2 Putting cryptography to use
This section is part of the amber and green pathways.
So far this week you have studied the basic cryptographic techniques that can be used to protect the confidentiality and integrity of your information. Now let’s examine how these techniques can be used in practice.
Many websites, such as those for internet banking and online shopping, routinely use encryption to ensure that the data sent to and from your computer is safe from eavesdroppers. However, configuring the same technologies to protect activities such as email communication can be quite difficult because the tools involved are complicated to install and configure.
Most tools depend on a collection of cryptographic techniques, commonly called ‘Pretty Good Privacy’, PGP for short. PGP includes algorithms for symmetric and asymmetric cryptography. In order to help software vendors develop systems that can easily exchange encrypted information, a standard called OpenPGP was developed and agreed on by the Internet Engineering Task Force (IETF).
Some examples of tools available for encrypting emails include:
- GPG4Win [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] – provides a set of standalone tools that can be used to encrypt and digitally sign emails, documents and other files. It provides some plug-ins to integrate these features into standard email software, such as Microsoft Outlook and Mozilla Thunderbird.
- GPGMail – this tool is designed to integrate with the Mail software provided by Apple. It can be used to both encrypt and digitally sign your email. It is easier to configure and use than the Windows tools, but is only useful if you use a computer running OSX.
- Enigmail for Thunderbird – this is a plug-in for the Thunderbird email client software that works across all operating systems. However, it requires manual installation of the GNUPG software, an open source implementation of the OpenPGP standard.
- Mailvelope – this is a plug-in for Google’s Chrome browser that uses an implementation of the OpenPGP standard. It works with a variety of web-based email systems, such as Gmail or Yahoo Mail.
The effort of installing and configuring these tools puts many people off the idea of encrypting and digitally signing their email. Recognising this, there are ongoing efforts by companies to make encryption easier. For example, in 2014 Google announced that it would be adding PGP capabilities to its free email service, Gmail. The company have now released the software for its Chrome end-to-end encryption plug-in for review by developers. However, at the time of writing, this software has not been made available to the general public.
In the next few sections we will explore an alternative way of using cryptography to protect your email communications.