This post will focus on messages and small files, so we will use a freely-available algorithm, called PGP. 'PGP' stands for 'Pretty Good Privacy', and is one of the most widely-adopted and freely distributed forms of encryption. In fact, it is so good that it was once considered illegal to send this algorithm overseas because it's considered a type of weapon. (Source: http://www.cypherspace.org/rsa/legal.html)
So the software I'll use for demonstration purposes is Portable PGP (http://ppgp.sourceforge.net/). Like the algorithm, this software is free, and can be downloaded from the site linked here. It's capable of signing files/messages (for integrity - proving the message hasn't been tampered with in transit), or for encrypting them (for confidentiality - so it can't be ready by unintended parties), or doing both at the same time.
Portable PGP |
For windows users, there are two ways to install. You can download the USB-stick version, which you just unzip to a USB drive, which you can then use on any Windows computer. Or you can download the full setup version, and install it on a specific computer. Both look exactly the same, and operate the same way.
The first time you run the application, it will ask you to either generate a new key pair, or import an existing one. This guide assumes this is the first time you've had a key pair. It'll open a new window, and you'll need to enter in some information. I HIGHLY recommend you use the Paranoid ElGamal option, and slide the slider towards the right. It will take a lot longer to create the key pair, but once it's created, it's done. If you like, you can also make a larger Key Size.
Creating a Key Pair |
Once that's done, the next part is allowing others to send you messages. You need to find your PUBLIC key in the lower box, and click the "Export Selected" button (it's the one that looks like a disc). Save it to your computer with an *.asc extension. It's this file you want to hand out (NOT your private key).
Now, you want to upload your public key to a key repository. Probably the best one is the PGP Global Directory: https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event. You'll need to click on Publish your Key, upload the *.asc file, and assign an email address (required). Once it's uploaded, you need to verify your email by clicking on the link you'll receive. This makes the public key searchable by others; they can search by your name (or the name you gave), an/or your email address. Other people can then download your key, and import it into their installation of PGP. Whoever you're communicating with should follow all of the same steps, and upload their public key, which you'll need to search for.
Okay - now each of you has the other's public key, and your own private keys. Now what?
Well, click on the "Encrypt" button on the left, and choose "Encrypt Text" or "Encrypt a file", as desired. In the bottom drop down Target box, choose the PUBLIC key of who you are sending to. If you want to sign the message for integrity, choose YOUR private key in the "Sign" box. This doesn't transfer the key, but they must have already imported your public key already for the signing part to work.
Click on "Encrypt" in the lower right, and enter YOUR key pair's passphrase.
You will get a new window with your encrypted message. This message is what you will send to the recipient.
Encrypted Message |
Your recipient will choose the "Decrypt" option in their program, and paste the encrypted message into the program. They will be prompted for their private key passphrase. But make sure they don't paste in the readable portions (---BEGIN PGP MESSAGE----) and the version number, as well as the end pgp message tag.
Assuming you signed it, and assuming they type in the correct passphrase, they'll see this:
Signature Verification |
That means that the sender "signed" it, and the message hasn't been tampered with in transit.
Once they click "OK", they'll be presented with the decrypted message:
Decrypted Message |
Now, that seems like a lot of work. But after the initial setup, it's not that much. But that setup is everything.
Sure, there are ways to do this automatically, but mostly that requires enterprise-level resources, or a LOT MORE setup, and usually full control of both machines at some point. This guide was made for the everyday user in mind, who just want to protect their privacy just a little more more.
Oh - and for those who email me, I'd prefer you to do so with my Public Key: I've made it available for download on my personal site: http://cashfamily.clanteam.com/files/rcash_pgp_pub.asc.