未加星标

How PGP can protect you against email surveillance

字体大小 | |
[网络安全 所属分类 网络安全 | 发布者 店小二04 | 时间 2016 | 作者 红领巾 ] 0人收藏点击收藏

How PGP can protect you against email surveillance

News broke last week that Yahoo has allowed intelligence agencies to scan user emails . This comes at a very bad time for Yahoo, right on the heels of its 500 million user account data breach ―made public earlier this month―and while the company is trying to be acquired Verizon for the meager price of $4.8 billion .

Other tech giants immediately denied having had similar cooperation with government agencies in the wake of the Yahoo leak, though they all have a track record of wholesaling their data to government agencies under the NSA’s PRISM program .

But this doesn’t mean that you can’t protect your emails from prying eyes.There are a couple of tricks that can provide better security ―I’m not saying total security , mind―against surveillance, and some services such as ProtonMail provide end-to-end encryption.

But if you’re already using an email service such as Gmail and don’t want to switch to some other provider, this article is for you. In this post, I’ll take you through the steps to setup and use Mailvelope PGP protection for your emails.

What is PGP?

PGP, which stands for Pretty Good Privacy , is a technology developed in the early 90s which uses a variation of the public/private key paradigm to encrypt information. In a nutshell, users generate a pair of keys, one public and one private, and publish their public key for everyone to access. The private key they keep to themselves.

Users will subsequently encrypt their message with the public key of the recipient before sending it. Upon receiving the message, the recipient will decipher it with the private key that is in their exclusive possession.

This mechanism ensures that if the message is intercepted during the transmission, or is picked up from the server where it is stored, it will be of no use.

This is much different from the encryption that services like Gmail and Yahoo offer, which is the HTTPS or TLS encryption of the message during the transfer (that is a necessary measure as well, though). Even if they encrypt it on their servers, they still hold the decryption keys and can access them. With PGP encryption, when a message is encrypted with a public key, it can only be decrypted with its corresponding private key. It’s what we call asymmetric encryption.

Using Mailvelope to encrypt messages

Mailvelope is a free application that adds PGP encryption capabilities to webmail services. It is installed on your browser as an extension and functions by adding elements and tools to email composition and reading pages.

Following are the steps to setup Mailvelope for your email account.

Install Mailvelope

The first step is to install Mailvelope on your browser, which is a straightforward process. If you’re using Chrome, you can find it in the Web Store . If you’re using Firefox, download it from Mailvelope’s website .

After installing the extension, the Mailvelope icon will appear next to your browser’s address bar.

Create your key pair

In order to be able to receive encrypted emails, you’ll have to create your pair of public/private keys. To create a key pair, click on the Mailvelope icon and press the Options button.


How PGP can protect you against email surveillance

Once in the Mailvelope options page, go to the “Generate Key” tab and fill in the basic information for your keys.


How PGP can protect you against email surveillance

The password will be used to protect your key pair, so you’d do well to remember it. New versions of Mailvelope enable you to upload your public key to the Mailvelope server for easier discovery.

When you’re ready, press Generate. Once the key is generated, you can view it in the “Display Key” tabs.


How PGP can protect you against email surveillance

In order to enable others to send you encrypted emails, you’ll have to give them your public key. To do so, click on the name of the key you just created and go to the “Export” tab.


How PGP can protect you against email surveillance

Make sure the “Public” toggle button is selected (unless you want to export your private key for personal storage). You can click the Save button to generate the key file, which you can send to users, or you can copy the contents and paste them in an email or a webpage for others to access.

Import keys

In order to send an encrypted email to a person, you have to upload their public key to your Mailvelope app. Once you have the key, go to the “Import Keys” tab, and either upload the public key file or paste its contents in the text area and press “Import.”


How PGP can protect you against email surveillance

Once the public key is uploaded, you can view it in the “Display Keys” tab.

Send an encrypted email

To send an encrypted email, open your webmail application (such as Gmail) and write your message as you always would, then click on the pencil-and-paper button that has newly appeared on the page.

Note: if the icon doesn’t appear, click on the Mailvelope icon and press the “Reload” button. If it still doesn’t appear, click the “Add” button to add the current mail service to its list of supported website.


How PGP can protect you against email surveillance

The following email encryption dialog appears, in which you should specify the recipient of the letter in order for Mailvelope to understand which public key it should use to encrypt the message. In most cases, the extension is smart enough to automatically select the key based on the address you’ve inserted in the To and CC fields.


How PGP can protect you against email surveillance

After pressing “Encrypt,” your message will turn into gibberish. Press send and rest assured that only the person with the private key will be able to peek at your message.


How PGP can protect you against email surveillance
Open an encrypted message

When you receive a message that has been encrypted with your public key, it will appear as follows.


How PGP can protect you against email surveillance

In order to open the letter, click on the envelope. You’ll be prompted for the key’s password, after which the decrypted message will be displayed.

本文网络安全相关术语:网络安全工程师 网络信息安全 网络安全技术 网络安全知识

主题: ChromeFirefox
tags: key,your,Mailvelope,public,message
分页:12
转载请注明
本文标题:How PGP can protect you against email surveillance
本站链接:https://www.codesec.net/view/480782.html


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 网络安全 | 评论(0) | 阅读(194)