How to send and receive encrypted emails. Installing GPG and Enigmail. Asymmetric cryptography in Perl

View of the message before encoding - and this is what your friend will see before decoding

PGP was developed in 1991 by Phil Zimmerman to forward email in such a way that no one other than the recipient could read it. This caused him a lot of problems with the authorities, until in 1996, under pressure from the computer industry, they closed the court case.

After Network Associates bought PGP in 1997, development slowed, and by 2001 work on PGP had all but stopped. Fortunately, the re-established PGP Corp. bought it off software and prepared new versions for Windows XP and Mac OS X.

The program allows you to encode and decode email and computer files. PGP does this by encrypting it using a public key.

This encryption makes mail (and files) inaccessible to anyone except those for whom they are intended. It is quite difficult to explain the encryption method itself, but the essence of the method is quite accessible.

The main thing is not to confuse codes and ciphers. In the codes, words and phrases are replaced with some conditional ones - for example, “a child in a crib” means “the cargo has been delivered.” Ciphers are mathematical formulas, according to which messages are converted into gobbledygook. An example of the simplest cipher is the encoding A=1, B=2, B=3, etc. Then the word “metro” will be encrypted as 136191715. The cipher can be complicated by placing the numbers in reverse order(A=33, B=32, etc.) or, following the original sequence, multiplying the numbers by some arbitrary number - say, 7. Then "metro" will be 814213311985.

However, such expressions are easy to decipher. A simple PC can decipher this cipher in a few hours by analyzing the frequency of occurrence of individual numbers and comparing it with the frequency of letters in the language.

Further, both the sender and the recipient must have a key - a method for decrypting the message (in the metro example, this would be a table of letters and their corresponding numbers). If the key falls into the wrong hands, all messages will be read. Even if two people, Alice and Bob, change the key depending on the date and time, it cannot be hoped that when the new key is sent from Alice to Bob, it will not be intercepted by the enemy agent Eve.

Public key encryption, developed by Stanford University mathematicians Whitfield Diffie and Martin Hellman in 1976, makes key management incredibly simple. But there is a little trick here. Before Diffie and Hellman's discovery, all encryption methods were symmetric, where the recipient simply used the inverse of the encryption method to decrypt it. Public key encryption is asymmetrical and uses two keys—one for encoding and one for decryption. Using this method, Alice can send an encrypted message without sending her secret key.

How it works

How is greater secrecy ensured? Public key encryption was generally regarded by experts as unbreakable, since key selection does not work here, even if the computer can sort through thousands of keys per second. After Diffie and Hellman made their theoretical discovery, three mathematicians from the Massachusetts Institute of Technology - Ronald L. Rivest, Adi Shamir and Leonard M. Eidelman found him practical use. They used factorization as the basis of their encryption method, named after their initials RSA.

If you remember algebra, factoring means taking a number and breaking it down into prime factors that are only divisible by themselves or by one. So the number 210 can be factored into 1 x 2 x 3 x 5 x 7, the first five prime numbers. Anything in advance given number consists of a single set of prime factors.

But no matter how simple this problem may seem, it is very difficult to solve if you are dealing with large numbers. Today's most big number, ever factorized, has 155 signs, and the factorization itself required collaboration 292 computers within seven months.

This is the secret of public key encryption: multiplying two prime factors is easy, but converting the result back to the component primes is very difficult. Alice's public key is the product of two prime numbers, p and q. To decrypt the message sent by Alice, Eve will have to know both p and q, which are contained in Alice's secret key. Now you understand the complexity, especially if you remember that Alice can choose two prime numbers, each of which will be more than 100 characters long.

The public key, as its name suggests, is distributed freely and is often posted on a personal web page. The secret key is never shared with anyone. Let's say Bob wants to send a message to Alice. He takes her public key, uses it to encode and sends the message to her. Since Alice's public PGP key (p x q) is linked to her private key, which contains p and q, she can decrypt the message even if she has never communicated with Bob before. Even if Eve intercepts the message, she will not be able to decrypt the text, since without knowing the secret key, it is impossible to decompose p and q from the public key.

The PGP program does all this transparently. You don't have to think about it at all prime numbers and decomposition. The program will help create an open and secret keys and make your public key available. PGP works with common email programs such as Outlook XP for Windows, Mail. app and Entourage on Mac. To encrypt email, you just need to write a message, and then click the “Encrypt” and “Send” buttons. The program can automatically find and download from one of the many key servers the public key of the correspondent who sent you the encrypted message. And if someone intercepts your mail, they will not get any benefit from it.

Why worry?

So, why all this worry and spy fuss? Should you be concerned if someone else reads your email? But do you write all your letters to postcards?

Do you want someone with some computer knowledge to be able to read your email comfortably? Don't think.

If you want to blow your mind, then read this post. We will talk about encrypting email in Thunderbird (Petrel), using an add-on such as Enigmail and the gnupg4win encryption engine. Encryption allows you to hide information from those for whom it is not intended. Even if a third party is able to intercept your particularly confidential correspondence, they will see an incomprehensible gobbledygook called ciphertext. Let's start by installing the popular and free mail client.

Installing the email client is familiar and simple. Immediately after opening the program, we need to create a new account. Create an account: Email. In the "Would you like to receive new address email?" click on the button "Skip this and use my existing mail". Fill out the windows Your name:, Email address:, Password:

It's time to download free set tools designed to encrypt files and emails(encryption engine). Installing the console program is also familiar and simple.

The third stage is expansion.

After installing Thunderbird, the gpg4win encryption engine and downloading the Enigmail extension, go to the mail Thunderbird client. Click right click mouse next to the tab with the email address and activate the “Menu Bar” checkbox.

In the "Menu Bar" select "Tools" - "Add-ons". Click on the gear (Tools for all add-ons) - then “Install add-on from file...”

Go to the directory with the file (remember where you downloaded it). Select and press the "Open" button

Enigmail will be installed after you restart Thunderbird.

Go to the extension settings. The OpenPGP configuration window should look like this.

In the main parameters, see if you have the correct path to the gpg.exe file. And the default setting is “Remember password for 5 minutes of inactivity.” Set the length of time to your taste. If you work in an office and often leave the computer, I advise you to set minimum time. Let's move on to generating a key pair. In the "Menu Bar" click "OpenPGP" - "Key Management" - "Generate" - "New Key Pair". In the "OpenPGP Key Creation" window, specify the password (you can use the one you specified when creating an account in Thunderbird). Specify the expiration date key from one day to infinity. A little tip: if you are very worried about the security of your correspondence, set it to one day in case of interception. important letter the attacker will have less time to decrypt it. After 24 hours, the key will become invalid. You are allowed to generate keys at least every day, at least every minute. Click the "Create key" - "Generate key" button.

It is advisable to move the cursor while generating keys. Then random numbers used in encryption will become even more random. During encryption, you will be prompted to create a certificate. Click on the “Generate certificate” button and hide it in a safe, secluded place. You put it further away, you take it closer. Our key appears in the list, where we check the box “Display all keys by default” and check the required parameters.

We return to Thunderbird. In the "Menu Bar" click "Message" - "Create". We create a letter to the person with whom we want to correspond encrypted (your anonymous correspondence partner must follow the same procedure as described above). We attach the key to the letter via the OpenPGP menu. Click on "OpenPGP" - "Attach my public key". Next, in the “Layout Panel”, click the “Submit” button.

A window will pop up in front of you where you need to agree to the proposal “Encrypt or sign the text of the message without touching the attachments.” We agree and click the "OK" button.

Next is the window “A phrase is required - a password to access the OpenPGP certificate key.” Enter the password and click "OK". After which our letter will be successfully sent. Your friend, having received the letter, must import this key. To do this, just click on the key right key mouse and select "Import OpenPGP key".

Only after this can your friend use encryption and send you a letter with ciphertext.

On the first try, he may get this warning. Let him press "OK".

Select your Account/User ID. Click "OK".

The key was successfully selected.

Don't forget to enter the phrase - password.

An encrypted message has been sent.

You receive this "Chinese letter". Click the "Decrypt" button.

The letter has been successfully decrypted. In short, an OpenPGP key consists of a pair of keys - private key and an open (public) key. Encryption of any information based on asymmetric method done by using a public key. For example, if you have your friend’s public key, then you can encrypt a message for him and only he can read it, since only he has a private key corresponding to his public key. If the key is stolen or lost, it can be revoked. OpenPGP - Key management - Right-click on the name - Revoke key - Then delete the key. Then we generate a new key pair and share the public key with a friend. Guys, if you knew how tired I am. Probably no one has read me for a long time. But if anyone liked it this advice and he will use it, I advise you to install a couple more extensions in Thunderbird. This and . I assure you for more comfortable work they will come in handy. And further. Even if you don't care about encrypting emails... use the Thunderbird email client full program. Create all the accounts you have ( postal addresses) and the program is minimized to the tray in background will monitor your mail. A letter has arrived - it will display a message about this. In the program window we work with the letter and, if necessary, send a response. Uffffffffffffffffffffff. Topic closed!

Email encryption is an extremely necessary thing that users rarely think about. They begin to think about and take measures to protect email only after they are attacked. Today I will tell you how to encrypt email and prevent the interception of important, confidential data.

1. Email service provider with PFS

Use the services of providers who already use new system perfect forward secrecy (PFS).

In Russia, PFS is already offered by such services as: Web.de, GMX and Posteo.

2. Setting up Gpg4win

Install installation package. Typically, the package is used from an account Windows administrator.

If you don't want to take the risk, you can still reduce vulnerabilities using limited account user for encrypted communications to deny access to account profile data.

3. Create encryption

Open the Kleopatra certificate manager, which is installed on your computer along with Gpg4win, and click File | New Certificate... to launch the key generation wizard. Select here Generate a personal OpenPGP key pair and enter your name and email.

By clicking Next, enter a code word that is easy to remember for you, containing uppercase and lower case and numbers. Skip the last dialog box, click on the finish button, and your key pair is ready to use.

4. Setting up Thunderbird and Enigmail

Download and install for your email. If you use the services of large providers or Posteo, then for the installation wizard it will be enough to enter email address and password that you have to log in through the service’s web client. When setting up the Enigmail add-on in Thunderbird, press Alt to display the menu and click on the tab Tools | Add-ons. In the search bar, type Enigmail and press Enter. The first entry should be latest version Enigmail. Click the Install button.

After installing and restarting Thunderbird, you will be greeted by the Enigmail wizard. In the settings of this wizard, select Convenient automatic encryption , Don't sign messages by default... And Change parameters: Yes. In the Select Key dialog box, click on your key that you created in step 3. Now your emails will be encrypted.

5. Encryption of emails and attachments

You can continue to send and receive unencrypted emails using Thunderbird or from your provider's web client. If you want to send an encrypted message, obtain its public key from the future recipient, save it on HDD and import into the Kleopatra utility: to do this, open it and select “Import Certificates”. To encrypt a letter, first write it and attach it necessary investments. Then in the Write letter window, click on the Enigmail menu, where the current encryption and signature status of the letter will be displayed in the first two entries.

By clicking the arrow icon next to it, you can force emails to be sent encrypted or unencrypted. You must add a signature to encrypted emails so that the recipient can verify that you actually sent the email.

6. Receiving encrypted emails

To send you a cryptographically secure email, you need to use Enigmail (or another OEP-PGP-compatible solution, such as Claws Mail) and your public key, which you should send in an unencrypted email to the future sender. Click in mail on Enigmail | Attach my public key. When you receive an encrypted email, Enigmail will require you to enter a password.

That's all. With the help of the steps described above you will be able to reliably. If you liked the article, click on your social media buttons. networks and subscribe to site news on social networks.

To ensure secure transmission of your data, Yandex.Mail uses encryption of this data using protocols SSL and TLS. If encryption of transmitted data is not activated in the settings of your email program, then you will not be able to receive or send letters using this program.

Instructions for activating encryption in different email programs:

When activating SSL encryption in your email program, you may receive errors about an incorrect certificate. The main causes of such errors and how to resolve them are listed in the article ../mail-clients.html#client-ssl-errors.

Microsoft Outlook

1. Open menu File → Setting up accounts, select an account from the tab Email and click the Change button.
2. Click the button Other settings.
3. Go to the Advanced tab and specify the following parameters depending on the protocol you are using:

   IMAP

   • IMAP server - 993;
   • SMTP server - 465.

   In this item, select SSL for the IMAP and SMTP server.

   Click OK button.

   POP3

   • POP3 server - 995;
   • SMTP server - 465.

   Enable the option Encrypted connection required (SSL) and select in the item Use next type encrypted connection SSL value.

   Click OK button.

4. To complete your account setup, click in the window Change account Next button - your account settings will be checked. If the test is successful, click Finish. If not, make sure all parameters are specified correctly.

Outlook Express

Mozilla Thunderbird

1. Right-click on the account name and select Settings.
2. Go to section Server settings

   IMAP

   • Connection security- SSL/TLS;
   • Port - 993.

   Click OK button.

   POP3

   • Connection security- SSL/TLS;
   • Port - 995.

   Click OK button.

3. Go to section Outgoing mail server (SMTP), select line Yandex Mail and click the Change button. In the SMTP server window, specify the following parameters:
   • Port - 465;
   • Connection security- SSL/TLS.

The Bat

1. Open menu Box → Settings mailbox .
2. Go to the Transport section and specify the following parameters depending on the protocol used:

   IMAP

   Sending mail

   • Port - 465;
   • Connection - .
   Receiving mail
   • Port - 993;
   • Connection - Secure on a special port (TLS).

   Click OK button.

   POP3

   Sending mail

   • Port - 465;
   • Connection - Secure on a special port (TLS).
   Receiving mail
   • Port - 995;
   • Connection - Secure on a special port (TLS).

   Click OK button.

Opera Mail

Apple Mail

1. Open menu Mail → Settings → Accounts → Account Properties. Select in section Server outcome. mail (SMTP) paragraph Ed. list of SMTP servers.
2. Enable the Use SSL option in the Use arbitrary port enter the value 465.

   Click OK button.

3. Go to the Add-ons tab and specify the following options depending on the protocol you are using:

   IMAP

   • Port - 993;

   POP3

   • Port - 995;
   • enable the Use SSL option.

iOS

1. Open menu Settings → Mail, addresses, calendars.
2. In the Accounts section, select your account.
3. At the bottom of the page, click the More button.
4. In chapter Inbox settings Specify the following parameters depending on the protocol used:

   IMAP

   • Server port is 993.

   POP3

   • enable the Use SSL option;
   • Server port is 995.
5. Return to the Account menu. entry and in the section Outgoing mail server Click the SMTP button.
6. In chapter Primary server click on the server line smtp.site.
7. In chapter Outgoing mail server specify the following parameters:
   • enable the Use SSL option;
   • Server port - 465.

   Click the Finish button.

8. Return to the Account menu and click Done.

Android

Windows Phone

1. Go to section Settings → mail+accounts.
2. Select your account.
3. At the bottom of the page click additional settings and specify the following parameters depending on the protocol used:

   IMAP

   • Incoming mail server - imap.yandex.ru :993

   Check the boxes Incoming mail requires SSL And .

   Save your changes.

   POP3

   • Incoming mail server - pop.yandex.ru :995
   • Outgoing mail server - smtp.yandex.ru :465

   Check the boxes Incoming mail requires SSL And Outgoing mail requires SSL.

   Save your changes.

Other

If you have another mail program, activate in its settings encryption of transmitted data via SSL protocol(TLS) for receiving mail (IMAP or POP3) and for sending mail (SMTP). After this, change the port values ​​for connecting to the servers to the following.

Despite all the capabilities of antiviruses and browser plugins, email encryption is still relevant. necessary to protect your confidential information during transit.

The relevance of email encryption is determined by the ability of an attacker to find out your confidential information, change it or simply delete it. Imagine that you are mailing a contract, agreement or report to your business partner. An attacker can intercept your message and find out the transaction amount, change the information sent, or simply delete the message. None of these outcomes are beneficial to you.

Encryption postal letters Necessarily, if you are sending important and confidential data. Spend a little time encrypting your correspondence and thereby reliably protecting it.

Mail encryption methods

Exist various ways mail encryption. The most primitive ones are to agree with the recipient that you will replace some numbers with others or send the data in parts. All this is inconvenient and ineffective.

For effective protection correspondence nessesary to use special programs. Very popular and reliable way is to separately encrypt the data through special programs and attach this data as an attachment to the letter. For this you can use WinRAR, TrueCrypt, dsCrypt

Setting a password via WinRAR

WinRAR is a very common program for archiving data. When creating an archive, you can set a password for it. The method is very simple and quite effective. If you set a strong password for the archive, it will be extremely difficult to find out the information. Detailed description how to put a password on an archive with using WinRAR or 7-Zip.

Creating an encrypted TrueCrypt container

Data encryption via dsCrypt

dsCrypt – free program algorithm used for data encryption AES encryption. dsCrypt is a lightweight program that does not require installation.

To encrypt, drag the encrypted document into the program window and set a password.

As a result, you receive a secure file in DCS format and attach it to the letter.

The recipient launches the dsCrypt program, switches to decryption mode (you need to click on the mode button), drags the encrypted file into the window and enters the password.

Everything is fast, easy and simple. dsCrypt has a lot various settings, including the Secure PassPad mode, which protects the password from keylogger programs.

Encrypted email client MEO File Encryption

– a free encryptor with the function of sending letters. It is very convenient to use if you communicate with a regular circle of business partners. Download MEO File Encryption

There are 3 buttons in the main program window: Encrypt files, Encrypt an email and Decrypt a file.

The encryption process, as in the programs discussed earlier, boils down to selecting files and setting a password.

To send a letter by mail, you need to specify an SMTP account in the program settings.

Now you can send letters like from any other email client, and specify in the attachment the files and folders that need to be encrypted and sent. Very comfortably, good savings time.

Conclusion

Of course, there are many ways to encrypt emails, but the methods presented in this article are the easiest to use and can provide the proper level of email encryption.