Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to encrypt e-mail in the Linux system". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

If you've been thinking about how to encrypt email, it must be a headache to pick and choose among many mail services and clients. Consider two encryption methods: SSL or TLS encryption protects the login and password sent to the mail server. Gunpg is a standard, powerful Linux encryption tool that encrypts and authenticates messages. if you can manage your own GPG encryption Do not consider third-party tools, then it is enough, we will discuss the rest later.

Even if you encrypt the message, you will still be exposed to traffic analysis, because the message header must be in clear text. So you need another model, such as Tor network, to hide your footprint on the Internet. We will look at various email services and clients, as well as the pros and cons.

Forget the Web email.

If you have ever used the mail services of GMail, Yahoo,Hotmail or other Web mail providers, forget about them. any information you enter in a Web browser will be exposed to JavaScript attacks Gmail, Yahoo and Hotmail both offer SSL/TLS encryption to prevent eavesdropping. But they do not provide any protection to hinder their own data mining, so they do not provide end-to-end encryption. Yahoo and Google both say they will introduce end-to-end encryption next year. I doubt that. Because once their core business data mining is interfered, they can do nothing.

There are also a variety of third-party email encryption services that claim to provide secure encryption for all types of e-mail, such as Virtru and SafeMess. I still doubt this, because whoever holds the encryption key can access your message, so you still have to rely on trust rather than technology.

Peer-to-peer messaging can avoid many shortcomings in the use of centralized services. RetroShare and Bitmessage are two popular examples. I don't know if they are true, but there must be merit in saying so.

What about Anddroid and iOS? Assuming that most Android and iOS apps don't have access to your messages, that's the safest. Don't copy what I said-- read the terms of service and check the required permissions when the app is about to be installed on your device. even if their terms are acceptable at the initial installation, remember that unilateral clause changes are industry standards, so it is safest to prepare for the worst.

Zero knowledge (Zero Knowledge)

Proton Mail is a new mail service that claims that message encryption can be achieved with zero knowledge. Authentication and message encryption are divided into two separate steps. Proton complies with the Swiss privacy policy and they do not log users' activities. Zero-knowledge encryption provides real security. This means that only you have your encryption key, and if you lose them, your message cannot be recovered.

There are also many encrypted email services that claim to protect your privacy. Read the details carefully and check the areas marked in red, such as restricted user data collection, sharing with friends, cooperation with law enforcement, etc. These terms imply that they will collect and share user data, have access to your encryption key, and read your messages.

Linux mail client

An independent open source mail client, such as Mutt, Claws, Evolution, Sylpheed and Alpine, can build your own GnuPG key and give you most of the protection. (the easiest way to build more secure email and Web browsing is to run TAILS live's Linux distribution. For more information, protect yourself online through Tor, TAILS and Debian. )

Whether you are using TAILS or a standard Linux distribution, the way to manage GnuPG is the same, so let's learn how to encrypt messages using GnuPG.

Use GnuPG

First of all, familiarize yourself with the relevant terms. OpenPGP is an open email encryption and authentication protocol based on Philip Zimmerman's Pretty Good Privacy (PGP). GNU Privacy Guard (GnuPG or GPG) is the GPL implementation of OpenPGP. GnuPG uses a symmetric public key encryption algorithm, which means it generates a pair of keys: a public key that anyone can use to encrypt the message sent to you and a private key that only you own to decrypt the message. GnuPG performs two separate functions: digitally sign the message to prove that the message came from you and encrypt the message. Anyone can read your digitally signed message, but only those who exchange keys with you can read encrypted messages. Remember never to share your key with others! Only the public key can be shared.

Seahorse is the graphical front end of GNOME corresponding to GnuPG, and KGpg is the graphical GnuPG tool of KDE.

Kgpg provides a good GUI interface for creating administrative encryption keys.

Now let's perform the basic steps for generating and managing GunPG keys. This command generates a new key:

$gpg-gen-key

There are many steps in this process; for most people, just answer all the questions and follow the default settings. When you generate your key, write it down and save it in a safe place, because if you lose it, you can't decrypt any messages. Any advice about not writing down passwords is wrong. Most of us have to remember a lot of logins and passwords, including those we almost never use, so it's unrealistic to remember them all. Do you know what happens when people don't write down their passwords? They choose to generate simple passwords and reuse them over and over again. Anything you store in your computer can potentially be attacked and stolen; a small book stored in a locked cabinet cannot be obtained by infiltration, except for physical invasion, and of course the intruder needs to know how to find it.

I must tell you to figure out how to use the new key to configure the mail client, because each one is different. You can list your keys as follows:

$gpg-- list-keys/home/carla/.gnupg/pubring.gpg--pub 2048R/587DD0F5 2014-08-13uid Carla Schroder (my gpg key) sub 2048R/AE05E1E4 2014-08-13

This allows you to quickly learn necessary information such as the location and name of the key (that is, UID). If you want to upload the public key to the key server, you can refer to the example:

$gpg-- send-keys' Carla Schroder'-- keyserver http://example.com

When you generate a new key to upload to the public key server, you should also generate a revocation certificate. Don't put it off until later-generate a new key when you generate it. You can give it any name, such as a descriptive name like mycodeproject.asc instead of revoke.asc:

$gpg-- output revoke.asc-- gen-revoke 'Carla Schroder'

If your key becomes unreliable, you can revoke it by importing the revocation certificate into keyring:

$gpg-- import ~ / .gnupg/revoke.asc

Then generate and upload a new key to replace it. When they are updated to the key database, all users who use the old keys are notified.

You must protect the revocation certificate like a private key. Copy it to CD or USB memory, lock it, and delete it from your computer. This is a plaintext key, so you can even print it out.

If you need a copy-and-paste key, such as in a public keyring that allows you to paste the key into a web table, or if you want to publish the public key to a personal site, you must generate an ASCII-armored version of the public key:

$gpg-- output carla-pubkey.asc-- export-a'Carla Schroder'

This generates a visible plaintext public key, such as the following small example:

The code is as follows:

-BEGIN PGP PUBLIC KEY BLOCK-

Version: GnuPG v1

MQENBFPrn4gBCADeEXKdrDOV3AFXL7QQQ+i61rMOZKwFTxlJlNbAVczpawkWRC3l

IrWeeJiy2VyoMQ2ZXpBLDwGEjVQ5H7/UyjUsP8h3ufIJt01NO1pQJMwaOMcS5yTS

[...]

IroomLNrbP23HEvgAdNSBWqa8MaZGUWBietQP7JsKjmEsprinukalm8jY8mdWDyS4nMhZY =

= QL65

-END PGP PUBLIC KEY BLOCK-

That's all for the content of "how to encrypt email in Linux system". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.