Message Security

Message security is the practice of encrypting messages on your device so that they can be read only by the intended recipient. Although Network Security and Device Security are important, this kind of message encryption is necessary in many situations:

  • Confidentiality: Message encryption is the only way to ensure that only the indented recipients are reading your messages.
  • Authenticity: Message encryption is the only way to ensure the identity of the people you are communicating with.

Practicing message encryption, however, can be a challenge:

  • You must own a device: The idea with message encryption is that you don’t trust another party to encrypt your communication for you. Therefore, all the encryption takes place on your machine, which means you need to own your own device.
  • Steep learning curve: In order to use encryption software correctly, you will need to spend a significant amount of time learning important encryption concepts like public keys, private keys, keyrings, etc.
  • Limited correspondents: With message encryption, you can only communicate securely with other people using the same software.

Obviously, these guarantees of security don’t apply if your device has been compromised.

About Message Encryption

What these help pages call “message encryption” is technically called “public-key cryptography”. Here is how it works:

  • Private key: Everyone has their own private key. As the name implies, this key must be kept private. You use this private key in order to read the encrypted messages sent to you.
  • Public key: Everyone also has a public key. This key is often distributed far and wide. When someone wants to send you a secure message, they use your public key to encrypt it. Only the person with the corresponding private key will be able to decrypt it.

Tips for Learning Message Encryption

Although it provides the highest level of security, public-key encryption is still an adventure to use. To make your journey less scary, we suggest you keep these things in mind:

  • Be in it for the long haul: using public-key encryption takes a commitment to learning a lot of new skills and jargon. The widespread adoption of public-key encryption is a long way off, so it may seem like a lot of work for not much benefit. However, we need early adopters who can help build a critical mass of public-key encryption users.
  • Develop encryption buddies: although most your traffic might not be encrypted, if you find someone else who uses public-key encryption try to make a practice of only communicating securely with that person.
  • Look for advocates: people who use public-key encryption usually love to evangelize about it and help others to use it to. Find someone like this who can answer your questions and help you along.

Limitations of Message Encryption

Although you can hide the contents of email with public-key encryption, it does not hide who you are sending mail to and receiving mail from. This means that even with public key encryption there is a lot of personal information which is not secure.

Why? Imagine that someone knew nothing of the content of your mail correspondence, but they knew who you sent mail to and received mail from and they knew how often and what the subject line was. This information can provide a picture of your associations, habits, contacts, interests and activities.

The only way to keep your list of associations private is to to use a service provider which will establish a secure connection with other service providers. See our directory of radical servers for a list of such providers.

Use Message Encryption

Encrypted Email

  1. What is encrypted email?
  2. How do I use encrypted email?
  3. Can I send and receive encrypted email using riseup’s webmail?
  4. What are some limitations of encrypted communications?
  5. How can I verify a key owner’s identity?
  6. How can I sign a key and why would I want to?
  7. Do you have any other tips about encrypted email?
  8. How do I setup OpenPGP encrypted email on my computer?

Encrypting Email with Thunderbird

  1. Install Enigmail and Run the OpenPGP Setup Wizard
  2. Setup OpenPGP Rules

Managing OpenPGP Keys

  1. Linux
    1. Using GNOME’s GUI frontend: Seahorse
      1. What is Seahorse?
      2. Create and Export an OpenPGP Public/Private Key pair
      3. Find or Import someone else’s OpenPGP Public Key
        1. Import from a key file
        2. Find on the key servers
      4. Sign their key
    2. Using the Linux command line
      1. Generate an OpenPGP Key pair using GPG
      2. List your keys
      3. Export/Publish your public OpenPGP Key
      4. Publish your OpenPGP public key to the Ubuntu Key server
  2. Windows
    1. Install Gpg4win
    2. Create and Export an OpenPGP Public/Private Key pair
      1. Find or Import someone else’s OpenPGP Public Key
        1. Import from a key file
        2. Find on the key servers
      2. Sign their key (Certify their Certificate)
  3. Mac OS X

Off the Record

OTR allows you to encrypt your chat messages.

  1. Introduction to OTR
  2. Installing OTR
    1. Linux
    2. Windows
    3. Mac
  3. Adding an Account to Pidgin
  4. Setting up OTR
  5. Adding Buddies to your Contacts
  6. Authenticate Buddies