Monday, January 26, 2015

Secure your c#@t$ & m@!l$ with cryptography

Do you want your chat/mail to be secured? Do you want them to be protected from secret readers? Do you want them to be visible only to you and the recipient?  
You are now going to learn symmetric cryptography.
You can have the most secured chat/mail with the following:


Requirements:

  1. Mozilla Thunderbird
  2. Pidgin Messenger
Note: Gmail has a security option in your account settings called Access for less secure apps. Enable the option to make Gmail available to Thunderbird and Pidgin.

1. Mozilla Thunderbird:

Thunderbird is a free email application that's easy to set up and customize - and it's loaded with great features!

For instructions on how to access your Gmail mails from Thunderbird, visit here.

Once you are done with the setup, its now time to make your mails secured. 

Follow the steps:
  • Open your Thunderbird mail client.
  • Goto Tools->Add-ons on the top.
  • Install Enigmail.
  • A new menu called Enigmail appears at the top.
  • Click on Enigmail->Setup Wizard
  • Click on Next for all instructions.
  • Then on the new window select I want to create a new key pair for signing and encrypting my email.
  • Then assign an appropriate 8 characters passphrase for security(your private key).
  • Then it will ask whether you want to generate certificate for the encryption. Don't skip this step as the certificate will be useful incase you forget the passphrase. 
  • You are Done!!!
This entire process generated a certificate, a public key and a private key for your account. 
We must share only the public key with friends to whom we want to send mails to.
Don't worry, Thunderbird takes care of that! Let us see how.

Now send a mail to your friend through Thunderbird:
  • Click on Write on the top menu.
  • Compose a mail as usual.
  • After filling the necessary details, goto Enigmail menu on the top and enable Attach My Public key, Force encryption & Force signing in the submenus.
  • Write in the body "PFA my public key".
  • Now send the mail.
Your friend will receive an encrypted e-mail from you with the public key attached. Tell him/her to do the same.
Once you have exchanged the public keys, you need to import each other's public keys on your Thunderbird.

For that:
  • Open your friend's e-mail having public key attached on your Thunderbird.
  • You will find a yellow notification Unverified signature, click on 'Details' button for more information.
  • Click on Details and import the public key.
  • It will still show Unverified.....
  • Now click on Details and sign for the sender. 
  • This will make the sender fully authenticated.
  • To check the success, goto Enigmail menu on the top and select Key Management.
  • You will find all the public keys here. Check whether you have your friend's key in the list.
Now again send a mail to your friend through Thunderbird:
  • Click on Write on the top menu.
  • Compose a mail as usual.
  • After filling the necessary details, goto Enigmail menu on the top and enable Force encryption Force signing in the submenus.
  • Write in the body "Hi, let's hangout!".
  • Now send the mail.
Your friend will receive an encrypted mail. Once your friend receives your e-mail on Thunderbird, it will automatically ask him/her to enter passphrase which he/she created(the way you created). That passphrase is his/her private key which he/she wont share with you. That key is used just to decrypt messages by him/her sent to him/her. Once he/she enters the passphrase correctly, he/she can read the message "Hi, let's hangout!". Thunderbird automatically detects authorized sender and decrypts the e-mail. 
Congratulations!!! Now you and your friends can share secrets freely.

There is another method by which you can decrypt messages through terminal.
  • Type gpg -d <paste the encrypted code from -----BEGIN PGP MESSAGE----- to -----END PGP MESSAGE----->
  • Press Ctrl+d keys simultaneously on your keyboard.
  • You will get the message decrypted on the terminal.

2. Pidgin Messenger

  • Install Pidgin Messenger.
  • Goto Accounts->Manage Accounts.
  • Click on Add.
  • Select Protocol as Google Talk.
  • Add Username of gmail account before @.
  • Click on Add.
  • Goto Accounts->Manage Accounts->Enable Account
Select the account you created and it will load all the contacts of your gtalk.

Once you are done with the setup, its now time to make your chats secured. 


Follow the steps:

  • You and your friend need to install OTR plugin(off the record messaging plugin) for Pidgin through synaptic package manager.
  • Open the chat box of your friend who is using Pidgin with OTR installed.
  • Go to OTR menu on the top->Select Authenticate Buddy.
  • Select the way you want to authenticate your buddy. I will choose question and answer.
  • The answer which your buddy will enter must match with your answer. 
  • Once they match, OTR will get activated on both of your chat boxes.
  • You will see Private written on your chat box.
From now onwards, your chat will be encrypted with your friend.

Other References:
http://en.flossmanuals.net/thunderbird-workbook/send-and-receive-public-keys/
http://ubuntuforums.org/showthread.php?t=2121512

3 comments:

  1. It is better to physically verify gpg fingerprints to avoid someone impersonating your friend. Anyone can create an email address similar to your friend and create a matching gpg key. They can play a man in the middle by impersonating you as well. So ask for the fingerprint on paper and verify the details match the key.

    ReplyDelete

Mesmerizing Fortnight

This time its Sangli,Satara & Kolhapur. We hate to spend our daytime in journey so we prefer night journey. Unfortunately trains f...