Stick it to the NSA: How to Encrypt your WebMail

If you access your email from your desktop web browser, then follow these instructions to get email encryption working.  This is an initial draft.  I’ll expand some of the steps very soon.

  1. Install the Google Chrome  or Firefox browser if you haven’t already and install the extension named “Mailvelope” from https://www.mailvelope.com
  2. Once installed, there’ll be a new lock icon on the top right of your browser.  Click it and a menu opens.  Choose “options”.
  3. If you haven’t, at some time in the past, already created a private and public key pair, you’ll need to do that now.  If you don’t know what I’m talking about, you haven’t and you’ll need to do it now.  Click “Generate Key”.
  4. Once generated, it’s critical that you back up your private key, encrypted, to a place that no one can get it and that will last longer than your current hard drive and PC.  If you lose it, you’ll NEVER be able to read ANYTHING you’ve encrypted with your keys!  Install LastPass.com, create a secret note, and put your private key in there for long term, encrypted, safe storage.  Mark the note as “must reprompt for password”.  NEVER, EVER give anyone your private key.  NEVER send it unencrypted over the internet.  NEVER email it in an unencrypted e-mail message!  NEVER send it unencrypted over a wireless network, especially an open or public one.
  5. No one can send you encrypted e-mail unless they have your PUBLIC key.  Publish your PUBLIC key to a key server.  DO NOT PUBLISH YOUR PRIVATE KEY!!!!!!!! EVER!!!

Now, when you use GMail or most any of the other popular, free e-mail services in a  desktop browser, you can send and receive encrypted e-mail.  NOTE!  Just because you have the ability to send and receive encrypted e-mail does NOT mean that all your e-mail will be encrypted.  You MUST understand the following:

  1. Nothing you did here encrypted any of your old email.
  2. New email that comes in will usually be in clear text (NOT encrypted).
  3. When you start a new email message, Mailvelope will recognize this and provide you an icon, overlayed in your new email window.  Click it to write your email, then click “encrypt” to encrypt the email.
  4. You CANNOT send encrypted email to people that aren’t already set up, like you are, to send and receive encrypted email.
  5. You can’t send encrypted e-mail to anyone from whom you’ve not acquired their public key.
  6. You acquire public keys by searching on a key server.  MIT’s key server is here:. https://pgp.mit.edu
  7. Use the Mailvelope menu to import the public key of each individual with whom you wish to send encrypted email to.  You’ll find that most people have NOT registered a public key, so  you cannot participate in encrypted email with them.
  8. Once you encrypt and send an email message, you won’t be able to read it from your sent box.  It’ll be there, but encrypted with THEIR public key.  Only THEIR private key can decrypt it.  So, send it to both them AND yourself, THEN you can read it.
  9. Encrypted email is unreadable even by Google’s servers, which means you CANNOT use the Google email search feature for words in encrypted mail.
  10. ONLY the BODY of the email is encrypted, not the subject line, not the TO address, not your FROM address, not any part of the headers.

Things to note about HOW the keys work:

  1. When you generate keys, you only do it once, unless you have multiple email addresses.  In which case, generate a key pair for each of your email addresses you wish to send and receive encrypted email for.
  2. Keys are  created in pairs:  One is public.  The other is private.
  3. Feel free to give away your public key to ANYONE, ANYWHERE, ANYTIME.  Shout it from the mountain tops.
  4. Protect your private key with your life.  Well, don’t die for it, but it’s critical you protect it!  If anyone EVER acquires it, they can read EVERYTHING you’ve ever encrypted with your public key!
  5. Your public and private keys are intimately, mathematically connected.  Anything encrypted with your public key can ONLY be decrypted with your private key and  vice versa.
  6. Nothing is safe if you encrypt it with your private key, because everyone has your public key and can easily decrypt it.  A side benefit is you can do this to prove YOU are the one that created the message.  This is called “digitally signing” your document.
  7. If you want to encrypt something that ONLY YOU can decrypt, encrypt it with your PUBLIC key.  Decrypt it with your PRIVATE key.

2 Replies to “Stick it to the NSA: How to Encrypt your WebMail”

Leave a Reply