Tag Archives: openpgp

Posted on
by

If you’re like me, you have a number of servers running on the wider internet. These servers generate a whole bunch of system emails that are really valuable to an administrator to keep track of the health of their system, but could also give valuable and exploitable information about your system to the bad guys, and since many administrators automatically forward these emails to an external address, it’d be handy if they were automatically encrypted.

Thankfully, on unix at least, this is relatively straightforward.

Setting up an encrypted forward…

  1. Firstly, install the packages you need:

    apt-get install procmail gnupg

  2. Next, in the account you use to forward your email (usually root email is redirected to a non-privileged user, check /etc/aliases), install the public key of the account you’re forwarding messages to:

    gpg --import /path/to/public.key

  3. Now, install the following script in ~/.procmailrc:


    SUBJECT=`formail -xSubject:`
    FROM=`formail -xFrom:`
    :0 c
    *^To:.*root.*
    |formail -I "" | gpg --trust-model always -ear "you@example.com" | mail -r "$FROM" -s "$SUBJECT" you@example.com

If this works, you’ll have an unencrypted copy of the email left on the server, but anything that gets sent externally will be encrypted with your public key.

Thanks to DRG, for the original script for this, which I modified.

Posted on
by

OpenPGP is an encryption technology that is primarily used to secure email, although sadly it is not as widely used as one might like.

Doing my bit to counter the “Summer of Surveillance”, and in a bid to make encryption more omnipresent (and because I had a need for this for a client), I quickly put together a plugin that adds OpenPGP support to Elgg.

The plugin does two main things; provide a mechanism where by a user can upload the public key for their registered email address, and secondly, provide an email handler that will attempt to encrypt any outgoing messages using that key (where possible).

Enjoy!

» Visit the project on Github…

Posted on
by

Today, Groklaw, a site responsible for, among other things, victory in the SCO patent troll attack on the Linux kernel, followed Lavabit and shut it’s doors. It did so because there is now no way to communicate securely on the internet; traffic is routinely intercepted, servers can be stolen and operators forced to reveal confidential sources.

This is the world we live in, and have been living in for a while now, but thanks to a whistleblower we are all forced to confront this reality.

So, as technologists, what can we do to protect ourselves and our loved ones?

Truth is there is no silver bullet, but that doesn’t mean we just give up and go home. While the technology is only a small part of the issue here, it is something that we as technologists and makers are in a position to do things about.

While we work to solve the political problems that have caused this current situation, I think that we need to work towards making cryptography ubiquitous. Analysis of some of the leaked material already suggests that if the level of cryptographic content was raised, it would raise the cost of analysis by government agencies to an impractical level, and at the very least we’d remove “use of encryption” as grounds for suspicion.

When we build systems we need to decentralise, so there’s no one server and operator to intimidate. We need to protect content and metadata, because who talked to whom, and where, is still sensitive information. We need to work on the UX of the systems that are available, so that cryptography isn’t something someone who just wants to use the computer needs to think about. Think of these sorts of things as safety equipment, like seat belts or airbags. They should just work, without the operator having a degree.

Don’t be this guy.

We needed to think about this stuff before the first sharpie hit the paper.

Coulda, shoulda, woulda….

In the mean-time, we need to use the tools that we have. Make security and cryptography ubiquitous. As technologists, we have the knowledge to protect ourselves (and if you’re not already, you’ve got no excuse), but we also have a duty to help our friends, neighbours and family as well.

So, encourage your friends to use encrypted email and OTR messaging on IM, explain why it’s important while helping them install and use the plugin. Install HTTPS Everywhere on your mum’s computer. Talk to your neighbours about the dangers of the guilt by association fallacy in relation to communication metadata while installing the TOR browser bundle on their laptop.

You get the idea, friends don’t let friends use cleartext!