(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{MOST}}
=MOST Encryption method=
=MOST Encryption method=
This page describes how, when and why encrypted communication is used within the MOST group.  Feel free to adopt these procedures for other projects.  When editing this page, please only claim a different workflow if this has been adopted by the MOST group, or clearly mark it as a proposal.
This page describes how, when and why encrypted communication is used within the MOST group.  Feel free to adopt these procedures for other projects.  When editing this page, please only claim a different workflow if this has been adopted by the MOST group, or clearly mark it as a proposal.


==Why do we want to use encryption?==
==Why do we want to use encryption?==
We're developing appropiate technology, which means that our results will be as accessible as possible.  We publish our hard- and software as open source, free for anybody to use.  Still, we want to be able to use private means of communication in some cases.  This deserves an explanation.
We're developing [[open source appropriate technology]], which means that our results will be as accessible as possible.  We publish our hard- and software as [[open source]], free for anybody to use.  Still, we want to be able to use private means of communication in some cases.  This deserves an explanation.


One reason is that in science, publication in journals is important.  If we would make our results available for download in advance, we run the risk that other people will claim them and get a paper from our work.  We do not want this, so our results must be kept secret until publication.
One reason is that in science, publication in peer-reviewed journals is important.  If we would make all of our results available for download in advance, we run the risk that other people will claim them and preclude us from publishing a paper from our work.  We do not want this, so some of our results must be kept secret until publication. (In the future this may not be as necessary as the world of peer review evolves and hopefully speeds up.)


Another reason is that we may want to discuss matters which really are private.  It may be about family or health issues, for example.  Sending e-mails with such information without encryption is like sending them on a postcard, and displaying it in the postoffice before it gets delivered.  With encryption, the only thing that is displayed is the sender and receiver; it is like putting the message in a sealed envelope.
Another reason is that we may want to discuss matters which really are private.  It may be about family or health issues, for example.  Sending e-mails with such information without encryption is like sending them on a postcard, and displaying it in the post office before it gets delivered.  With encryption, the only thing that is displayed is the sender and receiver; it is like putting the message in a sealed envelope.


==When do we use encryption?==
==When do we use encryption?==
Line 15: Line 16:


==How does encryption work?  A very short introduction==
==How does encryption work?  A very short introduction==
The technique we use is called public-key-encryption.  The technique can be used for encrypting and signing (explained in a moment).  With this system, every user needs to generate a so-called key-pair, consisting of a public key and a private key.  The public key is published to all other people.  The private key is kept strictly private.  The encryption then uses mathematical algorithms on those keys and messages.
The technique we use is called '''public-key-encryption'''.  The technique can be used for encrypting and signing (explained in a moment).  With this system, every user needs to generate a so-called key-pair, consisting of a public key and a private key.  The public key is published openly to all other people.  The private key is kept strictly private.  The encryption then uses mathematical algorithms on those keys and messages.


===Encryption===
===Encryption===
Line 21: Line 22:


===Signatures===
===Signatures===
Signing a message is done using a message any your '''private''' key.  The result is an extra block of data, which can be shown in combination with the message and the corresponding '''public''' key, to be created with that private key.  So this signature is cryptographic proof that can be checked by anyone, that the message was signed by the person with access to the private key.  This is what we want a signature to mean.
Signing a message is done using a message and your '''private''' key.  The result is an extra block of data, which can be shown in combination with the message and the corresponding '''public''' key, to be created with that private key.  So this signature is cryptographic proof that can be checked by anyone, that the message was signed by the person with access to the private key.  This is what we want a signature to mean.


So summarizing: a private key can be used to '''decrypt''' and '''sign''' messages, a public key can be used to '''encrypt''' a message and '''verify''' a signature.
<u>So summarizing:</u> a private key can be used to '''decrypt''' and '''sign''' messages, a public key can be used to '''encrypt''' a message and '''verify''' a signature.


==How do we use encryption?  A step by step guide to set it up==
==How do we use encryption?  A step by step guide to set it up==
There are many ways to set up encryption.  It's fine if you choose to use a different method.  This is a procedure which works as simple as possible on Michigan Tech's campus network.  If you have improvements which make things easier (without making them less secure), please let us know.  Below is a step by step guide for computers which you maintain (as opposed to the MTU admins).
There are many ways to set up encryption.  It's fine if you choose to use a different method.  This is a procedure which works as simple as possible on Michigan Tech's campus network.  If you have improvements which make things easier (without making them less secure), please let us know.  Below is a step by step guide for computers which you maintain (as opposed to the MTU admins).


===Setting it up on your MTU account===
===Setting it up running from a USB stick===
# Set up your e-mail account in Thunderbird. This is as easy as clicking the "use existing account" button, then entering your name, e-mail and (ISO) password, and tell Thunderbird to sort it out.
This method works on any machine that runs Windows and allows you to run programs.  It is currently the only method that works on MTU campus computers.
# Create your key-pair with Kleopatra. Choose the ''New certificate'' option from the file menu, then the option to create a PGP key pair. Fill out the fields (comment may be empty) and let it create the keyChoose a good passphrase; you should expect that some people will get access to your USB stick at some point; the passphrase is the only thing that protects your communication at that point.  Note that making it a real phrase of several words is very secure and doesn't stop you from remembering it; adding some special characters is not secure and hard to rememberDo not use a password you use for anything else, in particular '''DO NOT USE YOUR ISO-PASSWORD!'''
# Get a USB stick with at least 100 MB free space on it.
# Tell Kleopatra to upload your public key to a key server
# Install [http://downloads.sourceforge.net/project/portableapps/Mozilla%20Thunderbird%2C%20P.E./Mozilla%20Thunderbird%2C%20Portable%20Edition%2017.0.6/ThunderbirdPortable_17.0.6_English.paf.exe Mozilla Thunderbird Portable] on it.  Note that you have to change the installation path to point to your USB stick.
# In Thunderbird, change your account settings to not compose HTML messages (as that is known to cause problems)Then enable OpenPGP. Select the option to automatically sign encrypted messages.  If you want, you can also select auto-sign non-encrypted messages and auto-encrypt.
# Start Thunderbird Portable (from the USB stick).
# Test if it works.  Send a message to yourself and make sure you have the two icons in the bottom right corner of the compose window (the pencil and the key) are lit up.
# Click the button for using an existing account, enter your name, MTU e-mail and ISO password and let Thunderbird figure everything out for you.  After this step, you have set up thunderbird portable without encryption.  The following steps will add encryption support.
# When receiving the message, it should show a green bar on top, saying that it has found a good signature from yourself.
# Close Thunderbird.
# To send encrypted e-mail to someone whose public key is not on your USB-stick yet, proceed as usual.  It will give you a window asking you what to do; tell it to download the missing keysIf the key is not found, you cannot send encrypted e-mail to this address. In that case, choose to not send the e-mail, or send it unencrypted.
# Install [http://downloads.sourceforge.net/portableapps/GPG_for_Thunderbird_Portable_1.4.13.paf.exe?download GPG for Thunderbird Portable] on top of Thunderbird PortableMake sure you select the exact same folder that you selected for Thunderbird Portable for installing this to.
# In Thunderbird Portable, click on the three lines on the right of the search box to make the menu appearSelect ''Add-ons'' from this menu.
# Using the search box, search for the Enigmail add-on and install it.
# Thunderbird will request to be restartedDo this.
# Open Thunderbird's menu again and select OpenPGP->Key management.
# From the top bar, select Generate->New key pair.
# Enter a passphrase, set the key to never expire and generate the key.
# If the window doesn't disappear after key generation (watch the progress bar), select cancel to close it.
# Select "Display all keys by default" in the key management window.  Your new key should show up.
# Select your key, then from the menubar, select Keyserver->upload public keys.  Accept the default key server.
# If you want to install your key on your own computer as well, right-click on it and select ''Export Keys to File'', then select ''Export Secret Keys'' and save it to the USB stick'''Do not send this file via e-mail!'''
# Close the Key management window.
# Open your account settings by selecting the account in the left bar, then clicking on ''View settings for this account''.
# Select ''Composition & Addressing'' and uncheck ''Compose messages in HTML format''.
# Select ''OpenPGP Security'' and check ''Enable OpenPGP security (Enigmail) for this identity'', and all four checkboxes under ''Message Composition Default Options''.


===Setting it up on your own computer===
===Setting it up on your own computer===
# Install [http://www.mozilla.org/en-US/thunderbird/ Mozilla Thunderbird], the [http://enigmail.net/download/ Enigmail] plugin and gnupg ([http://gpg4win.org/ Windows]/[https://gpgtools.org/installer Mac]) on your machine.  On GNU/Linux, install with your package manager instead of using the previous links.  On Debian, note that Thunderbird is called Icedove.
# Install [http://www.mozilla.org/en-US/thunderbird/ Mozilla Thunderbird] and gnupg ([http://gpg4win.org/ Windows]/[https://gpgtools.org/installer Mac]) on your machine.  On GNU/Linux, install with your package manager instead of using the previous links.  On Debian, note that Thunderbird is called Icedove.
# Run seahorse or Kleopatra, and close it againThis way your gnupg folder will be created so you can find it for the next step.
# Follow all steps from the USB stick method, except for the ones installing softwareYou do need to get Enigmail.
# Insert the USB stick with your key.  Copy the ''gnupg'' folder on it to your local keystore. Where this is depends on your operating system:
# To import your key, select ''OpenPGP->Key Management'' from the Thunderbird menu, then select ''File->Import Keys from File''.
#* On GNU/Linux, it is located in your home directory and named .gnupg" (note the period at the start).  If a directory with that name already exists, you should remove it.  But take care; it may contain keys you don't want to loseIf you're not sure, rename it instead of removing.
 
#* On Windows, it is located under your user's ''Application Data'' folder and named ''gnupg''.
==Sending signed and encrypted e-mail==
#* On a Mac, it's probably the same as for GNU/Linux, but I have not checkedPlease edit this if you have.
If the icons in the bottom right of the compose window are on, your mail will be encrypted and signed.  If you don't have the key of the recipient, it will ask you what to doYou should always select ''Download missing keys'' and accept the default key server. It will pop up a window with too much information.  Ignore all of it and click Ok.  You then need to select the newly downloaded key and click Ok.  If there is no key on the server, you cannot send this person encrypted e-mailIn that case, you must choose to either send it unencrypted or not send it.
# Set up your e-mailaccount in ThunderbirdThis works the same as on MTU's computersAlso follow the other steps for setting up and testing Thunderbird from the above list.
 
When reading encrypted e-mail, Thunderbird will ask for your passphrase.  After you enter it, you can read the e-mailIt will show a colored bar at the top of the message saying that this is a decrypted message.  It will normally also say that it has an ''UNTRUSTED good signature''.  Don't worry about the untrusted part.  If you're interested, you can get rid of it by building up a ''web of trust''.


[[Category:MOST methods]]
[[Category:MOST methods]]

Revision as of 00:26, 11 July 2013

MOST Encryption method

This page describes how, when and why encrypted communication is used within the MOST group. Feel free to adopt these procedures for other projects. When editing this page, please only claim a different workflow if this has been adopted by the MOST group, or clearly mark it as a proposal.

Why do we want to use encryption?

We're developing open source appropriate technology, which means that our results will be as accessible as possible. We publish our hard- and software as open source, free for anybody to use. Still, we want to be able to use private means of communication in some cases. This deserves an explanation.

One reason is that in science, publication in peer-reviewed journals is important. If we would make all of our results available for download in advance, we run the risk that other people will claim them and preclude us from publishing a paper from our work. We do not want this, so some of our results must be kept secret until publication. (In the future this may not be as necessary as the world of peer review evolves and hopefully speeds up.)

Another reason is that we may want to discuss matters which really are private. It may be about family or health issues, for example. Sending e-mails with such information without encryption is like sending them on a postcard, and displaying it in the post office before it gets delivered. With encryption, the only thing that is displayed is the sender and receiver; it is like putting the message in a sealed envelope.

When do we use encryption?

One problem with communication is that many threads are being mixed into each other. While talking about one subject, it's natural to add a comment about another. Therefore, to prevent accidentally disclosing information that should be kept private, all e-mail communication must be encrypted.

Additionally, for sharing files which are too large to attach to an e-mail, or which we want to keep in a central place, we use a private revision control system which can only be reached through encrypted connections.

How does encryption work? A very short introduction

The technique we use is called public-key-encryption. The technique can be used for encrypting and signing (explained in a moment). With this system, every user needs to generate a so-called key-pair, consisting of a public key and a private key. The public key is published openly to all other people. The private key is kept strictly private. The encryption then uses mathematical algorithms on those keys and messages.

Encryption

Encrypting a message is done using the message and a public key. The result of the encryption is a block of data which is unreadable. The original message can be extracted from this data by using the private key which corresponds to the public key that was used. This means that anybody can create the encrypted message (because everybody has the public key), but only the person owning the private key can decrypt and read it. This is what encryption wants to achieve.

Signatures

Signing a message is done using a message and your private key. The result is an extra block of data, which can be shown in combination with the message and the corresponding public key, to be created with that private key. So this signature is cryptographic proof that can be checked by anyone, that the message was signed by the person with access to the private key. This is what we want a signature to mean.

So summarizing: a private key can be used to decrypt and sign messages, a public key can be used to encrypt a message and verify a signature.

How do we use encryption? A step by step guide to set it up

There are many ways to set up encryption. It's fine if you choose to use a different method. This is a procedure which works as simple as possible on Michigan Tech's campus network. If you have improvements which make things easier (without making them less secure), please let us know. Below is a step by step guide for computers which you maintain (as opposed to the MTU admins).

Setting it up running from a USB stick

This method works on any machine that runs Windows and allows you to run programs. It is currently the only method that works on MTU campus computers.

  1. Get a USB stick with at least 100 MB free space on it.
  2. Install Mozilla Thunderbird Portable on it. Note that you have to change the installation path to point to your USB stick.
  3. Start Thunderbird Portable (from the USB stick).
  4. Click the button for using an existing account, enter your name, MTU e-mail and ISO password and let Thunderbird figure everything out for you. After this step, you have set up thunderbird portable without encryption. The following steps will add encryption support.
  5. Close Thunderbird.
  6. Install GPG for Thunderbird Portable on top of Thunderbird Portable. Make sure you select the exact same folder that you selected for Thunderbird Portable for installing this to.
  7. In Thunderbird Portable, click on the three lines on the right of the search box to make the menu appear. Select Add-ons from this menu.
  8. Using the search box, search for the Enigmail add-on and install it.
  9. Thunderbird will request to be restarted. Do this.
  10. Open Thunderbird's menu again and select OpenPGP->Key management.
  11. From the top bar, select Generate->New key pair.
  12. Enter a passphrase, set the key to never expire and generate the key.
  13. If the window doesn't disappear after key generation (watch the progress bar), select cancel to close it.
  14. Select "Display all keys by default" in the key management window. Your new key should show up.
  15. Select your key, then from the menubar, select Keyserver->upload public keys. Accept the default key server.
  16. If you want to install your key on your own computer as well, right-click on it and select Export Keys to File, then select Export Secret Keys and save it to the USB stick. Do not send this file via e-mail!
  17. Close the Key management window.
  18. Open your account settings by selecting the account in the left bar, then clicking on View settings for this account.
  19. Select Composition & Addressing and uncheck Compose messages in HTML format.
  20. Select OpenPGP Security and check Enable OpenPGP security (Enigmail) for this identity, and all four checkboxes under Message Composition Default Options.

Setting it up on your own computer

  1. Install Mozilla Thunderbird and gnupg (Windows/Mac) on your machine. On GNU/Linux, install with your package manager instead of using the previous links. On Debian, note that Thunderbird is called Icedove.
  2. Follow all steps from the USB stick method, except for the ones installing software. You do need to get Enigmail.
  3. To import your key, select OpenPGP->Key Management from the Thunderbird menu, then select File->Import Keys from File.

Sending signed and encrypted e-mail

If the icons in the bottom right of the compose window are on, your mail will be encrypted and signed. If you don't have the key of the recipient, it will ask you what to do. You should always select Download missing keys and accept the default key server. It will pop up a window with too much information. Ignore all of it and click Ok. You then need to select the newly downloaded key and click Ok. If there is no key on the server, you cannot send this person encrypted e-mail. In that case, you must choose to either send it unencrypted or not send it.

When reading encrypted e-mail, Thunderbird will ask for your passphrase. After you enter it, you can read the e-mail. It will show a colored bar at the top of the message saying that this is a decrypted message. It will normally also say that it has an UNTRUSTED good signature. Don't worry about the untrusted part. If you're interested, you can get rid of it by building up a web of trust.

Cookies help us deliver our services. By using our services, you agree to our use of cookies.