Cover your tracks: beat the NSA and GCHQ at their own game

News
By Neil Mohr
published

Keep private what you want to keep private

Email protection

Kleopatra

With that all done, you have a secured system and the data can only be read if the correct password is supplied. For data files and disks, these can be swapped into any other system running TrueCrypt and continue to be used, as long as the password is supplied again.

The rescue disk can not only decrypt all the data in an emergency but restore the bootloader, key data and original system loader, but you will still need your original password. You can also alter your password, but due to the way the encryption is designed, older rescue CDs will still be able to decrypt your data with the old password, so it's best to destroy it.

With the stuff on your hard drives locked down, it's time to turn our attentions to your stuff out there on the shady internet.

But if your favourite online web email company is handing out access to your account, how can you keep your communication secure? Enter PGP (Pretty Good Privacy), which is a public key system aimed at email.

Now let's get one thing clear: if you're emailing people with web-based accounts, nothing is secure. However, if you encrypt your message or files locally before sending onto the internet, only the recipients you want will ever be able to read it.

While PGP is now commercially owned by Symantec the OpenPGP group maintains an open-source version, which is used as part of the www.gpg4win.org distribution. This clever pack bundles not only a full OpenPGP plug-in for Microsoft Outlook - if that's your email poison - but also Claws Mail, which is a standalone email client set up for sending encrypted emails.

Before you can use PGP, you need to create a key pair using the Kleopatra software. You'll be asked to supply your name, email address and a passphrase, which needs to adhere to the same security measures as a good password. Once this is done, there's an option to email your public key (called the certificate) to anyone who wants to send you a secure message. You can also use 'File > Export certificate' to get the public key file.

Of course, if you want to send someone a secure message you'll need to know their public key, so there's a level of cooperation required. If you use Microsoft Outlook, the plug-in found in the Add-in tab when writing an email will let you encrypt the message.

Neil Mohr