It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Communication Techniques - Secure Communciations/Secure Email

page: 1
3

log in

join
share:

posted on Jun, 9 2010 @ 11:39 PM
link   
I thought I would write up a topic expanding on my previous thread on Communication techniques and talk about secure communications.
www.abovetopsecret.com...

I have no background in computers as I am in the medical field, but this is an interest of mine so if I make any mistakes correction would be appreciated. What I don't understand is that these security techniques should come preinstalled into any mail software or even windows itself. It is as if though they do not want the computers secure. Well lets change that shall we.

This thread will look at a methodology to provide secure email communications
using Public Key encryption (asymmetric key) combined with symmetric key encryption to transmit emails.

A little primer on cryptography first. When a message is written and needs to be exchanged between two entities there is a key that is needed to decoded the encrypted message. So the problem arises about how to distribute the key without someone eaves dropping on us and getting the key. The key is a symmetric key and is used to encrypt and decrypt the message. So now we have the problem of distributing a secure key to transmit data. So how do we solve the problem? Via public key encryption systems such as RSA. What a public key system does is
it creates a key pair (public and private) for a user. The private key is kept secret and the public key is shared. A person who wants to send [Person A] a message must use [Person A]'s public key to encrypt the message. The only way to decrypt the
message is using the private key that only [Person A] has. RSA relies on the difficulty of factoring large numbers, there are other algorithms but RSA is widely studied and deemed secure provided the key is sufficient length.

So now we have solved the problem of exchanging a symmetric key using Public key encryption via the RSA algorithm.

So [Person B]-----sends Person B's symmetric key encrypted via person A's Public key to [Person A]

[Person A]-----sends any data to person B using the key provided by person B

So now that we have securely solved the problem of exchanging a key, lets begin with a practical tutorial how to implement secure email communications on a specific email client. I am using Thunderbird from Mozilla and an addon called enigmail.

Here are the files you will need to play around with this:
Thunderbird: www.mozillamessaging.com...
GnuPg: www.gnupg.org...
(scroll down and download "GnuPG 1.4.10b compiled for Microsoft Windows")
Enigmail: addons.mozilla.org...


Install all these files one by one as per instructions.

1.Thunderbird install and add your email account as per instructions:
opensourcearticles.com...

2.GnuPG Install instructions: Pretty simple, I don't think you will need instructions.

3.Engimail install and start instructions (this is what I will focus on):
enigmail.mozdev.org...

Basic Steps:
a: Creating a Public Key pair (remember what we talked about above) --
Click on Open PGP tab under Thunderbird and select Key Management and then
Generate -->New Key pair.



enigmail.mozdev.org...

One thing that it will ask is to create a revocation certificate. You use this certificate whenever you lose your keys and it invalidates your key. It is good to have a backup file of all your keys and revocation certificates.

b: Publishing your public key (remember that when people want to send you
something they encrypt with this key) --



enigmail.mozdev.org...

c: Creating and sending a PGP signed message -- if the recipient knows how to
check signatures then it should work. I belive gmail is experimenting with
PGP signatures which means you should be able to send this from thunderbird
to another gmail client with it working in the near future.




enigmail.mozdev.org...

d: Creating and sending a PGP encrypted message --
In order to send encrypted email to someone you need someones public key. I
have put mine on the bottom for you to play with

email:


US.government.dod@gmail.com


Key info:

Public key info:



enigmail.mozdev.org...

How to find my key (search the keyserver and import)



So a few things. On step 3a, when creating a keypair I chose RSA-4096 bit because the SHA-1 hash used in el gamal is not as secure as it should be, there are a few articles related to this topic:
www.debian-administration.org...

The symmetric key encryption algorithm that engimail uses is AES by default I believe. What it does is it creates a unique session key that is unique to each message you send and your message is encrypted via this 'session key' and this 'session key' is exchanged via the RSA method we talked about above.

And here is my email I can use and I am publishing a public key for you to send me secure email :-) Happy emailing

US.government.dod@gmail.com

[edit on 9-6-2010 by THE_PROFESSIONAL]




posted on Jun, 10 2010 @ 12:33 AM
link   
awsome, nice work!

i love info on privacy protection.



posted on Jun, 10 2010 @ 12:37 AM
link   
reply to post by togetherwestand
 


Thanks I hope you kinda understood what I was talking about and this kinda introduces you to the world of privacy. I don't know why all email users such as gmail provide automatic support for such types of things. Maybe it seems that they don't want complete security.

The thing is that your account can be secure (IE the password for your account) but the email that you send can be read by anyone in the middle. These are techniques to limit that possibility.



posted on Jun, 10 2010 @ 01:00 AM
link   
Thank you for the info on Encryption!

I find the best way to learn anything computer related is the "For Dummies" books, I enjoy the humor along with the dry info. Most of the software comes with Manuals or help files usually made by the Author or Team who made the program. I am still reading through all of the post and I think this is a great thing to implement along with TOR or other proxy type program. I like playing in the sandbox and then implementing it after i have a good understanding on what ports get opened and whats going on with the router/firewall.

Cheers!
sourdiesel



posted on Jun, 10 2010 @ 03:25 PM
link   
Maybe it is jsut me but i think an open source softwear would be far less secure that anything else out there.



posted on Jun, 10 2010 @ 06:08 PM
link   

Originally posted by zaiger
Maybe it is jsut me but i think an open source softwear would be far less secure that anything else out there.


The algorithms are open source as is the software which is a good thing because anyone can look at the code to make sure there are no backdoors. The security relies in the strength of the keys and the implementation of the algorithms. This software is secure if you use it right.



posted on Jun, 12 2010 @ 04:22 AM
link   
Here is a list of public keyservers to find keys. Note that just because you found someones key does not mean that it is their key, you need to authenticate the key meaning verifying that the key really belongs to the person who says it is their key. For instance my key is provided below and if you see the same key from someone else, you know that one person is not telling the truth. But this is really my key haha. So here are a list of a few keyservers to browse through and/or upload your keys too.

www.rossde.com...

sks-keyservers.net...

www.openpksd.org...

Happy emailing :-)




top topics



 
3

log in

join