Using Open Source to Protect Email: Page 2

(Page 2 of 2)

Sending Encrypted Messages

So how do you go about sending an encrypted message? Simply write an e-mail message using the e-mail client in the normal way, and then click on "Encrypt Message" in the message's OpenPGP menu. When you send the message, the OpenPGP Key Selection window will pop up, allowing you to select the recipient's public key from your store of keys. If you don't have the recipient's key you can click on "Download missing keys" to carry out a keyserver search to try and find it. Assuming you find the key you need, select it and download it to your key store, and send the message again.

As you'll recall, you can sign an e-mail with your private key to prove that the e-mail really came from you. To do this simply choose the "Sign Message" option instead of "Encrypt Message."

If you want to make it easy for others to find your public key (especially if you don't want to submit your key to a keyserver-perhaps to avoid the risk of spam) you can also send them an e-mail after selecting the "Attach My Public Key" option in this menu. (Of course they should be aware that although the e-mail might appear to come from you, it might have come from someone else.)

One handy thing about installing GPG is that it is available to any application that needs encryption capabilities if a suitable plug-in for that application has been written. That means that as well as using GPG through your e-mail client, you can also use it through a Web browser. After installing the FireGPG Add-on into Firefox you can use Gmail to send and receive encrypted or signed emails using the extra buttons that appear on the Gmail web interface. (You can also encrypt, decrypt, sign or verify the signature of text in any Web page by right clicking in Firefox or selecting FireGPG from the Tools menu.) The FirePGP Add-on is far from perfect-looking up keys from a key server doesn't seem to work properly, for example-but it's certainly useful and will likely improve in future versions.

Compared to commercially available solutions GPG does have drawbacks. Unlike gateway solutions offered by the likes of PGP Corp. GPG's functionality isn't transparent to users, and can't be relied to encrypt all messages as encryption can easily be switched off by the user. Key management is also much more rudimentary, and if a user forgets their private key passphrase then the key pair becomes unusable as there is no way to retrieve it. But overall GPG is a useful (and-let's not forget-free) implementation of OpenPGP, and it can be a very effective solution for individuals and small businesses.

Article courtesy of Practically Networked.





Tags: Linux, email, Firefox, privacy


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.