2

Note: NOTHING is 100% secure. However, consider this your FIRST STEP toward 10,000% better online security. Encourage others to use the same security steps for a secure network of friends.

*See the bottom of this post for USB preparation Warnings and back-up instructions

How to create your first new secure email accout

  • Boot-up Tails from your new USB (or the one you created all by yourself).
  • Open your Tor browser (for first-timers, note that Tor is VERY slow. This is because it is using nodes around the world to route traffic - in as secure way as possible. Once connected, it runs almost as fast as a typical browser)
  • Go to http://sigaintevyh2rzvw.onion (this is an onion address - not accessible using unsecure internet browsers)
  • Create a new email account in the usual way.
  • Other secure email account providers include:

How to send encrypted messages using your new secure email account

  • While creating an encryption key (see below) can seem daunting at first, actually using your new key to create and send encrypted email messages in Tails is very easy. Here are the simple instructions:

https://tails.boum.org/doc/encryption_and_privacy/gpgapplet/index.en.html

Note: Once your Master keys are created (see below), you can start using Tails to start sending secure encrypted messages. You ONLY have to create subkeys if you'd like to use them on other computers.

How to create your very own Encryption Master Key (PGP) within Tails

Note: A Master key is a key that can be used to create and authenticate your subkeys - subkeys are to be used on your various computers that you own. AND, EVERY key is actually a KEY PAIR - your PUBLIC Key and your PRIVATE Key. You can give out your PUBLIC key for those that want to email you an encrypted message but NEVER give out your PRIVATE key (more on that later).

  • After you are booted up and logged into your Tails OS... (make SURE you are DISCONNECTED from your Wi-Fi when creating encryption keys)
  • These instructions assume your new email address is youraddress@sigaint.org
  • Think of and write down a long string for your your PGP passkey like: thisismysupersecretpasskey
  • Open Tails' Terminal program.
  • Enter the following command after the '$' cursor inside of your Terminal program: 
$gpg --expert --gen-key

  • Your selection should be 'RSA' to set your own custom configuration.
  • ALWAYS choose the HIGHEST level of encryption: e.g. 4096-bit RSA
  • Turn off signing & encryption by
    • 's' --> Toggle the sign capability
    • 'e' --> Toggle the encryption capability
  • 'q' --> quit when finished this step

...

...valid for ? 0

...(y/N) ? y

...Real name: youraddress

...Email: youraddress@sigaint.org

...passphrase: thisismysupersecretpasskey

  • Randomly move your computer cursor around and around to generate entropy - random numbers for the computer to create your Master key encryption.
  • You now have an Open PGP key with 4096-bit RSA primary key for certifying other subkeys.
  • Now, you can add the subkeys you can use for signing, encryption, and authentication

Before we discuss the creation of your subkeys, here are some handy commands for you to use to check your work:

  • Use the following command to check your list of keys:

$gpg --list-keys

  • The following command does the exact same operation (short-hand):

$gpg -k

  • The following command shows ONLY your SECRET keys:

$gpg -K

  • For security reasons, the folder that holds your keys is hidden. To view this folder, please use the following command:
$cd ~/.gnupg

Now, before we generate your new subkeys, please follow these rules for your own security:

  • When setting up your subkeys, always have short expiration dates (e.g. 30 days, 1 year, etc.)
  • Periodically REVOKE subkeys as necessary - we will discuss that later.
  • You may want to purchase a Hardware Security Module (HSM)

AN ALTERNATIVE FOR EXTRA SECURITY:

The following enables you to strengthen your HASH preferences (extra secure encryption):

$gpg --edit-key youraddress@sigaint.org

...

gpg> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

[Enter your passkey]

gpg> save

Warnings and back-up instructions

For Mac:

You need to be logged in to comment.
search only within Jackson_B

About Jackson_B

journal/jackson_bJackson_BWhat can we say about this community? It's awesome. (How's that for filler?)

Latest Activity