Nanoman.ca

Nanoman's Company Support

These pages are intended to be referenced by customers of Nanoman's Company. Visitors are welcome to reference these pages, but our support for you may be limited.

Guides

OpenPGP

OpenPGP is a free (gratis) open standard that can be used to protect the integrity and/or secrecy of data (computer files, email messages, et cetera). Many computer programs and devices support the OpenPGP standard, and an example of one such program is the email client Mozilla Thunderbird.

This page is intended to introduce OpenPGP concepts to people who have never used it, and to describe how to use it in Mozilla Thunderbird. The instructions on this page were written for Thunderbird version 78.6.0, so these might need to be updated for later versions, but the fundamental concepts shouldn't change.

Thunderbird's developers have written an article that explains OpenPGP's concepts and how to use these in Thunderbird, but most of their article's content doesn't apply to our customers, so we created this page to better serve our customers. People who aren't customers of ours are welcome to reference this page, but our support for you may be limited.

Email Insecurity

Sending an email message is as risky as sending a postcard. Anybody can send a message that appears to come from your email address, and anybody can read and/or modify any message that you send if they can access anything that's used to relay it from you to your recipients.

Here are some examples of the many things that are usually used to relay email messages from a sender to a recipient:

  • the sender's computer (PC, smartphone, or whatever)
  • the sender's local network
  • the Internet routers between the sender's local network and the sender's email server
  • the sender's email server
  • the Internet routers between the sender's email server and the recipient's email server
  • the recipient's email server
  • the Internet routers between the recipient's email server and the recipient's local network
  • the recipient's local network
  • the recipient's computer (PC, smartphone, or whatever)
  • anything that's used to connect any of the above (wires, radio waves, beams of light, et cetera)

By design, email is inherently insecure, but cryptography can help protect the integrity and/or secrecy of email messages. Most modern email providers use TLS to protect messages as they travel from a sender's computer to their outgoing email server, and/or from an incoming email server to their recipient's computer, but for messages being relayed through or between email servers, security is often non-existent or questionable.

To protect the integrity and/or secrecy of email messages from the sender's computer to the recipient's computer, you need an end-to-end encryption system. There are many systems that you could use, but the one we trust the most is OpenPGP.

Terminology

OpenPGP has four primary functions for processing data (files, email messages, et cetera):

  • Sign: provides integrity by creating a "digital" (cryptographic) signature file to uniquely identify data and the signer.
  • Verify: tests integrity by determining if a signature file matches data that it allegedly signed, and by uniquely identifying the signer.
  • Encrypt: enables secrecy by using encryption to convert data into unusable ciphertext.
  • Decrypt: disables secrecy by converting unusable ciphertext into the original data.

To process data, OpenPGP uses cryptographic keys. These keys are like passwords, but they can be used in ways that passwords can't, and they're significantly longer and more complex than typical passwords. A password can be easily written onto a piece of paper for storage, whereas correctly writing down a cryptographic key would be extremely difficult, so these keys are usually stored as computer files.

OpenPGP uses public-key cryptography (also known as asymmetric cryptography). Public-key cryptography requires two types of keys:

  1. Private key (also known as a secret key or a personal key): used for signing data, and for decrypting data. Never show or send this key to anybody, and always keep it protected in a secure place.
  2. Public key: used for verifying data, and for encrypting data. Share this key with everybody who knows your name and email address.

Everybody who uses OpenPGP is expected to have their own unique private key and public key, which together are known as a key pair. If you/we/somebody used our Mozilla Thunderbird guide for configuring your email account on your computer, then you should already have your key pair, and this key pair should be stored in Thunderbird's OpenPGP Key Manager.

Every public key has a "fingerprint" that can be used to uniquely distinguish it from other public keys relatively easily. A typical public key contains the equivalent of many hundreds of random letters and numbers, so these keys are too complex for humans to compare reliably or efficiently, whereas a fingerprint contains only forty hexadecimal digits (the numbers 0 to 9 and the letters A to F), so most humans can compare these fingerprints with little difficulty. OpenPGP fingerprints are usually displayed as ten sets of four hexadecimal digits like this: 0123 4567 89AB CDEF FEDC BA98 7654 3210 0246 8ACE.

Key Exchange

Before someone can verify your messages or send you encrypted messages, you'll need to send them a copy of your public key:

  1. Open Mozilla Thunderbird.
  2. Write a message to someone, but don't send it yet.
  3. Either open the "Options" menu or click the little down arrow beside the "Write" window's "Security" button, and then put a check in the checkbox beside "Attach My Public Key".
  4. Send the message.

Before you can verify someone's messages or send them encrypted messages, you'll need to import a copy of their public key:

  1. Open Mozilla Thunderbird.
  2. Open a message containing someone's public key.
  3. In the message's pane/window, below the message's date and time, click the "OpenPGP" button.
  4. Click the "Import" button.
  5. Put a check in the radio checkbox beside "Accepted (unverified)".
  6. Click "OK" to accept the public key.
  7. Click "OK" to close the "Success! Keys imported" window.

Another way to exchange public keys is to use Thunderbird's OpenPGP Key Manager, which you can find under Thunderbird's "Tools" menu. To export a copy of a public key into a file so that you can share it however you wish (email, USB drive, SFTP, et cetera), you'd select the key from the list in Thunderbird's OpenPGP Key Manager, go to "File" menu -> "Export Public Key(s) To File", and then save the file to wherever you want it. To import a copy of a public key from a file using Thunderbird's OpenPGP Key Manager, you'd go to "File" menu -> "Import Public Key(s) From File", and then select the file that you want to import.

OpenPGP public key files usually have the filename extension ".asc", ".gpg", or ".pgp". When you're using Thunderbird's OpenPGP Key Manager to try to import a public key from a file, if you don't see a public key file in the "Import OpenPGP Key File" window because it has a different filename extension, then you can change the "Select which types of files are shown" option from "GnuPG Files" to "All Files", and then you should see the file that you were trying to import.

Without exchanging public keys, you can sign messages, and you can encrypt messages to yourself, but there's not much else that you can do. Without a copy of your public key, other people won't be able to verify your messages, and they won't be able to send you encrypted messages. Without a copy of someone's public key, you won't be able to verify their messages, and you won't be able to send them encrypted messages.

Key Authentication

People who have exchanged public keys can sign, verify, encrypt, and decrypt email messages to/from each other, but these keys might not belong to the alleged owners. Email messages can be forged and/or altered undesirably, so if these keys were exchanged using an insecure and/or questionable method like email, then the keys and/or messages that each person received might have come from somebody else.

To test the authenticity of a public key, the public key's owner should provide its "fingerprint" to their correspondents using a mutually trusted method. Meeting in person is usually considered ideal, but there are other popular methods, such as posting the public keys' fingerprints to one or more mutually trusted HTTPS websites. Everybody has their own opinions about which communication methods they'd consider trustworthy, so how a public key's fingerprint should be provided is ultimately the decision of the key's owner and their correspondents.

Assuming you/we/somebody used our Mozilla Thunderbird guide to configure your email account on your computer, you can find your public key's fingerprint in Thunderbird's OpenPGP Key Manager:

  1. Open Mozilla Thunderbird.
  2. Go to "Tools" menu -> "OpenPGP Key Manager".
  3. Double-click on the key that has your name and email address.
  4. Notice the "Fingerprint" line that shows your forty-digit hexadecimal fingerprint.

After somebody provides you with their public key's fingerprint using a mutually trusted alternative method, you'd authenticate it using Thunderbird's OpenPGP Key Manager:

  1. Open Mozilla Thunderbird.
  2. Go to "Tools" menu -> "OpenPGP Key Manager".
  3. Double-click on the key that has the name and email address of the other person.
  4. If the "Fingerprint" line precisely matches the fingerprint that you were provided using a mutually trusted method, then put a check in the radio checkbox beside "Yes, I've verified in person this key has the correct fingerprint.", and then click "OK". If not, then there's something wrong with either the public key or the fingerprint that you received, and you should ask the other person to provide their public key and/or its fingerprint again.

You can use OpenPGP without authenticating public keys, but this might prevent you from trusting that your correspondents are actually who they claim to be, and people who receive messages allegedly from you might not trust that these actually came from you. For correspondence regarding something unimportant like a recreational game, you might not care about protecting the integrity and/or secrecy of your messages, but for important and/or confidential matters like medical records or lawyer-client discourse, you might feel otherwise.

Usage

Please note that OpenPGP wasn't designed to protect email headers. OpenPGP can protect the integrity and/or secrecy of an email message and any attachments, but a message's "From", "To", "Subject", and other header lines could be seen and/or modified while the message is in transit from the sender to the recipient. Thunderbird can use a non-standard method to encrypt a message's "Subject" line, but this isn't part of the OpenPGP standard, so you should never put any secret information into a message's "Subject" line because other email clients might reveal it in their replies.

Assuming you/we/somebody used our Mozilla Thunderbird guide to configure your email account on your computer, here's how to use OpenPGP's four primary functions in Thunderbird:

Sign (requires your private key)
By default, all messages that you send will be signed, and the signature file will be attached with the filename "OpenPGP_signature.asc". You could disable this, but we recommend keeping this enabled.
Verify (requires the sender's public key)
When you open a message that has an OpenPGP signature, Thunderbird will attempt to verify it automatically, and the "OpenPGP" button will appear in the message's window/pane below the message's date and time. If you click this "OpenPGP" button, Thunderbird will show you a screen that will report any problems it found with the signature.
Encrypt (requires the public key of each recipient)
To encrypt a message, either open the "Options" menu or click the little down arrow beside the "Write" window's "Security" button, and then put a check in the radio checkbox beside "Require Encryption". This will use your recipients' public keys and your own public key to encrypt the message and any attachments, and the message will be sent as a ciphertext file named "encrypted.asc". Because Thunderbird uses your own public key in addition to the public keys of your recipients, you'll be able to view this message after you send it, assuming you don't lose your private key.
Thunderbird can be configured to require encryption by default for all the messages you send, but this means that if you don't have the OpenPGP public keys for all the recipients of a message you write, then Thunderbird won't send it. This might require you to change "Require Encryption" to "Do Not Encrypt" for many/all of the messages you write, but if you'd be willing to do this, then you can read our Mozilla Thunderbird guide to learn how to require encryption by default.
Decrypt (requires your private key)
When you open a message that was encrypted using OpenPGP, Thunderbird will attempt to decrypt it automatically, and the "OpenPGP" button will appear in the message's window/pane below the message's date and time. Successfully decrypted messages will appear like normal messages, and you can click the "OpenPGP" button to see if there were any problems with it.