Tag: e-mail

Written by Eric Bright

Last update on August 29, 2013

2nd updated on August 25, 2011

First published on Feb 3, 2009

[UPDATE: This solution would not work with Gmail any longer, because the Firefox add-on that I was using at the time is not supported any more. Read the instructions for the updated method of signing your email here.]

Requirements:

• Operating systems: Win XP, Vista, or 7
• Softwares: GnuPG, Firefox, FireGPG (it’s a Firefox add-on), GPGshell
• A gmail account
• Enough time

1. Go to Tools > Add-ons > Get add-ons
2. Search this: FireGPG [UPDATE: this extension is discontinued. It will not work with Gmail any more because the Gmail support is removed from the extension. Here is the blog-post explaining the discontinuation.]
3. When the add-on is found, install it [UPDATE: the add-on (or extension) is not available on Firefox Add-on web site any more. You can get it from here though.]
4. Download GnuPG from here
5. Install what you have downloaded (the package contains GnuPG: 2.0.17 and several other applications. You only need GnuPG)
6. Restart your Firefox
7. Go to Tools > Add-ons > Extensions
8. Browse down to find FireGPG and then click on Options
9. You will probably get the following message: Error : FireGPG is unable to access the gpg executable. Make sure GPG is installed or specify the path in the preferences.
10. Click on Ok
11. Go to the GPG tab
12. Put a check mark next to Specify the path of GPG
13. Click on the Browse button and browse to the folder you just installed your GPG into. It is usually in the following location by default: C:\Program files\GNU\GnuPG\gpg.exe  (note: in a 64bit Windows, it would be installed in C:\Program Files (x86)\GNU\GnuPG\gpg.exe) Select it and press Open
14. Now you are back to the FireGPG Preferences dialog box. Click on Ok
15. Close Add-ons
16. Now you need to make secure keys to sign your e-mails so NO one can forge your emails any more. Here is how to make new keys and how to use them:
17. Download this GPGshell from here: http://www.jumaros.de/rsoft/index.html
18. Now you should have a file with this name gpgsh377.zip on your desktop (or wherever the downloaded file is put automatically.) Unzip and install GPGshell
19. When you are asked if you “want to use blah blah blah for the GPGshell-HomeDir” say Yes
20. Now you need to set-up your computer’s Environmental Variables’ PATH. To do so, Right-click on My Computer (or on Computer if you use Vista) and select Properties
21. Click on the Advanced tab (“Advanced System Settings” and then “Advanced” tab under Windows 7)
22. Click on the Environmental Variables
23. Then browse down in the System Variables list-box and find PATH
24. Press the Edit button
25. In the Variable Value field, add the following C:\program files\GUN\GnuPG and make sure that it is separated from the next entry by a semicolon (or if you added it to the end of the string, it should be separated from the last item by a semicolon that looks like. (Note: it would be C:\Program Files (x86)\GNU\GnuPG if you are using a 64 bit system)
26. Press Ok, three times I guess
27. If you are on a Win XP machine, you need to restart now for the changes to take effect. Vista/Win7 does not need a restart
28. Now, open Start > GPGshell > GPGkeys
29. It’s the first time you are running this application, so you might not have a pair of keys. Then the program asks you to “create your own key now”. Say Yes
30. GPGkeys’ Key Generation dialogue box will open up. In the User ID section, fill in the Name, Comment, and your E-mail that you are going to use. Example: Name: Andi Ramfield Comment: My first key ring E-mail: [email protected]
31. Now click on the Generate button
32. A command-line window pups up. After it finishes its work, you will get a dialog box asking you to protect your key by a passphrase. Click on Yes
33. A new command-line window comes up again. Now enter your passphraes (like a password, but can be much longer). Example: AnDi-RaMfIeLd-7531. You should repeat it one more time to confirm the passphrase
34. Now the GPGkeys main window comes up. You are done with making a pair of Public key and Private key. You keep the Private key in a safe, and give the Public key to others. You should send me one copy of the Public key that you just created. To do that, in the GPGkey window, right-click on the key you just created. Then select Export. Put it on your desktop. The key that you export has to have pub.asc at the end of its name. That means that it is a public key, not your private key
35. Now log-in into your Gmail e-mail account (or Yahoo or Hotmail or whatever). Go to Compose Mail and write something
36. Select the text you wrote
37. You will see several buttons added to your tool-bar. One is Clear sign. Click on that button while the text in the compose area is still selected
38. FireGPG -private key window will pop up. Select the key you created and click on Ok
39. You will be asked to enter your passphrase. Enter it and bang! You have your text digitally signed
40. But for me to be able to verify your signature, you should attach your public key that you Exported on your desktop. So attach it to the email that you signed (you need to do it once and I will have it on my computer for as long as it is not expired)
41. Ok! Now, you signed the text, and attached your public key. When I get your e-mail, I download your attached public key too, install it on my computer, and will be able to Verify your signature later

That’s it!

The good thing is that I can send you Encrypted e-mails as long as I have your un-expired public key and no one on earth, not even me, can open it [possibly for a long time]. To open it, one has to have your Private key. The Firefox’s add-on, i.e. FireGPG, will decrypt the received encrypted text if it still has your Private key. read more...