Now that we have enough details about how the NSA's Surveillance program, running for a long time against almost each country of this planet. Hundreds of top-secret NSA documents provided by whistleblower Edward Snowden already exposed that Spying projects like PRISM and MUSCULAR are tapping directly into Google and Yahoo internal networks to access our Emails. NSA's tactics are even capable to defeat the SSL encryption, so unsecured email can easily be monitored and even altered as it travels through the Internet. One major point on which all of us are worrying is about the privacy of communication among each other and If you're looking for a little personal privacy in your communications you will need to encrypt your messages.
To avoid privacy breaches; rather I should say to make it more difficult for the NSA or British GCHQ surveillance program to read our communication, we should use PGP encryption (Pretty Good Privacy). Why we should Encrypt our Emails? Each public mail service provider sends information from sender to recipient like a postcard which has a recipient’s address and the content to be conveyed; and is open to the medium used for sending the card. Encryption is an envelope of the content of the document to be sent and leave the recipient’s address open so that it can reach to the destination. So by encrypting your mail, even if any mail service provider is keeping a record of all mails, you need not to worry that your document is being read by third person neither by NSA people. Encrypting your email may sound daunting, but it's actually quite simple. We are going to use something called GNU Privacy Guard (GnuPG) or Gpg4win (Windows).
Installation Step 1: Download the Gpg4win on windows machine and install it.
Step 2: Go ahead and after successful installation, close the window.
Generating your PGP pair key: Step 3: Now open Kleopatra tool (A GUI GPG Key Manager) to create a new asymmetric key pair (public & private). Click on File -> New Certificate
Step 4: In the key generation wizard, click on "Create a personal OpenPGP key pair" and in the next window enter your basic details:
Step 5: In the next window, once review your details and click "Create Key". It will prompt you for entering a passphrase. Set a strong password and confirm it once again in the next window.
Step 7: You should "Make a backup of your file pair" somewhere safe. You can also export the public key to the public directory by clicking on the Upload Certificate to Directory Service. Step 8: Once done, the key manager main interface will show your certificate as shown:
Step 9: Select your newly generated certificate -> Right click -> click on Export Certificates to save your Public keys on the desktop. You will have to exchange your public keys with whom you want to make secure communication via mails. Many people post their public keys to their personal websites. You can send it as attachments to everyone you email, just so they have them.
Once your friends will have your Public keys, they can import it Kleoptra software via 'Import Certification' option from the menu.
Composing an encrypted email:
Note: You should already have your email ID configured over Outlook software on windows machine and if your Outlook doesn't have OpenPGP, then you can install 'Outlook Privacy Plugin' to enable it.
Step 2: Under GpgOL menu (as shown), click on 'Encrypt'. The software will automatically import the public keys of the recipient from the Key Manager (only if exists or imported before)
Step 3: If you also want to attach some files to this encrypted email, then under GpgOL menu, click Encrypted File and select the file to be attached and SEND mail. When you or the recipient will receive the encrypted mail, one should first decrypt it using private keys.
Step 4: Under GpgOL menu, click on 'Decrypt' to convert the email into readable form. To proceed, It will ask for the secret passphrase entered at the time of creation of key pair. That's it! Other than Outlook you can also use various desktop email clients (Thunderbird or Postbox) or web mail, that also support PGP encryption. You can import your key pair to other software also in order to manage the same account.
Final Note - Unauthorized access to your email by hackers, identity thieves, your ISP, and government surveillance and censorship agencies can have disastrous consequences. If you really care about your online privacy, I am sure you will definitely like this article. Stay tuned to 'The Hacker News' for more informative article and the latest updates from Hacking World.
0 comments: