Top Navigation  
 
U.S. Flag waving
Office Hours Momday - Friday 8 am - 5 pm Pacific 1-800-835-2418
 
Facebook   YouTube   Twitter
Follow Us!
 
 
 Backwoods Home Magazine, self-reliance, homesteading, off-grid

Features
 Home Page
 Current Issue
 Article Index
 Author Index
 Previous Issues
 Print Display Ads
 Print Classifieds
 Newsletter
 Letters
 Humor
 Free Stuff
 Recipes
 Home Energy

General Store
 Ordering Info
 Subscriptions
 Kindle Subscriptions
 ePublications
 Anthologies
 Books
 Back Issues
 Help Yourself
 All Specials
 Classified Ad

Advertise
 Web Site Ads
 Magazine Ads

BHM Blogs
 Ask Jackie Clay
 Massad Ayoob
 Claire Wolfe
 Where We Live
 Dave on Twitter
Retired Blogs
 Behind The Scenes
 Oliver Del Signore
 David Lee
 Energy Questions
 Bramblestitches

Quick Links
 Home Energy Info
 Jackie Clay
 Ask Jackie Online
 Dave Duffy
 Massad Ayoob
 John Silveira
 Claire Wolfe

Forum / Chat
 Forum/Chat Info
 Enter Forum
 Lost Password

More Features
 Meet The Staff
 Contact Us/
 Change of Address
 Write For BHM
 Disclaimer and
 Privacy Policy

Retired Features
 Country Moments
 Links
 Feedback
 Radio Show


Link to BHM

Hardyville

The Hardyville Beginners
Guide to Encrypt**n

(Quick! Easy! Ticks off tyrants! Do it now!)

By Claire Wolfe

  

February 15, 2004

In a place where a hard drive means the road home was icy and RAM is a boy sheep, you wouldn't expect to find a lot of experts in e-mail encryption.

Well, you won't. Find experts, that is. In Hardyville.

What you will find is a lot of ordinary, privacy-minded folk who took an hour or so to download, install, and learn to use e-mail encryption programs. These folks are NOT supergeeks. Just ordinary working people who understand it's worthwhile to keep their e-mails from being casually ECHELONed or Carnivored by other-peoples'-business minders.

Merely by passing through your ISP or swooping around through the ether, your e-mail messages can be read by anybody with the technology to grab them. The FBI now requires ISPs to make their systems "snoop ready." If the feds are after some bad guy who uses your ISP, they'll simply scoop up everybody's mail. Every customer of that ISP becomes a target for investigation. That's Carnivore. ECHELON is worse than that because it scoops up just about every electronic communication, everywhere in the world and scans for "suspicious" keywords.

If you say the movie you saw last night was a "bomb," they may tag you. If you write that your boss has an "explosive" temper ... watch out. The snoopoids will catch you talking about your favorite firearms, the trade secrets of your business, your belief that some eejit politician "ought to be taken out and shot," and your romantic weekend plans. Somebody might even snag your secret recipe for chocolate coconut macaroons.

We all need to put a stop to this nonsense, geek and non-geek alike. And we can -- easily.

That's why The Hardy County Committee On Making Life Miserable for Tyrants has produced The Hardyville Beginners Guide to Encrypt**n. Because e-mail privacy isn't just for geeks. It's for anybody with good sense.

Have you got just one spare hour? Do yourself a favor. If you don't already encrypt e-mail, print out this column -- right now -- and install and start using PGP.

What's PGP?

PGP stands for Pretty Good Privacy. It's the most common public-key encryption system. Don't be spooked by all the geek speak you may have read. The main thing to know is that PGP is not hard to use.

When you install PGP, you'll automatically create a secret key for your own use and a public key to share with others. The secret key lets you encrypt messages to friends and decrypt messages they send to you. You distribute your public key to others, so they can encrypt messages to you.

The First Thing You Need: A Friend

The first thing you need is another person to exchange encrypted messages with. If you don't already know someone who uses encryption, go to The Claire Files forums, where Debra the web mom has opened up a new PGP section especially for you to come in and ask encryption questions. Several people have already volunteered to be PGP coaches and exchange test messages with you.

Once you're ready to exchange messages in privacy, one of those volunteers, Chris, will even reveal the secret of his (or is it her?) tattoo.

The Second Thing You Need: A Free Copy Of PGP

These instructions are for Windows users (you guys with other operating systems are used to figuring things out for yourself).

1. Go to this site. (Go ahead; we'll wait.)

2. Choose Windows 95/98/NT. Select that option even if you have Windows XP!

3. Choose PGP version 6.5.8. (Yes, there's a reason you probably don't want later versions. See the note at the bottom of this article.)

4. Then click "Download PGP 6.5.8." (Don't choose the source code or the command line versions.). A page comes up that lets you download from a variety of sites. Most of them are in Europe. Don't worry about it. Just pick one. The download will take anywhere from one minute to 45 minutes, depending on the speed of your connection.

This will place a file called PGPFW658Win32.zip on your computer. Save that file in any temporary directory you wish.

Installing PGP

If the Download Dialog box remained open after the download was completed, just click "Open" to unzip the file. If the Download Dialog box closed, no problem. Go to the directory where you stored the download and doubleclick on the file.

To do this you must have the WinZip utility. The free evaluation version of WinZip works fine and might have come pre-installed on your computer.

From the moment you click to unzip, Windows' wizard will guide you smoothly through the installation process. Just use all the default choices the wizard presents.

Creating Your Keys

During installation, you'll be asked to create your own public and secret encryption keys and choose a passphrase. The PGP progam itself will "wizard" you through the process of key creation. Again, just use the default choices. The only exception might be when the program asks what size key you want. If you have a typical, fast, modern computer, choose the biggest key.

Remember, the secret key and the passphrase are yours and yours alone. The public key you'll give to people to enable them to encrypt messages to you.

The one big trick -- and it's not difficult, just tricky -- is to create a passphrase that's nearly impossible for anyone else to guess, but easy for you to remember. You'll find some good ideas about password creation in this discussion thread. Don't get lazy and use your birth date or your dog's name. An unguessable passphrase is extremely important.

Never, ever share that passphrase with anybody. Memorize it. Don't even write it down.

Now, get a friend to e-mail you their public key. If you don't have a PGP-ready friend, remember those volunteers who're waiting to help.

Using PGP

Different mail programs -- Outlook, Outlook Express, and Eudora, for instance -- all handle PGP slightly differently. What we'll describe here is a mostly-universal method that works in Windows. Once you get going, you might find even easier ways of handling PGP through your mail reader.

1. Click on the Start menu, then Programs, then PGP. You'll see a menu of options. Choose PGP Keys. This will show you all the public keys that you currently have access to, plus your own private key. You need to import your friend's key into this list.

2A. If your friend sent you his key as an attachment (usually called "public_key.asc" or something similar), save that attachment as a file. You'll probably want to change the name to something like "Bills_key.asc" or "Jennifers_key.asc."

2B. If your friend pasted his key directly into an e-mail, you'll see a bunch of gobbledegook when you open that message. Copy all that gobbledegook, starting with
-----BEGIN PGP PUBLIC KEY BLOCK-----
and ending with
-----END PGP PUBLIC KEY BLOCK-----
and paste it into Notepad. Choose FILE - SAVE AS and save the key file to wherever it's convenient.

3. Now, go back to your PGP key list. Choose KEYS -- IMPORT -- and select the key file that you saved. Voila! It's imported. You can now encrypt email using for that key.

4. But wait! Your friend also needs your key before he can answer your message. Go back to your key list. Find your name. Right-click on it and choose Export. The file name will be your name followed by ".asc." (Make sure you don't select the checkmark that says "Include Private Key(s)" -- all they need is the default public key.) Click save. Now send your friend that key. He can import it into his key list.

5. Next time you open up Microsoft Outlook or Outlook Express, click on "Tools." You'll find PGP there and can choose your user options. (Most of the pre-selected options are good -- especially the one that asks if you want to encrypt all messages to yourself, as well as to the recipient; if you don't encrypt to yourself, you'll never even be able to read your own messages after they're encrypted!)

6. To compose an e-mail in PGP, create a new message as you normally would. You'll notice, though, that along your toolbar is a new icon for "Encrypt (PGP)." (This is in Outlook Express; other programs will have something similar.) Compose your message, click that icon, then click to send your message. Your key list will pop up. From the top box, you can select the name of the person(s) you want to encrypt the message for. PGP might already have selected the key for you, if it found a key with an e-mail address that matched the one you're sending to. Selected keys are moved into the bottom box.

7. Once you've chosen the recipients' keys, PGP will ask you for your passphrase. Give it, click ... and you're done!

More Good Stuff

You can do other things with PGP -- like electronically sign documents or encrypt your document files. There are some security refinements you should also look into at some point (for instance, ways of verifying that your friend's key really does belong to your friend). But that can wait. You're already started.

Some people end up like Miss Fitz, the Hardyville schoolmarm, who tried a non-PGP encryption method a while back and now blushes, "I didn't really figure out how to work it, and I didn't have anyone to send messages back and forth with...and then I misplaced the scrap of paper that I'd written my complicated random password on. I wouldn't make a good secret agent..."

But with an hour to begin and a little persistence, we can all be "secret agents" in our own little way. Or rather, counteragents, protecting our private data from snoops and spies.

Just exchange keys with more and more friends ... and help more newbies take the leap to PGP. And pretty soon ... it'll be a movement. The supersnoops of the world will be tearing their hair out because your cookie recipes -- and everything else you say -- is now enclosed in a nice, private envelope instead of being figuratively written on the back of a postcard for all the world to read.

NOTE ON LATER VERSIONS OF PGP: Version 6.5.8, which you installed here, is freeware. It should be fully functional on your computer with no license fees or registration required. Versions 8.0 and later are deliberately crippled. They'll encrypt files, but won't interface with Outlook, Outlook Express, or Eudora unless you pay a $50 licence fee. Although 8.0 is the first version specifically designed to work with Windows XP, my resident tech expert, Debra Ricketts, says 6.5.8. works fine with XP. She also warns that installing any 7.X version of PGP on Windows XP could result in major problems that might cause you to have to re-install your operating system. So beware.

Thanks once again to the members of The Claire Files forums for help and advice.

Read More by Claire Wolfe

Read Claire Wolfe's Blog

Read More Opinion / Commentary
 
      Please address comments regarding this page to editor[at]backwoodshome.com. Comments may appear in the "Letters" section of Backwoods Home Magazine. Although every email is read, busy schedules generally do not permit personal responses.


 
 

 
 
 
 
 
Copyright © 1998 - Present by Backwoods Home Magazine. All Rights Reserved.