GnuPG/Enigmail

1. How to use email the right way^securely GnuPG/Enigmail

2. Disclaimer • /me is not Mac literate • Ask Ryan ;-) • Things may go wrong • Grab the back of your pants and let’s fly!

3. Why GnuPG? • http://www.gnupg.org/faq.html • Free as in beer! • Free as in freedom! • Compatible for the most part with PGP • Industry standard RSA/DSA encryption • Can sign/encrypt email, files, etc… • Allows you to know who sent an email • Allows you to encrypt email for security

4. Tutorial(s) • We’ll be following the tutorial here: • http://people.via.ecp.fr/~clem/nist/gpg-enigmail-howto.php • Instead of typing that, type this: • http://snipurl.com/gpg-tutorial • Mac Users: check out • http://enigmail.mozdev.org • Look at QuickStart guide: Mac section • MacGPG = OS X 10.4 or greater • Fink project • MacPorts project

5. Prerequisites • Install Mozilla Thunderbird 2.0 • If you already have it, good! • http://www.mozilla.com/en-US/thunderbird/ • Install GPG • “GnuPG 1.4.9 compiled for Microsoft Windows.” • ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe • c2efad983dfe50e6d8007257bad2c76604be389a  gnupg-w32cli-1.4.9.exe • In cygwin: • sha1sum.exe gnupg-w32cli-1.4.9.exe • OR: • Debian/Ubuntu: • apt-get install mozilla-thunderbird-enigmail • Make sure you’ve updated debian’sOpenSSL • GnuPG doesn’t use it, but just to be safe! • OR: Source Tarballs: • See GnuPG site!

6. Install Enigmail • Got Thunderbird working? • Install Enigmail extension from: • http://enigmail.mozdev.org

7. Configure GnuPG • In windows, set PATH to include gpg.exe • Make sure Thunderbird knows too! • How? • Open preferences • Set path to GPG in the dialog: • C:\gnupg\gpg.exe on Windows • /usr/bin/gpg on GNU/Linux • Use output of `which gpg` for strange installs

8. Advanced configuration • There is a gpg.conf file you may edit for extra preferences • I use “digest-algo RIPEMD160” • Can set preferred keyservers manually, etc… • It resides in GPG’s home directory. • gpg --version • C:/Users/<UserName>/AppData/Roaming/gnupg • ~/.gnupg (IIRC) • Actual keyring files: • secring.gpg and pubring.gpg • Look online for advanced things

9. Generate Keypair • Enigmail makes it really easy to generate a new keypair! • Open the Key Management window and select New Key Pair. • Select email account for key to be used with • (Optional) Fill in key size • “Advanced” tab • (I like 4096, but 1024 is sufficient) • Use DSA & El Gamal • Why Key expiry? • http://www.linuxjournal.com/article/4892 • Add a key passphrase!!! Never click “no passphrase” • Choose a good one, this is important! • To add an existing key pair, in the Key Management window, from the File menu, click Import Keys from File. • Keys should be in “ASCII armored” format

10. If all went well… • You should be good to go :-D • If not… • Help time • For more: • Google is your friend! • Enigmail mailing list! (See next slide)

11. The Enigmail Mailing List • enigmail@mozdev.org • Via www: • https://www.mozdev.org/mailman/listinfo/enigmail • Via email • send a message with subject or body 'help' to enigmail-request@mozdev.org • Etiquette • Don’t Top Post • Don’t send encrypted email to the list!!!! • Signed is ok! • Regulars are pretty helpful, and some (usually John Clizbe, et. Al.) will be glad to test encryption OFF LIST