Message Security

Message security is the practice of encrypting messages on your device so that they can be read only by the intended recipient. Although Seguridad de Redes and Seguridad en dispositivos are important, this kind of message encryption is necessary in many situations:

  • Confidentiality: Message encryption is the only way to ensure that only the indented recipients are reading your messages.
  • Authenticity: Message encryption is the only way to ensure the identity of the people you are communicating with.

Practicing message encryption, however, can be a challenge:

  • You must own a device: The idea with message encryption is that you don’t trust another party to encrypt your communication for you. Therefore, all the encryption takes place on your machine, which means you need to own your own device.
  • Steep learning curve: In order to use encryption software correctly, you will need to spend a significant amount of time learning important encryption concepts like public keys, private keys, keyrings, etc.
  • Limited correspondents: With message encryption, you can only communicate securely with other people using the same software.

Obviously, these guarantees of security don’t apply if your device has been compromised.

About Message Encryption

What these help pages call “message encryption” is technically called “public-key cryptography”. Here is how it works:

  • Private key: Everyone has their own private key. As the name implies, this key must be kept private. You use this private key in order to read the encrypted messages sent to you.
  • Public key: Everyone also has a public key. This key is often distributed far and wide. When someone wants to send you a secure message, they use your public key to encrypt it. Only the person with the corresponding private key will be able to decrypt it.

Tips for Learning Message Encryption

Although it provides the highest level of security, public-key encryption is still an adventure to use. To make your journey less scary, we suggest you keep these things in mind:

  • Be in it for the long haul: using public-key encryption takes a commitment to learning a lot of new skills and jargon. The widespread adoption of public-key encryption is a long way off, so it may seem like a lot of work for not much benefit. However, we need early adopters who can help build a critical mass of public-key encryption users.
  • Develop encryption buddies: although most your traffic might not be encrypted, if you find someone else who uses public-key encryption try to make a practice of only communicating securely with that person.
  • Look for advocates: people who use public-key encryption usually love to evangelize about it and help others to use it to. Find someone like this who can answer your questions and help you along.

Limitations of Message Encryption

Although you can hide the contents of email with public-key encryption, it does not hide who you are sending mail to and receiving mail from. This means that even with public key encryption there is a lot of personal information which is not secure.

Why? Imagine that someone knew nothing of the content of your mail correspondence, but they knew who you sent mail to and received mail from and they knew how often and what the subject line was. This information can provide a picture of your associations, habits, contacts, interests and activities.

The only way to keep your list of associations private is to to use a service provider which will establish a secure connection with other service providers. See our directory of radical servers for a list of such providers.

Use Message Encryption

Encrypted Email

  1. What is encrypted email?
  2. How do I use encrypted email?
  3. Can I send and receive encrypted email using riseup’s webmail?
  4. What are some limitations of encrypted communications?
  5. How can I verify a key owner’s identity?
  6. How can I sign a key and why would I want to?
  7. Do you have any other tips about encrypted email?
  8. How do I setup OpenPGP encrypted email on my computer?

GPG buenas prácticas

  1. Asegúrate de estar recibiendo regularmente actualizaciones de las llaves.
  2. No uses pgp.mit.edu
  3. La transición a una llave primaria más fuerte
  4. Considera hacer que tu servidor de llaves por defecto use un servidor de llaves que tenga transporte HKPS
  5. Asigna una fecha de vencimiento si no tienes una
  6. Agenda un evento en el calendario para recordarte sobre la fecha de vencimiento de tu llave
  7. ¿Tienes un certificado de revocación?
  8. ¿Tienes un respaldo encriptado para la información secreta de tus llaves?
  9. Utiliza únicamente tu llave primaria para certificación (y tal vez también firmar). Ten una subllave por separado para encriptar.*
  10. (extra) Ten una subllave por separado para firmar y mantén tu llave primaria completamente fuera de linea.
  11. No confíes en el ID de la llave
  12. Revisiones relacionadas con llaves OpenPGP
  13. Asegúrate de que tu llave es OpenPGPv4
  14. Actualiza tu configuración GPG por defecto
  15. No incluyas un “comentario” en tu ID de usuario

Managing OpenPGP Keys

  1. First step before start
  2. Linux
    1. Using GNOME’s GUI frontend: Seahorse
      1. What is Seahorse?
      2. Create and export an OpenPGP Public/Private Key pair
      3. Find or import someone else’s OpenPGP Public Key
        1. Import from a key file
        2. Searching on keyservers
      4. Verifying a key
    2. Using the Linux command line
      1. Ensure that you have already set the right defaults
      2. Generate an OpenPGP Key pair using GPG
      3. List your keys
      4. Export/Publish your public OpenPGP Key
      5. Publish your OpenPGP public key to a Key server
  3. Windows
    1. Install Gpg4win
    2. Create and Export an OpenPGP Public/Private Key pair
      1. Find or Import someone else’s OpenPGP Public Key
        1. Import from a key file
        2. Find on the key servers
      2. Sign their key (Certify their Certificate)
  4. Mac OS X

Encrypting Email with Thunderbird

  1. Before you begin
  2. Install Enigmail and Run the OpenPGP Setup Wizard
  3. Setup OpenPGP Rules

Key Transition

An example key transition statement for you to use