Message security is the practice of encrypting messages on your device so that they can be read only by the intended recipient. Although Seguridad de Redes and Seguridad en dispositivos are important, this kind of message encryption is necessary in many situations:
- Confidentiality: Message encryption is the only way to ensure that only the indented recipients are reading your messages.
- Authenticity: Message encryption is the only way to ensure the identity of the people you are communicating with.
Practicing message encryption, however, can be a challenge:
- You must own a device: The idea with message encryption is that you don’t trust another party to encrypt your communication for you. Therefore, all the encryption takes place on your machine, which means you need to own your own device.
- Steep learning curve: In order to use encryption software correctly, you will need to spend a significant amount of time learning important encryption concepts like public keys, private keys, keyrings, etc.
- Limited correspondents: With message encryption, you can only communicate securely with other people using the same software.
Obviously, these guarantees of security don’t apply if your device has been compromised.
What these help pages call “message encryption” is technically called “public-key cryptography”. Here is how it works:
- Private key: Everyone has their own private key. As the name implies, this key must be kept private. You use this private key in order to read the encrypted messages sent to you.
- Public key: Everyone also has a public key. This key is often distributed far and wide. When someone wants to send you a secure message, they use your public key to encrypt it. Only the person with the corresponding private key will be able to decrypt it.
Tips for Learning Message Encryption
Although it provides the highest level of security, public-key encryption is still an adventure to use. To make your journey less scary, we suggest you keep these things in mind:
- Be in it for the long haul: using public-key encryption takes a commitment to learning a lot of new skills and jargon. The widespread adoption of public-key encryption is a long way off, so it may seem like a lot of work for not much benefit. However, we need early adopters who can help build a critical mass of public-key encryption users.
- Develop encryption buddies: although most your traffic might not be encrypted, if you find someone else who uses public-key encryption try to make a practice of only communicating securely with that person.
- Look for advocates: people who use public-key encryption usually love to evangelize about it and help others to use it to. Find someone like this who can answer your questions and help you along.
Limitations of Message Encryption
Although you can hide the contents of email with public-key encryption, it does not hide who you are sending mail to and receiving mail from. This means that even with public key encryption there is a lot of personal information which is not secure.
Why? Imagine that someone knew nothing of the content of your mail correspondence, but they knew who you sent mail to and received mail from and they knew how often and what the subject line was. This information can provide a picture of your associations, habits, contacts, interests and activities.
The only way to keep your list of associations private is to to use a service provider which will establish a secure connection with other service providers. See our directory of radical servers for a list of such providers.
- What is encrypted email?
- How do I use encrypted email?
- Can I send and receive encrypted email using riseup’s webmail?
- What are some limitations of encrypted communications?
- How can I verify a key owner’s identity?
- How can I sign a key and why would I want to?
- Do you have any other tips about encrypted email?
- How do I setup OpenPGP encrypted email on my computer?
- Asegúrate de estar recibiendo regularmente actualizaciones de las llaves.
- No uses pgp.mit.edu
- La transición a una llave primaria más fuerte
- Considera hacer que tu servidor de llaves por defecto use un servidor de llaves que tenga transporte HKPS
- Asigna una fecha de vencimiento si no tienes una
- Agenda un evento en el calendario para recordarte sobre la fecha de vencimiento de tu llave
- ¿Tienes un certificado de revocación?
- ¿Tienes un respaldo encriptado para la información secreta de tus llaves?
- Utiliza únicamente tu llave primaria para certificación (y tal vez también firmar). Ten una subllave por separado para encriptar.*
- (extra) Ten una subllave por separado para firmar y mantén tu llave primaria completamente fuera de linea.
- No confíes en el ID de la llave
- Revisiones relacionadas con llaves OpenPGP
- Asegúrate de que tu llave es OpenPGPv4
- Actualiza tu configuración GPG por defecto
- No incluyas un “comentario” en tu ID de usuario
- First step before start
- Using GNOME’s GUI frontend: Seahorse
- Using the Linux command line
- Mac OS X