Encrypt Individual Files (Desktop)

image

This is the 3rd article in a series of articles about encrypting your entire digital life

Encrypt All The Things! [A Guide]

…from end to end.  Click here for the lead article.  This article is about encrypting individual files on your desktop computer.  I’ll be giving specific instructions for Windows, but Mac & Linux steps are similar.

Short (VERY short version)

    1. Install encryption software.
    2. Create your encryption keys.
    3. Encrypt a file.
    4. Decrypt a file.

The rest of this shows you the details of those steps.

Review or brush up

Before you go any further, it’s really important that you are familiar with the basics of modern day encryption.  Please review this article on understanding encryption:

Understanding Encryption

 

I will be using terminology that won’t make sense to you if you have not read the “Understand Encryption” article or are not already fairly familiar with encryption and how it’s implemented in modern technology.

Let’s begin

    1. Download and install Gpg4win from http://www.gpg4win.org/
    2. Once installed, you’ll need to import your friends’ public keys (if you plan on sending them anything encrypted) and create your own (if you don’t already have any).
      1. Open Kleopatra (it’s installed with Gpg4win).  It’s a key management application.
      2. Click the “Lookup Certificates on server” button and enter your friends’ names and/or e-mail addresses to see if they have public keys.  If they’re not published, you can easily ask them directly.  Most likely, most of your friends do not yet.  I’d encourage you to get them started on this.
      3. Now, create or import YOUR key pair.  Close Kleopatra and open GPA.  Yes, it’s almost a clone of Kleopatra.  No, I don’t know why there are two of these tools.  But Gpa will let you create key pairs.
      4. Open the “Keys” menu and choose “New Key”.
      5. Enter your name (you can’t change this, so choose wisely), then “Next”, then your e-mail address.
      6. Yes, you want a backup copy.
      7. Enter your passphrase… DO NOT EVER FORGE IT!  DON’T BE STUPID – MAKE IT COMPLEX!  I recommend saving it in LastPass.com (get set up with LastPass.com if you’re not already.  It’s TOTALLY worth it (free)).
      8. Right-click your new key and choose “Export Certificate to Server” which will export your public key to a public key server for others to find so they can send you encrypted data.
    3. Now that your contacts’ keys are imported and you’ve created your own key, let’s encrypt a file.
      1. Open Windows Explorer (I said _Windows_ Explorer, NOT _Internet_ explorer!) and find some file that you’d like to encrypt.
      2. Right-click the file and choose “Sign & Encrypt” (You don’t have to do both signing AND encrypting.  You can do just one, if you like).
      3. In the dialog box, make sure “Encrypt” is selected.  If you’d like to compress it before you encrypt it, be sure to check “Archive files with”.  Because you can’t compress it AFTER you encrypt it!
      4. Click “Next” then pick your recipient (who you want to be able to decrypt the file).  If it’s just you, then choose your own key.

To decrypt the file, just right-click it and choose decrypt.  It will know which key was used and will prompt you for the passphrase.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Encrypt All The Things! [A Guide]

So, Microsoft Windows 10 sends your private data to Microsoft (E-Mail and private files in private folders (read the EULA if you don’t believe me), your employer is snooping on your web traffic at work, local hackers are packet sniffing your web traffic at the coffee shop, your neighbors are hacking your home wi-fi, cloud providers have access to your files, thiefs have access to everything on your laptop or phone when you lose them in public, and don’t even get me started on the NSA and all the things THEY have access to (hint:  It’s everything, including your phone calls), not to mention your ISPs and rogue, tin-pot tyrannical dictatorship governments around the world.

You want your data to stay out of their hands and eyes?  Then you’d better put on your foil hat, pull up a chair, and pay attention to this how-to on encrypting all your data and all your communications (including phone calls!) and some best practices thrown in for good measure.

From a high level, here are the things we’ll be encrypting.  I’ll break them up into separate articles, because it would be quite a lot to take in all at once.  I’ll be writing these articles over the next couple of weeks, so check back here to see this topic list change from black text to hot links to the published articles.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Stick it to the NSA: Encrypt Your desktop E-Mail

image

This is one of many articles in a series I’m writing to cover end-to-end encryption for everything you do in your digital life.  I’ll cover encrypting your webmail and mobile e-mail in other articles.

For a primer on encryption, please read my article “Understanding Encryption” as it teaches VERY IMPORTANT concepts that you need to know before moving forward here.

Did you know that ALL E-Mail goes across the open internet in plain, raw, NON encrypted text?  Well, all except e-mail that you explicitly encrypt, which this article will show you how.

Encrypting your E-Mail requires the following steps that we’ll cover individually to simplify the process:

  • Install the proper plugin for your E-Mail app.
  • Create your public/private key pair.
    • Store your private key in a VERY secure place.
    • Publish your public key for others to use.
    • Import your keys into your E-Mail plug in.
    • Import your friends public keys into your E-Mail plugin.

Since I obviously don’t have the resources to provide thorough instructions for every e-mail app out there and for every plugin available, I’ll cover 1 popular e-mail app and 1 popular plugin.  The e-mail app we’ll be using for this tutorial is Mozilla’s Thunderbird, available on Windows, Mac, & Linux.  You can download it here.  It’s free and open source.

Since you’re reading this article, I’m going to assume you’re already using an e-mail program on your PC, or you wouldn’t be here, so I’ll skip the tutorial on how to install and configure an e-mail app.  You should already have that up and going before continuing here.

First, you’ll need a plug in for your e-mail app that can handle encrypting and decrypting e-mail.  I recommend Enigmail for Thunderbird.  Click here to get it.  It’s also free and open source.

Once installed (I assume you don’t need a tutorial to install the plugin), open the new “OpenPGP” menu in Thunderbird and select “Key Management”.

image

It’ll look like this:

image

If you already have a public/private key pair, add them here.  You should have them in an .asc file.

If you do NOT already have a public/private key pair, inside the OpenPGP Key Management window, open the “Generate” menu and choose “New Key Pair”.

image

If you have more than one E-Mail address configured in Thunderbird, you’ll want to generate a new key pair for each e-mail address.  Choose your e-mail address from the drop down list at the top of this window.

Choose a passphrase and don’t forget it.  Also, for the love of all that is digital, DO NOT MAKE IT SIMPLE!!!!  If you’re going through the effort of generating public/private key pairs to make it difficult for eavesdroppers to see your communications, don’t drop the ball now and use a short or easy password.  I recommend using LastPass.com to generate long, complex passwords and to store them for you (fully encrypted, of course).

Choose an expiration date too.

Why choose an expiration date?

First, let’s explain what that is.  After that date, all software to all other users will inform them that this is invalid.

Why you want this:  If you forget your passphrase and your key becomes compromised, you’ll NEVER be able to revoke your key.  Put an expiration date on it so that it will eventually die on its own.

I recommend 1 to 2 years.  You can and should generate new keys when they expire and publish the new public key.

Once it’s all filled in the way you like it, click “Generate Key”.

Allow the software to generate a revocation certificate.

Now, backup and protect your private key.  Store it in a safe place.  I recommend storing it as a secure note in LastPass.com as well as inside of an encrypted virtual disk (I’ll explain this in a later article).

Publish your public key

Now, your public key is no good if no one has it.  Remember, in order for anyone to send you an encrypted message, they MUST encrypt it with your PUBLIC key.

Right-click your key(s) and choose “Upload public keys to key server”.  This makes your key available in search results on public key servers by anyone that knows your name or e-mail address.

If you ever accidentally expose your private key, you can revoke your key pair from this app by right-clicking your key and choosing to revoke it.  Be sure to upload the change to the key servers so others know your key is revoked and they stop sending you important information encrypted with your old, public key.

You’re now ready to begin using encrypted E-Mail.  BTW, click the “Display All Keys by Default” check box to see your key(s) listed there.

I recommend setting this up for all the members of your household on each of their PCs.  Set each member up with their own private/public key pair and show them how to properly manage them or point them to this article and let them do it.  Let THEM come up with the key phrases and ENSURE they don’t forget them!  Then, you can start E-Mailing your family members securely.

Get public keys of your contacts

You can’t send encrypted mail to anyone until you have their public key.  So, in the Key Manager app, open the key server menu and choose “Search for keys”.  You can type partial or whole e-mail address or user names.  It will search public key servers for any matches.  There are 3 or 4 key servers provided in the key manager.  If you don’t find your contact in one, try another.  Of course, call your contact and make sure they even HAVE a public key.  They can also e-mail it to you.  Note:  While testing the search while writing this article, none of the key servers found any address that I knew was there.  Note that you can copy the URL from the search window and paste it into your address bar in your web browser and really search directly on those key server sites to find your contact’s keys.

image

Once found, add them to your key list (called a “key chain”).  That makes them available to you when you send encrypted E-Mail.  Speaking of which, let’s send some encrypted E-Mail now.

Send your first encrypted E-Mail

Close your key manager.  Start a new e-mail message in Thunderbird.  Address it to someone for whom you have a public key.  Click the “OpenPGP” button.  The first time you send an e-mail message, encrypted, from your e-mail address, Enigmail will prompt you if you want to enable OpenPGP for this identity.  Be sure to check that box.  I recommend checking the “Encrypt messages by default” check box too.

image

Click OK, then the dialog box pops up that you’ll likely see before sending each messages:

image

Click “OK” and your message will be encrypted and sent.

Side Note:  “Signing” a message is important if you want to prove to the recipient that it’s from you.  This is explained in my “Understand Encryption” article, which you should be familiar with.

Note that Enigmail will encrypt the message with the public key associated with the RECIPIENT’S E-Mail address, not YOURS.

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.