Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome to the January Hacks/Hacker meeting: Encrypted communications Keep up with upcoming events about the future of storytelling and data on the OpenDataSTL.

Published byKatherine Gilman Modified over 9 years ago

Similar presentations

Presentation on theme: "Welcome to the January Hacks/Hacker meeting: Encrypted communications Keep up with upcoming events about the future of storytelling and data on the OpenDataSTL."— Presentation transcript:

1 Welcome to the January Hacks/Hacker meeting: Encrypted communications Keep up with upcoming events about the future of storytelling and data on the OpenDataSTL Meetup page www.meetup.com/Open-Data-STL Hacks/Hackers STL on Twitter www.twitter.com/STLHacksHackers Hacks/Hackers STL on Facebook www.facebook.com/STLHacksHackers

2 Why encrypt my emails and chats?  Some people encrypt their communications in response to government- sanctioned surveillance, inside the US and overseas, on principle or because they are working with sensitive issues.  Some email providers scan email content to serve customized advertising while you surf the web, but they can't read content you encrypt with your own keys.  See “Gmail Does Scan All Emails, New Google Terms Clarify,” April 2014 at The Guardian.Gmail Does Scan All Emails, New Google Terms Clarify  Signing and encrypting your emails and using encrypted chat programs preserves message integrity to prevent tampering.  If no one else has your communication partner's key and passphrase, you can guarantee that your message will only be read by the intended recipient (and vice versa). Encrypted chat programs also offer verification tools.  If someone steals your email account credentials, they won't be able to read your encrypted emails unless they also have your key passphrase.

3 Today we're going to discuss  CryptoCat: an easy-to-use Firefox extension  ChatSecure: an Android chat app  Enigmail: an extension for encrypted email in Thunderbird  GPG4Win: a basic key manager for Windows  Mailvelope: a Firefox extension for encrypting email in-browser Tools for closed-source platforms are harder to find or are not free to use. We'll discuss solutions for other platforms at the end. The Electronic Frontier Foundation Secure Messaging ScorecardSecure Messaging Scorecard

4 Just because an app describes itself as secure doesn't mean it makes any guarantee about respecting your privacy or whether someone can break their encryption. A good algorithm isn't broken by allowing others to review it. We'll discuss weaknesses in all systems, even good ones, later in the presentation.

5 CryptoCat A browser extension for Chrome, Firefox, Safari, Opera, OS X, and iPhone. Developed by Nadim Kobeiisi. Strengths:  Easy to use, thoroughly reviewed, and available for a wide range of platforms. Weaknesses:  Conversation names and nicknames should be exchanged in person beforehand.  Vulnerable to keyloggers.  If someone gets hold of your conversation partner's details, they can easily impersonate that individual.

6 ChatSecure A chat client for iPhone, iPad, iPod Touch, and Android. Developed by The Guardian Project in the UK (check out their Orbot, Orweb, and ObscuraCam projects too!). Strengths:  Easy to set up a new chat account with Jabber and XMPP.  Includes a challenge question function and ways to visually confirm that messages are being encrypted. Weaknesses:  A little buggy when trying to identify online users.  No big flashing warning if your conversation partner fails the challenge question.

7 Before we move on to generating keys, let's cover some basics. You can think of encrypting files and emails with this diagram –--------Sender----------------In transit-------------Recipient-------- MessageEncryptionCiphertextDecryptionMessage Public keyPrivate key In examples, cryptographers often use the names Alice and Bob. Alice encrypts a message to Bob with Bob's public key. The message cannot be decrypted with Bob's public key. Alice then sends the ciphertext to Bob, who decrypts the message with his private key (unlocked, in most cases, with a passphrase). A signature on an encrypted document is a unique string that is a function of your private key and the message. It proves that only the person with access to the private key could have sent the message, and also that the message has not been tampered with.

8 Good advice regardless of what tools you are using:  Most of them are only as secure as your passwords. Make sure you use passwords that you won't forget, and don't re-use passwords. Secure passwords are long, don't include whole words straight from the dictionary, include numerals and symbols, and are difficult to guess.  Challenge questions and security questions are usually pretty easy to guess, so arrange with your conversation partner beforehand to make them difficult to predict.  Exchange details in person or by another encrypted method because unencrypted traffic is often easy for attackers to read.  If you really can't remember your password or other conversation method parameters (CryptoCat chatroom names, challenge questions and answers), write them down on paper and keep them somewhere safe, far away from your computer.  If you loose your password to use your private key, there is no way to decrypt messages sent to you and you cannot revoke your certificate. Be careful!  Keyloggers and malware can break many of these tools, so regular antivirus scans (regardless of your operating system) are vital to your security.

9 Enigmail An add-on for Mozilla Thunderbird and Seamonkey email clients. Good instructions for implementation at Email Self-Defense by the Free Software Foundation.Email Self-Defense You will also need to download Gnu Privacy Guard (GPG), the Windows version of which is GPG4Win. During installation, choose to install GPA.GPG4Win Enigmail will be in your Thunderbird options. Click the arrow beside Enigmail, click “Key Management,” and then click “Generate” and select “New Key Pair.” Enter a passphrase and then click “Generate Key.” Enigmail also gives the option to generate a revocation certificate, which lets you revoke your key's validity if someone gets your private key and passphrase. Generate the revocation certificate and keep it in a safe place somewhere other than your computer. Next, we're going to test using the key for encrypting and decrypting emails.

10 Open the Enigmail Key Management window, right-click on your key, and click “Send Public Keys by Email.” Send the email to adele-en@gnupp.de: subject line and content don't matter yet. Don't encrypt the email, but you can try signing it by clicking the pen icon in the lower right corner of the email window.adele-en@gnupp.de Remember, even if your email is encrypted, the subject line and email recipients are never encrypted. Adele will send you an email encrypted with your public key. Thunderbird should prompt you to enter your passphrase to decrypt it. Click the “Decrypt” button in the mail toolbar. It will prompt you to add Adele's public key (in the email) to Enigmail. Now send a reply email to Adele— erasing the text in the body of the email first and adding a brief message of your own. Click on the key icon next to the pen icon and choose to encrypt the email with Adele's private key.

11 Signing keys and uploading to a keyserver An important feature of asymmetric (public and private) key encryption is the trust web. Someone looking to communicate with you can search for your public key through a keyserver and knows that the one signed by other people you both know and trust is the right one. Upload your key to a keyserver by clicking on it, then “Keyserver,” then “Upload Public Keys.” To sign a key, find it by searching in Enigmail. Click on “Keyserver,” then “Search for keys.” Select the one you want and add it. Then right-click on it in the Key Management pane and select “Sign key.”

12 Mailvelope A browser add-on for Firefox or Chrome. It works for most web mail applications. The documentation page is great for instructing you on how to generate a key pair, add public keys to your keyring, encrypting and decrypting emails, and more.documentation page It does not give you the ability to sign keys or upload them to key servers.

13 Questions? If you know the answer, please feel free to speak up. Now, time to sign!

14 If you have Enigmail:  Find your fingerprint in the Key Management window by double-clicking on your key.  Search for a key by its fingerprint by clicking “Keyservers,” then “Search for keys,” and enter the whole fingerprint in the search bar.  Select it, add it to your keyring, and then right-click and sign it. If you're using GPA:  Find your fingerprint by clicking on your key.  GPA prefers to find keys by key ID, which is the last 8 characters in the fingerprint.  It will add the public key automatically if found. Right-click on it and select “Sign keys.” If you're using something else, ask for help! My fingerprint is 9C80 407F 9613 3D15 18B6 9816 2BC1 4507 66F8 75A1 Feel free to sign my key when you can!

Download ppt "Welcome to the January Hacks/Hacker meeting: Encrypted communications Keep up with upcoming events about the future of storytelling and data on the OpenDataSTL."

Similar presentations

Safer, Speedier and Sexier Surfing with Safari. Which Web Browser?

Safer, Speedier and Sexier Surfing with Safari. Which Web Browser?
® Microsoft Office 2010 Browser and Email Basics.

® Microsoft Office 2010 Browser and Basics.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
EDW647 Internet For Educators Setting Up a Gmail Account Roger W. Webster, Ph.D. Department of Computer Science Millersville University (717) 872-3539.

EDW647 Internet For Educators Setting Up a Gmail Account Roger W. Webster, Ph.D. Department of Computer Science Millersville University (717)
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
 You will need to click switch user and then other user.  Enter your Campus Connect user name  Enter your Campus Connect password  Click the arrow.

 You will need to click switch user and then other user.  Enter your Campus Connect user name  Enter your Campus Connect password  Click the arrow.
CSCI 530L Public Key Infrastructure. Who are we talking to? Problem: We receive an e-mail. How do we know who it’s from? E-Mail address Can be spoofed.

CSCI 530L Public Key Infrastructure. Who are we talking to? Problem: We receive an . How do we know who it’s from? address Can be spoofed.
Tony BrettOUCS Course Code ZAB 9 February 2004 E-Mail Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.

Tony BrettOUCS Course Code ZAB 9 February Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.
Free Software Alternatives: Avast! Anti-virus

Free Software Alternatives: Avast! Anti-virus
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
We are partners in learning.. Note: Office 365 works best in Internet Explorer V 9 or above. Some features do not work in PWCS’s Chrome Browser or in.

We are partners in learning.. Note: Office 365 works best in Internet Explorer V 9 or above. Some features do not work in PWCS’s Chrome Browser or in.
Email June 2013. Email Email is an easy way to communicate. It costs nothing to send an email, but it does require a connection to the Internet. You can.

June is an easy way to communicate. It costs nothing to send an , but it does require a connection to the Internet. You can.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
Chapter Accreditation Online System Usage Tutorial Department of Member Relations & Grants National Children’s Alliance.

Chapter Accreditation Online System Usage Tutorial Department of Member Relations & Grants National Children’s Alliance.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Crypto Party ATX Shameless self-promotion Visit us at https://CryptoPartyATX.orghttps://CryptoPartyATX.org Step-by-step guides on how to encrypt your s,

Crypto Party ATX Shameless self-promotion Visit us at Step-by-step guides on how to encrypt your s,
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

Similar presentations

Ads by Google