Everyday thousands of otherwise sensitive information is being exchange over email or stored on disk not even realising that someone could intercept it on transit or while on rest, causing devastating consequences. Securing sensitive data in either state is imperative as attackers find increasingly sophisticated tools and techniques to compromise systems and gain access.
While different tools and techniques are available that can be used to protect data in either state, encryption plays a vital role in maintaining data confidentiality.
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Discussed below are few tools based on openPGP standard (Open source Version of PGP). There are many other implementation of openPGP for various other platforms.
- Mailvelope is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard. It also provides means to encrypt files.
- GPG4Win (GNU Privacy Guard for Windows) as name indicates is a windows tool that also can be used to encrypt both email and files
- If you are a Mac user an alternative to GPG4Win is GPG Tools which servers the exact same purpose.
While above links will take you to the detailed documentation on usage of each of the tools, following are the generic process you would be following:
- Generate public/private key pair (use strong passphrase and don’t lose it)
- Share/upload public key to public key servers: this is the key other people use to encrypt a message that only you can open/read.
- Keep your private key private: this is your key to protecting your data, it allows you to decrypt the messages encrypted by the sender using your public key. The private key is also used to generate signatures.
- Note your fingerprint: every public/private key pair has a unique fingerprint.
- Generate key revocation certificate: Generate and store your revocation certificate in a safe place. If somehow your private key is compromised or you forgot your passphrase sometimes later, this certificate can be used to revote your key.
- Key Exchange: Make sure you authenticate the public key owner is the one he/she claims to be. Usually you exchange your fingerprint face-to-face or via email with the person you intent to exchange your keys and then import public key from key servers.
- Once you have the public key imported you can start exchanging encrypted emails.
- You can also use above tools to encrypt files.