Springe zum Hauptinhalt

Setting up Secure Mail with GnuPG

Kommentare

Source

Tags:

logo-gnupg-light-purple-bg.png

As the medium E-Mail has to be considered an open channel, once you want to send sensitive content by e-mail, you should really use a secure encryption method with it.

Having setup this with my local machines, this report propably can be interpreted as a short guide on how to get things going.

For me the basic requirement was to enable one e-mail account with encryption capabilities and this account is accessed from a desktop system and a mobile (Android) system.

So what we need is something like the following:

  1. Generate secret key
  2. Publish public key
  3. Verify published key by e-mail
  4. Install additional required software
  5. Use/Import secret key
  6. Import public keys from the web

Email Self-Defense 

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;; Code:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Variables

(defgroup browse-url nil
  "Use a web browser to look at a URL."
  :prefix "browse-url-"
  :link '(emacs-commentary-link "browse-url")
  :group 'external
  :group 'comm)

dzu@krikkit:/tmp/jq$ jq 'recurse(.children[]) | del(.children)' data.json 
{
  "id": 27941108,
  "created_at": "2021-07-24T14:15:05.000Z",
  "type": "story",
  "author": "edward",
  "title": "Fun with Unix domain sockets",
  "url": "https://simonwillison.net/2021/Jul/13/unix-domain-sockets/"
}
{
  "id": 27942287,
  "created_at": "2021-07-24T16:31:18.000Z",
  "type": "comment",
  "author": "DesiLurker",
  "text": "<p>one lesser known..."
}
{
  "id": 27944615,
  "created_at": "2021-07-24T21:26:33.000Z",
  "type": "comment",
  "author": "galaxyLogic",
  "text": "<p>I read this from Wikipedia..."
}
{
  "id": 27944746,
  "created_at": "2021-07-24T21:49:07.000Z",
  "type": "comment",
  "author": "hughrr",
  "text": "<p>Yes although I ..."
}
dzu@krikkit:/tmp/jq$

Generate Keypair

Linux: GNOME

Seahorse

Linux: Command Line

dzu@krikkit:~$ gpg -a --export-secret-keys dzu@member.fsf.org > mykey_secret.asc
dzu@krikkit:~$ gpg -a --export dzu@member.fsf.org > mykey_public.asc

dzu@krikkit:~$ gpg --gen-revoke --output mykey_revoke.asc dzu@member.fsf.org

Android: K9

Android: OpenKeychain

Enabling "End-to-end encryption in K9 mail will automatically install the "OpenKeychain: Easy PGP" app for key management. I installed it from the F-Droid repository.

Publish Public Key

Got to https://keys.openpgp.org

Verify published key by e-mail

Install additional required software

Use/Import secret key

Android

First step is to import your secret key generated on the desktop computer. I used my own Nextcloud instance to easily share the key in a safe way. Uploading it from the desktop is easy and downloading it through Firefox on the phone is also straightforward. With the file in the "Downloads" directory, you can import the key.

To enable any encrypted mails, you will also need the public key of the recipient. OpenKeychain allows you to easily query keys from keyservers. Just select the "+" sign and "Keysearch". https://keys.openpgp.org will automatically be included in the search.

Import public keys from the web

Mobile

Kommentare

Comments powered by Disqus