Skip to content

Instantly share code, notes, and snippets.

@radiovisual

radiovisual/Sending Encrypted Emails.md

Last active August 14, 2017 12:06
Show Gist options
  • Save radiovisual/cc26563e3bac7ef0637bd997240275c9 to your computer and use it in GitHub Desktop.
Save radiovisual/cc26563e3bac7ef0637bd997240275c9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Sending Encrypted Emails.md

To Send Encrypted Emails

In order to send an encrypted message, you need a public encryption key paired with a private key. A good option for this is PGP. To get setup quickly and easily, you can use the GPG Suite to generate your PGP key, as well as giving you great OS-level encryption/decryption support on the GIU, and the terminal.

To generate a PGP Key

  1. Download and Install GPG Suite: (not the Beta) https://gpgtools.org/
  2. Open GPG Keychain
  3. Click "New" to create a new PGP key
  4. Use your doodle email address and full name
  5. Click the "upload public key" checkbox
  6. Type a passphrase that you will remember, this is a phrase, not a password, but just make sure that you ALWAYS remember this pass phrase, because you will use it a lot. If you lose the pass phrase, there is no way to recover it, you will just have to create a new pgp key and notify people.
  7. Click "generate key" and follow the suggestions.
  8. Now you have a pgp key. Take some time to celebrate. 🎉 🍻

To Share Your Key with Others

⚠️ Remember you are only sharing your PUBLIC keys with others. Never share your private/secret key.

  1. They can either look you up on the pgp server, or
  2. You can import/export keys within GPG Keychain, or
  3. You can copy-paste your public pgp key anywhere

💡 It is a good idea to verify the Key ID of the user you are importing into your keychain, that way you know that your contacts in your keychain are trusted. You can verify the sender's Key ID by asking them directly, this is the easiest way to verify. You can find the Key ID of all your keys by launching the GPG Keychain appliccation.

To Send an Encypted Email

From Thunderbird

  1. Install the Enigmail extension and import your public key
  2. TODO: more detailed instructions on how to configure Enigmail

From Apple mail

  1. Install the GPGMail Plugin for Apple mail
  2. TODO: more detailed instructions on how to configure GPGMail

To manually encypt a text (for emailing or otherwise)

From the GUI

  1. Save the text you want to encrypt to a text file
  2. Right-click on the file in Finder
  3. Choose Services > OpenPGP: Encrypt File
  4. Choose the Public key of the RECIPIENT of the file
  5. Choose YOUR private key to use for signing, then click OK
  6. Send the encrypted file anywhere you want, or paste the encypted text into an email

From the command line

TODO...

To send a one-time encrypted message

ENCRYPT

# Generate a one-time secret key
$ openssl rand 32 -out secret.key

# Encrypt the file you’re sending, using the generated symmetric key
$ openssl aes-256-cbc -in secretfile.txt -out secretfile.txt.enc -pass file:secret.key

# Encrypt the symmetric key, using the recipient’s public SSH key:
$ openssl rsautl -encrypt -oaep -pubin -inkey <(ssh-keygen -e -f recipients-key.pub -m PKCS8) -in secret.key -out secret.key.enc

# Delete the one-time secret key
$ rm secret.key

Now you can send the encrypted secret file secretfile.txt.enc and the encrypted symmetric key secret.key.enc to the recipient. It is even safe to upload the files to a public file sharing service and tell the recipient to download them from there.

DECRYPT

If someone sent you an encrypted message using the method above, then decrypt the message using your own PUBLIC SSH key:

$ openssl rsautl -decrypt -oaep -inkey ~/.ssh/id_rsa -in secret.key.enc -out secret.key
$ openssl aes-256-cbc -d -in secretfile.txt.enc -out secretfile.txt -pass file:secret.key
$ cat secretfile.txt

Once you read the message, you can delete the *.enc files and then feel all cool like you're James Bond. 😎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment