmail icedove
Think that some of this is unnecessarily verbose and jargonny. Here's an example of how one could edit it:
Most people do not realize how trivial it is for any person on the Internet to forge an e-mail by simply changing the identity profile of their own e-mail program. This makes it possibly for anyone to send you an e-mail from some known e-mail address, pretending to be someone else.
Its easy to make it look like an email comes from someone other than the person who actually sent it.
This can be compared with normal mail; you can write anything on the envelope as the return address, and it will still get delivered to the recipient (given that the destination address is correct). We will describe a method for signing e-mail messages, which prevents the possibility of forgery.
Just like a real letter, its easy to write a made up return address. We will show you how to sign email, which means that people you email can be confident that the email comes from you.
Good point i3u!
I'll include a link to this help to set up your account.
http://en.flossmanuals.net/thunderbird-workbook/account-set-up/
