Author Topic: Secure Encrypted E-mail (Read 3613 times)

t00nces2 · « **on:** April 22, 2013, 07:59:51 AM »

I went to school and got a degree in computer networking and security. Economy is still sh!t and I didn't want to work for $13/hr (couldn't afford it either). I learned about e-mail encryption, but without people to trade e-mail with, the skill gets a bit rusty. I believe I can still remember ( or re-remember) how to do the configuration to confidentially exchange information through e-mail. I have asked on other message boards and have had a couple replies, but the people have seemed to give up.

Is anyone interested in working with me to learn to configure e-mail to be exchanged encrypted and secure? The email account I will be configuring is t00nces2@yahoo.com. You can send a message there or post here and I will try to visit the board a bit more often.

Thank you,
Todd

Niccolum · « **Reply #1 on:** April 22, 2013, 06:33:22 PM »

Before you get too far down this road, let me caution you that it's impossible to reliably secure e-mail being sent through a webmail system such as Yahoo, Gmail, Outlook.com, etc. unless you are encrypting the message using some other tool on your local system and then only copy and pasting in the resulting ciphertext. Any other method results in your encryption "private key" being stored on a system outside of your control and thus renders the encryption suspect to useless.

You want to look into a standard e-mail client (I personally recommend Mozilla Thunderbird) and use either PGP or SMIME to encrypt the mail. You also need to use a provider that gives you access to your mail via POP3 or IMAP (Gmail and Outlook.com do, Yahoo does not). The downside to the former is that it can be esoteric to use with the chain-of-trust concept and requires multiple programs to interoperate (e.g. Thunderbird + GnuPG + Enigmail). The downside to the latter is that to use "trusted" certificates, you have to purchase the certificate for a non-trivial amount of money.

t00nces2 · « **Reply #2 on:** April 23, 2013, 11:24:38 AM »

Yes, I know. You can use Thunderbird (that is what I am working to configure). I worked with PGP and GnuPG. With both these protocols, I would post a key and you would use that key to encrypt an e-mail to me. The e-mail would be sent encrypted and only my private key (that I have to keep secure because it is the key that is used to create the public key you have to use to send me a secure mail packet) could decrypt the encoded e-mail. It would not matter if it was sent through yahoo or google or aol or any other mail host, the e-mail is encrypted before it is even addressed and sent.

ScottyK · « **Reply #3 on:** April 23, 2013, 05:56:18 PM »

Encrypted email interests me. I have several friends and family members that are not computer savvy, so what works for me (the above mentioned configuration) will be over their head.

I've got an encrypted key, but don't use it because none of my friends have one also.

I have my own domains, and use Thunderbird.

If interested send me a message, I'll send you an encrypted email, and lets see if we can get this working.

My end result would be to produce an "Encrypted Email for Dummies" configuration sheet or something.

TexasGirl · « **Reply #4 on:** April 23, 2013, 07:39:34 PM »

There may not be a faster way to get placed on a watch list than sending and receiving a bunch of PGP emails to a select few individuals. Sure, it's rock solid secure, but it's high profile, as most everything is sniffed these days as it travels the web.

A less "attention getting" method is to use a set of key words that are imbedded in a normal looking conversation. I have also seen a picture that has imbedded words which are revealed when looking through a color filter.

But I also participate on the Tin Foil Hat board, so take it all FWIW.

~TG

t00nces2 · « **Reply #5 on:** April 23, 2013, 09:13:47 PM »

Quote from: ScottyK on April 23, 2013, 05:56:18 PM

Encrypted email interests me. I have several friends and family members that are not computer savvy, so what works for me (the above mentioned configuration) will be over their head.

I've got an encrypted key, but don't use it because none of my friends have one also.

I have my own domains, and use Thunderbird.

If interested send me a message, I'll send you an encrypted email, and lets see if we can get this working.

My end result would be to produce an "Encrypted Email for Dummies" configuration sheet or something.

I have to work on it a bit more. I have keys, but I will have to check them and make sure I do the import correctly. I am a little rusty as it has been a while.

Quote from: TexasGirl on April 23, 2013, 07:39:34 PM

There may not be a faster way to get placed on a watch list than sending and receiving a bunch of PGP emails to a select few individuals. Sure, it's rock solid secure, but it's high profile, as most everything is sniffed these days as it travels the web.

A less "attention getting" method is to use a set of key words that are imbedded in a normal looking conversation. I have also seen a picture that has imbedded words which are revealed when looking through a color filter.

But I also participate on the Tin Foil Hat board, so take it all FWIW.

~TG

That is going to be the thing that does it? Not being a member of a survivalist forum? Or the Kitco forum? Or buying ammo from Wally's? Or background checks for purchased firearms? Or buying a six month supply of freeze dried food? Or coin shop purchases? Or shooting at the local ranges? I don't think I've taken the cat to the vet for a checkup in the past couple years.

I kinda think of it like being confronted by St. Peter at the pearly gates... "Well Todd, let's see..." as I am confronted with a full filler roll of commercial hand paper towel, written with a single spaced, #10 font, list of my life's transgressions.

If it is the encrypted e-mails that sends them over the ledge, so be it.

ScottyK · « **Reply #6 on:** April 24, 2013, 05:13:10 AM »

Quote from: t00nces2 on April 23, 2013, 09:13:47 PM

If it is the encrypted e-mails that sends them over the ledge, so be it.

Agreed. There comes a point where I just have to live my life, and not worry about possible action by myself that might land me on a list somewhere.

I've worked in the munitions career field for almost 20 years. voted republican in every election. faithful church member. Live in a Red state. I'm sure I'm already on a list!

jhalstead · « **Reply #7 on:** April 24, 2013, 04:16:51 PM »

I apologize I didn't read the posts in this topic before posting this but...

A tech podcast I watch talked about basic email encryption today. Check it out at http://revision3.com/hak5/how-to-encrypt-email-in-gmail. PGP encryption with Chrome/Firefox extension.

The Survival Podcast Forum

News:

Author Topic: Secure Encrypted E-mail (Read 3613 times)

t00nces2

Secure Encrypted E-mail

Niccolum

Re: Secure Encrypted E-mail

t00nces2

Re: Secure Encrypted E-mail

ScottyK

Re: Secure Encrypted E-mail

TexasGirl

Re: Secure Encrypted E-mail

t00nces2

Re: Secure Encrypted E-mail

ScottyK

Re: Secure Encrypted E-mail

jhalstead

Re: Secure Encrypted E-mail