Encryption: As easy as 1-2-3

Privacy!
The one thing that is in more danger than ever before. Right from back-doors and spying by Government Agencies to frequent theft of data from popular services and media defending one’s privacy is a grave concern.

But, as Edward Snowden repeatedly says, “Encryption Works” and is something that everyone should be accomplished in.

Fortunately Encryption is quite easy to understand and implement.

Before we go on to the ‘How-To’ let’s take a brief look at Encryption.

GPG i.e GNU Privacy Guard and PGP i.e Pretty Good Privacy are considered as the standard in Encryption. While PGP is paid suite, GPG is a Free & Open Source alternative. In this article we will be covering the GNU Privacy Guard.

Now, GPG Encryption is of two types:

1] Symmetric Encryption: 
In symmetric encryption the data is encrypted and protected with a Passphrase. The sender encrypts the data and sets a Passphrase. The sender then send the encrypted file to the receiver and preferably through another channel, shares the Passphrase. When the recipient has both the file and the passphrase he/she is able to access the data.
Now obviously this system has several flaws. First of all there is no way of knowing that the recipient is actually the one you want to send. Then there is also the risk of a MITM (Man In The Middle) attack which effectively compromises the whole transaction.

2] Asymmetric Encryption:
Asymmetric Encryption is like a Lock With Two Keys. Both the keys are unique to a person, one of them is publicly available while the other is a private/secret key. The Public Key is used by anyone to encrypt the data in such a way that it can be decrypted only by the person possessing the corresponding Private Key. Further even to use the Private Key to decrypt data the recipient (Who is the owner of the key) needs to enter a password known only to him or her.
So,
Pros: 
1) You are sure that you are encrypting data such that ONLY the intended recipient can decrypt it. Any risk of data interception via MITM is nullified.
2) There is no exchange of Passphrases.
3) The decryption process needs dual authentication of the Private Key File & a Password which is known only to the owner.
Cons:
1) If you want to send an encrypted file to someone you must have his/her Public  Key.
Fun Fact: Edward Snowden wanted to contact Glenn Greenwald but he didn’t have his public key so he was forced to contact Laura Poitras whose Public Key was available.

Conclusion: Asymmetric Encryption ensures verification of the identity of the recipient. It also nullifies the risk of a MITM attack. All in all it is THE STANDARD in encryption used by military, journalists, governments.

How To:
Note: I am considering the popular Windows – Android combination in the article.

Required Software:
1] Windows: GPG4Win, Mozilla Thunderbird, Enigmail Extension For Thunderbird & WinGPG.

2] Android: APG.

 

ANDROID: To start with, you need to create your own Set of Keys. It is easiest to do so on Android through the APG App.

Once you install and open it, it will prompt you to either create a Key Pair or import one.

Click on the Create Key Pair it will take around 2 minutes.

Once done you will need to insert details like your name, your email address, a Passphrase [NEVER FORGET THIS PASSPHRASE] and set up an expiry date.

Now it’s time to import others’ public keys.

It can be done through several ways like from a Keyserver, from a Key File, a Text File or from Copied Text.

Once you import a Key, it is shown in your contacts. It is saved in the application itself.

Next is the actual encryption.

From the left side menu, select Encrypt. You will see a screen with options for Public Key Encryption/ Passphrase Encryption select the one you want.

Also, there is a option for either encrypting a Message or a File.

If you select Public Key Encryption, you will see an option to select Recipient/s.

Select the ones you want and continue. You can also chose to sign the file/message with your key to establish authenticity. For signing you will be asked to enter the Passphrase.

Once done if it’s a Message you can simply copy and send it to the recipient or if it’s a file you can attach it from it’s location.

Here’s an extremely detailed guide by ‘Security In Box‘: APG For Android Devices.

WINDOWS:
As mentioned earlier, Windows needs several applications and the process is a bit complicated.
Read the instructions carefully before you start with it.

Here’s the guide (again) by ‘Security In Box‘: Thunderbird, Enigmail & OpenPGP for Windows- Secure Email.

But for encrypting Files for your personal use or for sharing through other channels, GPG4Win isn’t sufficient. You can still use it but you will need to execute all commands via a Command Line which is hardly easy for everyone.

For that, we need WinGPG. It’s a Graphic User Interface for GPG.
Once you have installed it, just click Ctrl + Alt + E which will open the GUI, it will automatically detect all keys on your computer and you are good to go.

Author: Rohan Dandavate

Email: rohan_dandavate@riseup.net
Public Key: [http://bluesphereobserver.com/rohan-dandavate/]

Leave a Reply

Your email address will not be published. Required fields are marked *