-
Notifications
You must be signed in to change notification settings - Fork 4
/
gpg_fr.html
244 lines (237 loc) · 16.7 KB
/
gpg_fr.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN">
<html xml:lang="fr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="fsng.css" type="text/css" />
<link href="favicon.png" type="image/png" />
<title>Freenet Social Networking Guide - GPG</title>
</head>
<body>
<div id="language"><a href="gpg_en.html">English</a> <a href="gpg_fr.html">French</a> </div>
<div id="logo">
<a href="index_fr.html" title="Homepage">
<img src="images/header.png" alt="Freenet Social Networking Guide" style="border: none; " />
</a>
</div>
<div id="breadcrumbs">
<p>Email encryption</p>
</div>
<div id="navbar"><center><b>Menu</b></center>
<ul>
<li class="nav1"><a href="freenet_fr.html" title="Step 1: Freenet">
Etape 1: Freenet</a>
</li>
<li class="nav1"><a href="wot_fr.html" title="Step 2: Identité">
Etape 2: Identité</a>
</li>
<li class="nav1"><a href="freemail_fr.html" title="Step 3: Mail">
Etape 3: Mail</a>
</li>
<li class="nav1"><a href="sone_fr.html" title="Step 4: Microblogging">
Etape 4: Microblogging</a>
</li>
<li class="nav1"><a href="fms_fr.html" title="Step 5: Forums">
Etape 5: Forums</a>
</li>
<li class="nav1"><a href="flip_fr.html" title="Step 6: Chat">
Etape 6: Chat</a>
</li>
</ul>
<hr />
<center><b>Informations complémentaires</b></center>
<ul>
<li class="nav1"><a href="gpg_fr.html" title="Ajouter cryptage GPG">
Ajouter cryptage GPG</a>
</li>
<li class="nav1"><a href="more_fr.html" title="Pour en savoir plus">
Pour en savoir plus</a>
</li>
</ul>
<hr />
<ul>
<li class="nav1"><a href="contact_fr.html" title="Contacter l'auteur">
Contacter l'auteur</a>
</li>
</ul>
</div>
<div id="content">
<h1>Setting up email encryption</h1>
<p>This tutorial will walk through GPG and Enigmail setup and cover encryption and signing of messages in Thunderbird.</p>
<h2>Installing GnuPG</h2>
<ol>
<li><p>The first thing to install is the GnuPG. If you are running Linux you probably already have it installed. If you don't have it already go to the <a href="http://www.gnupg.org/">GnuPG website</a> and follow the correct download link for your operating system. The following steps will illustrate the Windows version of GnuPG.</p>
<p>Download and run the <a href="http://gpg4win.org/">Gpg4win</a> installer.</p>
<p><a href="images/99/setup001.png"><img src="images/99/setup001.png" width="640" height="480" alt="Step 1" /></a></p>
</li>
<li><p>You can accept the default values for many of the following screens.</p>
<p><a href="images/99/setup002.png"><img src="images/99/setup002.png" width="640" height="480" alt="Step 2" /></a></p>
<p><a href="images/99/setup003.png"><img src="images/99/setup003.png" width="640" height="480" alt="Step 3" /></a></p>
<p><a href="images/99/setup004.png"><img src="images/99/setup004.png" width="640" height="480" alt="Step 4" /></a></p>
</li>
<li><p>Make sure to enable GPA here. If you're using this guide to set up GnuPG you don't need to install Kleopatra. Claws-Mail is an alternative to Thunderbird that you can use if you want but this guide will not cover it.</p>
<p><a href="images/99/setup005.png"><img src="images/99/setup005.png" width="640" height="480" alt="Step 5" /></a></p>
</li>
<li><p>These defaults should be adequate.</p>
<p><a href="images/99/setup006.png"><img src="images/99/setup006.png" width="640" height="480" alt="Step 6" /></a></p>
<p><a href="images/99/setup007.png"><img src="images/99/setup007.png" width="640" height="480" alt="Step 7" /></a></p>
<p><a href="images/99/setup008.png"><img src="images/99/setup008.png" width="640" height="480" alt="Step 8" /></a></p>
</li>
<li><p>There is no need to set up certificates at this time so check the box to skip that configuration.</p>
<p><a href="images/99/setup009.png"><img src="images/99/setup009.png" width="640" height="480" alt="Step 9" /></a></p>
</li>
</ol>
<h2>Enigmail installation</h2>
<ol>
<li><p>Now that GnuPG is installed open Thunderbird and go to the Add-ons menu.</p>
<p><a href="images/99/setup010.png"><img src="images/99/setup010.png" width="640" height="480" alt="Step 1" /></a></p>
</li>
<li><p>Search for Enigmail</p>
<p><a href="images/99/setup011.png"><img src="images/99/setup011.png" width="640" height="480" alt="Step 1" /></a></p>
</li>
<li><p>Install the add-on.</p>
<p><a href="images/99/setup012.png"><img src="images/99/setup012.png" width="640" height="480" alt="Step 1" /></a></p>
</li>
<li><p>Restart Thunderbird.</p>
<p><a href="images/99/setup013.png"><img src="images/99/setup013.png" width="640" height="480" alt="Step 1" /></a></p>
</li>
</ol>
<h2>Generating a keypair</h2>
<ol>
<li><p>Use the Setup Wizard in the OpenPGP menu to create a keypair and configure Thunderbird to use it.</p>
<p><a href="images/99/setup014.png"><img src="images/99/setup014.png" width="640" height="480" alt="Step 1" /></a></p>
</li>
<li><p>Confirm that you want to use the wizard.</p>
<p><a href="images/99/setup015.png"><img src="images/99/setup015.png" width="640" height="480" alt="Step 2" /></a></p>
</li>
<li><p>Signing all emails is a good practice which does not require that your recipients have encryption keys. Choose 'Yes' here.</p>
<p><a href="images/99/setup016.png"><img src="images/99/setup016.png" width="640" height="480" alt="Step 3" /></a></p>
</li>
<li><p>For most people encryption should be disabled by default and enabled as required. Choose 'No'.</p>
<p><a href="images/99/setup017.png"><img src="images/99/setup017.png" width="640" height="480" alt="Step 4" /></a></p>
</li>
<li><p>Allow Enigmail to adjust Thunderbird's settings to their optimal values.</p>
<p><a href="images/99/setup018.png"><img src="images/99/setup018.png" width="640" height="480" alt="Step 5" /></a></p>
</li>
<li><p>If Thunderbird can not find the GnuPG program you may be prompted to enter its location manually. Unless you changed the default installation directory it will be located in c:\Program Files\GNU\GnuPG\ on Windows.</p>
<p><a href="images/99/setup019.png"><img src="images/99/setup019.png" width="640" height="480" alt="Step 6" /></a></p>
</li>
<li><p>Now tell Enigmail to create a keypair.</p>
<p><a href="images/99/setup020.png"><img src="images/99/setup020.png" width="640" height="480" alt="Step 7" /></a></p>
</li>
<li><p>Choose a long, but memorable passphrase.</p>
<p><a href="images/99/setup021.png"><img src="images/99/setup021.png" width="640" height="480" alt="Step 8" /></a></p>
</li>
<li><p>Click 'Next' to create your keys.</p>
<p><a href="images/99/setup022.png"><img src="images/99/setup022.png" width="640" height="480" alt="Step 9" /></a></p>
</li>
<li><p>Create the revocation now because if you ever need it in the future and don't do it now you'll invariably forget to create one until it's too late.</p>
<p><a href="images/99/setup023.png"><img src="images/99/setup023.png" width="640" height="480" alt="Step 10" /></a></p>
</li>
<li><p>For now, save the certificate somewhere memorable.</p>
<p><a href="images/99/setup024.png"><img src="images/99/setup024.png" width="640" height="480" alt="Step 11" /></a></p>
</li>
<li><p>You need to enter your passphrase to create the certificate.</p>
<p><a href="images/99/setup025.png"><img src="images/99/setup025.png" width="640" height="480" alt="Step 12" /></a></p>
</li>
<li><p>This is good advice, but don't use a floppy disk. Use something more modern, like a USB stick.</p>
<p><a href="images/99/setup026.png"><img src="images/99/setup026.png" width="640" height="480" alt="Step 13" /></a></p>
</li>
<li><p>You are now ready to sign and decrypt messages in Thunderbird.</p>
<p><a href="images/99/setup027.png"><img src="images/99/setup027.png" width="640" height="480" alt="Step 14" /></a></p>
</li>
<h2>Example use</h2>
<p>This section will walk through how to publish your public key so that other people can find it, as well as importing another person's key and configuring Thunderbird to alway send them encrypted messages.
<ol>
<li><p>Open up The GNU Privacy Assistant (GPA) and you should see the keypair you created before. In order for other people to send you encrypted emails or verify your signature on your outgoing mail they need to have a copy of your public key. Sending your key to a service called a "key server" is a good way to do this.</p>
<p>You should use Tor when accessing a keyserver over the Internet to avoid compromising your anonymity.</p>
<p><a href="images/99/setup028.png"><img src="images/99/setup028.png" width="640" height="480" alt="Step 1" /></a></p>
</li>
<li><p>There is no reason to be shy. Your public key is more useful if more people have it.</p>
<p><a href="images/99/setup029.png"><img src="images/99/setup029.png" width="640" height="480" alt="Step 2" /></a></p>
</li>
<li><p>Now those who wish to send you secure email can query <code>keys.gnupg.net</code> for your email address and obtain your public key to encrypt with.</p>
<p><a href="images/99/setup030.png"><img src="images/99/setup030.png" width="640" height="480" alt="Step 3" /></a></p>
</li>
<li><p>You'll also need to export a copy of your public key on your hard drive for subsequent steps.</p>
<p><a href="images/99/setup031.png"><img src="images/99/setup031.png" width="640" height="480" alt="Step 4" /></a></p>
</li>
<li><p>Save it in a memorable location.</p>
<p><a href="images/99/setup032.png"><img src="images/99/setup032.png" width="640" height="480" alt="Step 5" /></a></p>
</li>
<li><p>This is an optional step to help establish the key as part of your Freenet identity. Open up your node interface and go to the 'Upload a file' page.</p>
<p><a href="images/99/setup033.png"><img src="images/99/setup033.png" width="640" height="480" alt="Step 6" /></a></p>
</li>
<li><p>The file you'll be uploading is small enough that you can insert it through the browser. Choose the public key file you just exported from GPA.</p>
<p><a href="images/99/setup034.png"><img src="images/99/setup034.png" width="640" height="480" alt="Step 7" /></a></p>
</li>
<li><p>You can choose either type of key but the random, safe (SSK) option is safest.</p>
<p><a href="images/99/setup035.png"><img src="images/99/setup035.png" width="640" height="480" alt="Step 8" /></a></p>
</li>
<li><p>Once the node tells you the key copy that link to the clipboard so you can publish the location of your public key on Sone.</p>
<p><a href="images/99/setup036.png"><img src="images/99/setup036.png" width="640" height="480" alt="Step 9" /></a></p>
</li>
<li><p>Go to your Sone profile setup and add a 'Public key' field. Paste the link from before into the field and remove everything before SSK@ or CHK@.</p>
<p><a href="images/99/setup037.png"><img src="images/99/setup037.png" width="640" height="480" alt="Step 10" /></a></p>
</li>
<li><p>Save your profile and you'll now have a new field that Sone automagically turns into a link.</p><p>The reason to publish your GPG key here is so that you can communicate with people over different channels and prove that you are the same person instead of an imposer. Anyone who sees a message from you signed by the same key published on your Sone profile will know for certain that they are talking to the same person.</p>
<p><a href="images/99/setup038.png"><img src="images/99/setup038.png" width="640" height="480" alt="Step 11" /></a></p>
</li>
<li><p>For the next step you need another person's public key. This fine individual is also publishing a public key so let's click on the Public key link to download his.</p>
<p><a href="images/99/setup039.png"><img src="images/99/setup039.png" width="640" height="480" alt="Step 12" /></a></p>
</li>
<li><p>Freenet is extremely cautious about what it will display. Any content which has the slightest potential to compromise your anonymity will trigger this screen.</p>
<p>To proceed click on the link in the lower-left corner which will open the file as plain text</p>
<p><a href="images/99/setup040.png"><img src="images/99/setup040.png" width="640" height="480" alt="Step 13" /></a></p>
</li>
<li><p>This is what a public key actually looks like.</p>
<p><a href="images/99/setup041.png"><img src="images/99/setup041.png" width="640" height="480" alt="Step 14" /></a></p>
</li>
<li><p>Save this file to a memorable location.</p>
<p><a href="images/99/setup042.png"><img src="images/99/setup042.png" width="640" height="480" alt="Step 15" /></a></p>
</li>
<li><p>Now return to GPA and click on the 'Import' button.</p>
<p><a href="images/99/setup043.png"><img src="images/99/setup043.png" width="640" height="480" alt="Step 16" /></a></p>
</li>
<li><p>Choose the file you just saved.</p>
<p><a href="images/99/setup044.png"><img src="images/99/setup044.png" width="640" height="480" alt="Step 17" /></a></p>
</li>
<li><p>Now you've successfully imported a public key.</p>
<p><a href="images/99/setup045.png"><img src="images/99/setup045.png" width="640" height="480" alt="Step 18" /></a></p>
</li>
<li><p>Now that GnuPG knows about the public key you just imported you can now use it to send an encrypted message.</p>
<p>In the message composition window you should notice a new OpenPGP button in the toolbar (ignore the S/MIME menu). Clicking here will allow you to sign and/or encrypt an outgoing message.
<p><a href="images/99/setup046.png"><img src="images/99/setup046.png" width="640" height="480" alt="Step 19" /></a></p>
</li>
<li><p>You need the passphrase you used when you originally created the key to sign or decrypt messages.</p>
<p><a href="images/99/setup047.png"><img src="images/99/setup047.png" width="640" height="480" alt="Step 20" /></a></p>
</li>
<li><p>This is what an encrypted email looks like. Anyone who intercepts the message in transit will not be able to see the contents unless they possess the correct private key.</p>
<p><a href="images/99/setup048.png"><img src="images/99/setup048.png" width="640" height="480" alt="Step 21" /></a></p>
</li>
<li><p>Once you have a public key for someone there's no reason not to encrypt all emails you send them. Fortunately Thunderbird can allow you to set up rules to do this automatically.</p>
<p>From the address book entry for a contact choose 'Create OpenPGP Rule from Address' from the context menu.</p>
<p><a href="images/99/setup049.png"><img src="images/99/setup049.png" width="640" height="480" alt="Step 22" /></a></p>
</li>
<li><p>The default values require you to manually specify encryption. To change this, first select 'Use the following OpenPGP keys:' and click on the 'Select Key(s)' button.</p>
<p><a href="images/99/setup050.png"><img src="images/99/setup050.png" width="640" height="480" alt="Step 23" /></a></p>
</li>
<li><p>Choose the contact's public key. If you don't have their public key yet you can try downloading it from the keyserver by clicking on 'Download missing keys'. This is one reason why you should upload your own.</p>
<p><a href="images/99/setup051.png"><img src="images/99/setup051.png" width="640" height="480" alt="Step 24" /></a></p>
</li>
<li><p>Now that you've told Enigmail which key to use for encryption tell it to always sign and encrypt messages you send them. It's usually good to also send them messages as PGP/MIME but there are a few lame email clients which don't support PGP/MIME, like Outlook. Anyone using Thunderbird or Claws-mail can receive PGP/MIME so if you know that's what your contact uses enable that option as well.</p>
<p><a href="images/99/setup052.png"><img src="images/99/setup052.png" width="640" height="480" alt="Step 25" /></a></p>
</li>
<li><p>One thing you should note is that Enigmail needs to be enabled for every account you use in Thunderbird. If you go to the 'Account Settings' you'll see that all your ccounts now have a 'OpenPGP Security' section.</p>
<p>Click on the top checkbox to enable Enigmail for any account which are not already set up. If the email address of the account is already associated with your public key you cn leave the next setting alone. Otherwise, or just to be safe, change to 'Use specific OpenPGP Key' and select it's ID.</p>
<p><a href="images/99/setup053.png"><img src="images/99/setup053.png" width="640" height="480" alt="Step 26" /></a></p>
</li>
</ol>
<p>That's it for the basic setup. This is only scratching the surface of what a PKI entails but you should have enough under control now to get started.</p>
<p>Go forth and encrypt your emails.</p>
</div>
<br clear="both" />
<div id="footer">
<a href="bitcoin:1M81ktH32o1gv4DKvbY7RPnaRiq1oPFvW7?label=FSNG">1M81ktH32o1gv4DKvbY7RPnaRiq1oPFvW7<img src="images/bitcoin.png" /></a>
</div>
</body>
</html>