Changes since the pre-release version:
Simplified Tails startup
Shorter key generation
Added Mac PGP tutorial link
As presented at
Code Freeze 2015 on January 14, 2015
Why secure mail?
What is the Web of Trust?
Configure OpenPGP for mail in Tails
Why secure mail?
SSL/TLS has several weaknesses
work: send administrative credentials (
w/o Post-It's) play: sweet nothings ♡
" The stakes for getting copyright right have never been higher.
There has never been a fight over entertainment-related technology
where the consequences
for everyone outside the entertainment industry
were potentially more disastrous than they are now. "
"... Every day that goes by creates more people
for whom the Internet is a key part of their lives. Meanwhile,
the entertainment companies have told they world that unless
they get to regulate the Internet, they will die.
It's us or the Internet, they say. The danger is if they keep
this up, they'll be right. "
WHO U GONNA TRUST?
THE WEB OF TRUST!
An OpenGPG encrypted e-mail looks like...
The WoT beyond mail
Verifying websites (w/o CA)
Verifying ssh host ids
Authorizing ssh users
Sender has a OpenPGP key
Receiver has a OpenPGP key
each other's public key
e-mail server supporting IMAP/SMTP
e-mail client configured for OpenPGP
version 1.2.3 due
today Jan 14
a live system from a USB drive
includes GPG (an implementation of OpenPGP)
includes Claws e-mail (supports OpenPGP)
...and much more!
get 2 USB drives (4GB is fine)
tails-i386-1.2.2.iso & .sig [opt]
gpg --verify tails-i386-1.2.2.iso.sig install Tails on first USB drive
boot into Tails
use Tails to install on the second USB drive -- this time with a persistent volume
I'm sorry; your browser doesn't support HTML5 video in WebM with VP8. Please see video formats
Boot into the (first) USB drive...
Install Tails on the second USB drive
Boot into the second USB drive...
Reboot into Tails
to enable the
Now use the Tor browser to log into webmail
to verify that you can reach your e-mail server.
note: you may have login challenges
note: you may have to enable IMAP
warning: logging in will de-anonymize you
You got webmail working?
Great! Let's make an OpenPGP key...
Yay! Now let's trade
public keys... ↷ export mine, share with a friend
↶ acquire friend's key, import it
Export my key:
tommarble.asc Import their key:
Configure Claws e-mail in Tails
Setup Claws e-mail preferences
Ooops I CAN HAZ A nasty BUG?
Must workaround this or else...
UR MAILZ CLEARTEXT READ THEM I CAN
note: you can accept the dialog about your friend's key not being trusted
Let's double check webmail...
create a new OpenPGP key (or copy the key
~/.gnupg dir from Tails) on your laptop configure e-mail for OpenPGP
attend a Key Signing Party
and sign keys 1 on 1 when you can
In the future...
Secure e-mail will be easy