Encrypt emails in Linux
If you have been thinking about how to encrypt your email, it is a headache to pick it out among many email services and clients. two encryption methods can be considered: SSL or TLS encryption will protect the login name and password sent to the mail server. gunpg is a standard and powerful Linux encryption tool that can encrypt and authenticate messages. if you can manage your own GPG encryption without considering third-party tools, it is enough. We will discuss other issues later.
Even if messages are encrypted, they are still exposed in traffic analysis because the message header must be in plaintext format. so we need another Tor network to hide your footprint on the Internet. we will look at various email services and clients, as well as their advantages and disadvantages.
Forget Web emails
If you have used mail services from GMail, Yahoo, Hotmail, or other Web mail providers, forget them. any information you enter in the Web browser will be exposed to JavaScript attacks, and no matter what protection the service provider provides, it will be a bit of an eye (Note: Is this true ?). GMail, Yahoo, and Hotmail both provide SSL/TLS encryption to prevent message eavesdropping. however, they do not provide any protection to block their own data mining, and therefore do not provide end-to-end encryption. yahoo and Google both claim to launch end-to-end encryption next year. I am skeptical about this, because if their core business data mining is intervened, they will not be able to do anything.
There are also various types of third-party email encryption services that claim to provide secure encryption for all types of emails, such as Virtru and SafeMess. I still doubt this, because no matter who you are, you can access your messages by holding an encryption key, so you still need to rely on trust in them rather than technology.
Peer-to-Peer messages can avoid many defects in centralized services. distributed share and Bitmessage are two popular examples. I don't know whether they are actually described, but they certainly have merits.
What about Anddroid and iOS? If most Android and iOS apps do not have the permission to retrieve your message, it is the safest. don't copy what I said -- read the terms of service and check the required permissions when the application is to be installed on your device. even if their terms are acceptable during initial installation, I still remember that unilateral changes in terms are industry standards, so the worst plan is the safest.
Zero Knowledge)
Proton Mail is a brand new Mail service, claiming that message encryption can be achieved with zero knowledge. authentication and message encryption are divided into two separate steps. Proton complies with the Swiss privacy clause and does not record user activities through logs. zero-knowledge encryption provides real security. this means that only you have your encryption keys. If you lose them, your messages will not be restored.
There are also many encrypted email services that can protect your privacy. read the detailed rules carefully and check the marked items in red, such as restricted user data collection, sharing with friends, and cooperation with law enforcement agencies. these terms imply that they will collect and share user data, have the permission to get your encryption key, and read your messages.
Linux email client
An independent open-source email client, such as Mutt, Claws, Evolution, Sylpheed, and Alpine, can create your own GnuPG secret key to provide you with most protection. (the easiest way to create safer emails and Web browsing is to run the Linux release of TAILS live. you can use Tor, TAILS, and Debian to protect yourself online .)
Whether you are using TAILS or a standard Linux release, the GnuPG management method is the same, so next we will learn how to use GnuPG to encrypt messages.
Use GnuPG
First, familiarize yourself with related terms. OpenPGP is an open email encryption and authentication protocol based on Philip zimuman's Pretty Good Privacy (PGP ). GNU Privacy Guard (GnuPG or GPG) is the GPL Implementation of OpenPGP. GnuPG uses a symmetric public key encryption algorithm, which generates a pair of keys: a public key that anyone can use to encrypt messages sent to you and a private key that only you have to decrypt messages. GnuPG executes two separate functions: Digital Signature message to prove that message comes from you and encrypted message. Anyone can read your digital signature message, but only those who exchange the key with you can read the encrypted message. Never share your key with others! Only public keys can be shared.
Seahorse is the GNOME graphical front-end corresponding to GnuPG, and KGpg is a GnuPG graphical tool of KDE.
Kgpg provides a good GUI for creating and managing encryption keys.
Now let's take the basic steps to generate and manage the GunPG key. This command generates a new key:
- $ Gpg -- gen-key
This process involves many steps. For most people, they only need to answer all the questions and follow the default settings. When you generate your key, write it down and save it in a safe place, because if you lose it, you cannot decrypt any message. Any suggestions on not writing a password are incorrect. Most of us need to remember a lot of login names and passwords, including those that we almost never used, so it is unrealistic to remember them all. Do you know what will happen when people don't write down their passwords? They will choose to generate simple passwords and repeatedly use them. Everything you store in your computer is potentially stolen by attacks. A small book stored in the locked cabinet cannot be obtained through penetration, except physical intrusion, of course, intruders need to know how to find it.
I have to tell you how to use the new key to configure the mail client, because each one is different. You can list your keys as follows:
- $ Gpg -- list-keys
- /Home/carla/. gnupg/pubring. gpg
- ------------------------------
- Pub 2048R/587DD0F52014-08-13
- Uid CarlaSchroder (my gpg key)
- Sub2048R/AE05E1E4 2014-08-13
This allows you to quickly obtain necessary information such as the key location and name (UID. If you want to upload the public key to the key server, you can refer to the instance operation:
- $ Gpg -- send-keys 'carla schroder' -- keyserver http://example.com
When you generate a new key to be uploaded to the public key server, you should also generate a certificate for revocation. Don't postpone it until later-it is generated when you generate a new key. You can give it any name, for example, replace revoke. asc with a descriptive name like mycodeproject. asc:
- $ Gpg -- output revoke. asc -- gen-revoke 'carla schroder'
If your key becomes unreliable, You can revoke it by importing a certificate to the keyring:
- $ Gpg -- import ~ /. Gnupg/revoke. asc
Then generate and upload a new key to replace it. When they are updated to the key database, all users who use the old key will be notified.
You must protect your certificate as well as your private key. Copy it to the CD or USB memory, lock it, and delete it from the computer. This is a plaintext key, so you can even print it out.
If you need a copy and paste key, such as allowing you to paste the key into a public keyring in a web table, or you want to publish the public key to your personal site, then you must generate an ASCII-armored version of the public key:
- $ Gpg -- output carla-pubkey.asc -- export-a 'carla schroder'
This will generate a visible plaintext public key, as shown in the following small example:
- ----- Begin pgp public key block -----
- Version: GnuPG v1
- MQENBFPrn4gBCADeEXKdrDOV3AFXL7QQQ + i61r0000kwftxljlnbavczpawkwrc3l
- IrWeeJiy2VyoMQ2ZXpBLDwGEjVQ5H7/UyjUsP8h2ufIJt01NO1pQJMwaOMcS5yTS
- [...]
- I + LNrbP23HEvgAdNSBWqa8MaZGUWBietQP7JsKjmE + ukalm8jY8mdWDyS4nMhZY =
- = QL65
- ----- End pgp public key block -----
I believe the above tutorial should help you learn how to use GnuPG. If not, The GnuPG manuals has detailed information about using GnuPG and all related configurations.
This article permanently updates the link address: