Instructions (How to create encryption keys, send encrypted email messages, browse the web securely, etc.)

* editorial posted by Jackson_B in Jackson_B

Note: NOTHING is 100% secure. However, consider this your FIRST STEP toward 10,000% better online security. Encourage others to use the same security steps for a secure network of friends.

*See the bottom of this post for USB preparation Warnings and back-up instructions

How to create your first new secure email accout

Boot-up Tails from your new USB (or the one you created all by yourself).
Open your Tor browser (for first-timers, note that Tor is VERY slow. This is because it is using nodes around the world to route traffic - in as secure way as possible. Once connected, it runs almost as fast as a typical browser)
Go to http://sigaintevyh2rzvw.onion (this is an onion address - not accessible using unsecure internet browsers)
Create a new email account in the usual way.
Other secure email account providers include:
- http://mail2tor2zyjdctd.onion, and
- https://so36.net/services/mail

How to send encrypted messages using your new secure email account

While creating an encryption key (see below) can seem daunting at first, actually using your new key to create and send encrypted email messages in Tails is very easy. Here are the simple instructions:

https://tails.boum.org/doc/encryption_and_privacy/gpgapplet/index.en.html

Note: Once your Master keys are created (see below), you can start using Tails to start sending secure encrypted messages. You ONLY have to create subkeys if you'd like to use them on other computers.

How to create your very own Encryption Master Key (PGP) within Tails

Note: A Master key is a key that can be used to create and authenticate your subkeys - subkeys are to be used on your various computers that you own. AND, EVERY key is actually a KEY PAIR - your PUBLIC Key and your PRIVATE Key. You can give out your PUBLIC key for those that want to email you an encrypted message but NEVER give out your PRIVATE key (more on that later).

After you are booted up and logged into your Tails OS... (make SURE you are DISCONNECTED from your Wi-Fi when creating encryption keys)
These instructions assume your new email address is youraddress@sigaint.org
Think of and write down a long string for your your PGP passkey like: thisismysupersecretpasskey
Open Tails' Terminal program.
Enter the following command after the '$' cursor inside of your Terminal program:

$gpg --expert --gen-key

Your selection should be 'RSA' to set your own custom configuration.
ALWAYS choose the HIGHEST level of encryption: e.g. 4096-bit RSA
Turn off signing & encryption by
- 's' --> Toggle the sign capability
- 'e' --> Toggle the encryption capability
'q' --> quit when finished this step

...

...valid for ? 0

...(y/N) ? y

...Real name: youraddress

...Email: youraddress@sigaint.org

...passphrase: thisismysupersecretpasskey

Randomly move your computer cursor around and around to generate entropy - random numbers for the computer to create your Master key encryption.
You now have an Open PGP key with 4096-bit RSA primary key for certifying other subkeys.
Now, you can add the subkeys you can use for signing, encryption, and authentication

Before we discuss the creation of your subkeys, here are some handy commands for you to use to check your work:

Use the following command to check your list of keys:

$gpg --list-keys

The following command does the exact same operation (short-hand):

$gpg -k

The following command shows ONLY your SECRET keys:

$gpg -K

For security reasons, the folder that holds your keys is hidden. To view this folder, please use the following command:

$cd ~/.gnupg

Now, before we generate your new subkeys, please follow these rules for your own security:

When setting up your subkeys, always have short expiration dates (e.g. 30 days, 1 year, etc.)
Periodically REVOKE subkeys as necessary - we will discuss that later.
You may want to purchase a Hardware Security Module (HSM)
- see https://shop.kernelconcepts.de (~ 30 EUROS or 33 USD)

AN ALTERNATIVE FOR EXTRA SECURITY:

The following enables you to strengthen your HASH preferences (extra secure encryption):

$gpg --edit-key youraddress@sigaint.org

...

gpg> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

[Enter your passkey]

gpg> save

Warnings and back-up instructions

For Mac:

Always back-up your computer using Time Machine and print the instructions for restoration BEFORE using the USB: https://support.apple.com/en-us/HT201250
After backing up your machine, please follow these instructions to install the reFind bootloader in case you find it necessary: https://tails.boum.org/doc/first_steps/start_tails/index.en.html#usb-mac

No comments

Instructions,

Online,

Safety,

Tor,

You need to be logged in to comment.

Latest Activity