Some years ago, an antinuclear activist named Phil Zimmermann created a data encryption program for computers. He designed a key-generation and encryption-and-decryption system called “PGP,” or Pretty Good Privacy, for the bulletin board systems that were the precursors to forums, email and the Web.
Civil libertarians and e-commerce lapped it up back in the nineties, and this algorithmic scrambling of information has played an important part in the growth of the Internet. Encryption in general has proven to be a vital element in e-commerce, in fact, and that is one of the principal reasons governments have backed off on attempts to control this confidential method of communication.
The result is that you and I can, if we choose, encrypt our email. Open source versions of Zimmermann’s original PGP, called OpenPGP, have been adapted by some email service vendors.
How It Works
PGP encrypts a message using a symmetric encryption algorithm — symmetric key algorithms are a shared secret between parties. Symmetric keys are not all that secure because both parties know the key.
However, the symmetric key — called a session key — is used only once, and it is in turn encrypted with public key cryptology to protect it during transmission.
Public key, also called asymmetric key, cryptology uses digital signatures, a private and a public key, and it’s based on mathematical formulas that although easy to create, are supposedly impossible to guess from one another. In other words, you can’t guess a private key from a public key, and vice versa.
There’s also various authentication and integrity checking that takes place relating to the digital signature; certificates created by trust signatures; and so on.
Conveniently, you don’t need to know how to do all this, just doff your hat to Phil — who, as you can imagine, went to quite a lot of trouble coming up with all of this — and try one of the commercial solutions out there today.
Hushmail is a desktop solution provider of OpenPGP. The base service uses a Web browser interface with no intrusive advertising.
Hushmail accounts range from a free personal account that is limited to 25MB and requires a sign-in at least every three weeks to a 10GB premium IMAP-friendly personal account for US$49.98. IMAP is a way to sync mail across clients without investing in an expensive Microsoft Exchange Server email solution. Other business accounts are available as well.
iOS and Android OpenPGP solutions include iPGMail for iOS and APG and Gnu Privacy Guard for Android.
Step 1: Browse to the signup page and choose your hushmail.com email and passphrase. As you might expect from a ruggedized email service, any old password won’t do — and Hushmail suggests a five-word phrase.
Tip: Don’t forget the passphrase, because unlike many regular passwords, you can’t recover it; if you do forget it, you’ll have to create a new account.
Step 2: Sign in and open the Compose mail Web browser screen. Compose your email as you normally do and select the Encrypt check box.
Tip: Recipients don’t need to be Hushmail users.
Step 3: Type a secret question that only the recipient can answer. For example, “Where do we go for dinner?” and the answer.
Tip: Answers are not case-sensitive, but you should keep them simple. Alternatively, agree on an answer in advance. Agreeing an answer in advance is not as secure as an impromptu question, because you’re less likely to change it frequently.
Step 4: Press the Send button and the encrypted email will be sent. The recipient receives a normal email with an embedded link that redirects to a Hushmail Web page. Answering the question correctly on the Web page results in the display of the full email.
Tip: If the correspondent is a Hushmail user, they can reply privately using encryption too.
Want to Ask a Tech Question?
Is there a piece of tech you’d like to know how to operate properly? Is there a gadget that’s got you confounded? Please send your tech questions to me, and I’ll try to answer as many as possible in this column.
And use the Talkback feature below to add your comments!