Sharing information has always been something I felt was important. Knowing the source of data one receives is also important. Setting up Thunderbird to provide the ability to sign data in a non-repudiated way is easier than it sounds like it should be. Doing so lets those who receive what you post/send/publish know it came from you and not another posing as you.
As I am out trying to learn new topics, find solutions to problems, or do anything else new I often find that the documentation, while good for those who understand a little bit about the product or technology, assumes a certain level of understanding. Forums, logs, and other forms of communication fill a niche to help answer custom questions where documentation may fall short. Part of the reason I enjoy sharing information is to help others overcome these first little hurdles, to clarify on misunderstandings, or FUD, and ease the process of introduction.
While this is all well and good for me it implies that when I send information to somebody they have a way to know it came from me and not from somebody else. It is possible that at some point during my life an attacker could implement a social attack against myself, my family, or my customers. Messages on forums could be posted with my e-mail address (there’s no validation anyway). E-mails can be spoofed from insecure servers.
Thunderbird is an e-mail (SMTP) and news (NNTP) client that is made by Mozilla (like Firefox, Rhino and many other applications). It runs on multiple platforms, is an open source product, and supports the basic mail/news standards. Like Firefox it has a plug-in/add-on setup that means anybody who has the inclination and skill can extend the core functionality. This essentially means Thunderbird can do anything you want it to do. One add-on is known as Enigmail and is the focus of this article.
Enigmail provides a way to work with private-key cryptography with OpenPGP. To read more on OpenPGP see the data online such as on Wikipedia at http://en.wikipedia.org/wiki/OpenPGP#OpenPGP.
Understanding cryptography’s foundations and uses will help understand exactly why things like Enigmail with Thunderbird are useful but the details are beyond most non-mathematician types.
There are two uses for public/private keys in cryptography that are most-common…. first encryption which is what you’re probably used to hearing about with web browsers, secure e-mail, etc. This is the ‘S’ in HTTPS, LDAPS, and various other secure implementations of communication protocols. It’s also the first ‘S’ in SSL and TLS. This encryption is managed by having those who want to send encrypted data use the public key of the receiver. This key is generally known but only good for encryption… nothing can decrypt something encrypted by a public key except the corresponding private key which only ever held by the intended recipient (at least, unless there is a serious problem).
The second use for public/private key cryptography is signing. This is not the actual encryption of message data like with the first example, but is instead the “signing” of a one-way unique hash of the message data by the sender. This signature is created using the private key (only held, again, by the one person who should ever hold it, who is the sender of data in this case) and the signature is then sent out with the message to be verified by the recipients. The recipients hold the public key for the sender and can therefore verify the private key’s signature. Anybody can verify this, but only one person can create the verifiable message which means the message, when properly signed, could only come from one person.
So with this summary what does Enigmail do? It provides the mechanism to generate the public/private keypair and use the keys for either encryption or signing. With a few clicks and preferences set it lets you automatically sign messages before they are posted. Adding the plug-in takes just a minute or so.
The first step is to download Thunderbird. Download the current client from http://www.mozilla.org/ (Google points me to http://www.mozillamessaging.com/en-US/thunderbird/ specifically). Download a build appropriate for your platform. If your distribution of Linux already has an RPM or other package of Thunderbird available installing via a repository or distribution-specific source may be preferable.
Follow your operating system’s documentation and Thunderbird’s documentation to get the application installed. Once installed load up Thunderbird. I would also recommend configuring Thunderbird for your forum of choice at this point as it will let your key generation steps be a little simpler (because you can link your key to your forum account directly during creation of the keys).
- In Thunderbird under the Tools menu is the Add-Ons option.
- Select this, and then ‘Get Extensions’ link. This will navigate you to the add-ons page for Thunderbird online via your web browser.
- On this page search for ‘Enigmail’ and download the add-on as shown.
- If you have the current version of Thunderbird the Enigmail add-on will likely work for that version already. If you have an older version of Thunderbird (or a really new major release) you may need to find another version of Enigmail.
- Save the download (do not try to install into Firefox, if you are using Firefox, or load with another application) to your system’s Desktop (or other favorite location) and return to Thunderbird.
- Near the ‘Get Extensions’ link is the Install button which will request that you browse to your newly-downloaded extension.
- Install the extension and restart Thunderbird when prompted.
When Thunderbird loads again there should be a new menu named OpenPGP. The Key Management option in this menu will let us easily create a new keypair for use.
- In the window resulting from Key Management select Generate and then New Key Pair. The following window lets you choose how to setup your keypair.
- Select the account used for your forum or e-mail work and fill in the Passphrase fields and enter a comment describing your intended use of the keypair. The comment really doesn’t matter for things to work. The passphrase is there to protect your private key so it really should be protected by something a bit more complex than most passwords; the individual with access to this can read all your received encrypted messages and can send messages to others signed as if you had sent them.
- Set the Key Expiry to the time when you want your keys to be expired. The default is probably something like five years but can be longer or shorter. Keys are automatically expired for a number of reasons…. eventually the technologies behind them may be compromised and having expired keys will prevent data from being created using your keys. Lost/stolen keys can also be rendered useless if the keys are expired before they are lost (from a hard drive) or stolen.
Under the ‘Advanced’ tab is the ability to set specifics of the keys. I set mine to 4096 bytes because it’s easy enough to do and the highest possible for this tool. I also change the type of key from DSA to RSA. According to some reading I’ve done it’s not technically proper to generate DSA keys that are larger than 1024 bits in length so I use RSA and 4096-bit keys and they are fine and dandy. The more bits involved in your key the longer it will take for somebody to brute-force the key. In theory a 2048-bit key will take longer than anybody will be alive to break, though technologies always increase. 4096 will take that previous time period…. squared.
Once these settings are all set (the defaults will work) and your passphrase is set (remember, a strong passphrase) generate the key. On the screen it will tell you that it wants you to move the mouse, browse the web, or cause other hard-disk activity for a while, and if you do this it will help you generate the keys more-quickly. The application is using your system’s ability to generate truly-random data to create a truly random keypair, but in order to do this your system must get a truly random “seed” which can only be provided by you and your interactions (mouse movement, hard drive activity, browsing the web).
Go away and check your e-mail accounts (all of them) and maybe listen to a few songs from your hard drive and then come back. If you are prompted to create revocation data I would probably go ahead and do it. Basically this means that if you do lose your private key in the future you can revoke it publicly so anything that does use it can be stopped from using it effectively before the key’s expiration date. This does not mean you should not have a valid expiration date for the keypair… they serve different purposes.
With all of this done and your certificates saved somewhere (SECURELY) to your hard drive you should have your certificates linked to your account in Thunderbird. Save your keys somewhere safe. Losing them means going through this process again and confusing those who already have your public key by sending them a new one each time you lose one (not generally a best practice).
Compose a new e-mail or list (NNTP) post. If you go to the OpenPGP menu the Sign Message checkbox should be checked by default. There is also an Encrypt Message option that is not appropriate generally for NNTP but would be for regular e-mail if you had the public key of the recipient of your e-mail.
Any mail sent will now be a bit different-looking to those who do not have your public key in an e-mail client that understands keys but for those who do understand and are security-conscious you now have a definite way of letting them know you composed the e-mails sent as long as you don’t lose your private key. You can also give out your public key to your friends/family so they can send you encrypted e-mails that only you can view and Thunderbird will do this decryption on the fly for you.
The last thing to optionally do is to go to OpenPGP: Key Management: [select your key]: Keyserver and click on Upload Public Keys. This will let you choose where to publish your public keys so that anybody who knows your e-mail address (keys are often tied to e-mail addresses) can request your public key so they may either verify your signature as you send messages or send you encrypted messages without your sending keys to everybody you know. Again having your public key in the wild is fine… it’s “Public” after all…. just be sure you keep your private key completely safe.
Hopefully this helps provide a quick start to using signing (and possibly encryption) daily. Using these steps adding this functionality shouldn’t take more than a few minutes and be seamless in day-to-day operations aside form an occasional prompt to enter your passphrase when needing access to your own private key.