M41LZ in Tails
securing e-mail
Copyright © 2015 Tom Marble
attrib
CHANGELOG
1.0.0
- Changes since the pre-release version:
- Simplified Tails startup
- Shorter key generation
- Added Mac PGP tutorial link
- As presented at Code Freeze 2015 on January 14, 2015
I'm going to learn...
SECURE E-MAIL?
attrib
agenda
- Why secure mail?
- What is the Web of Trust?
- Running Tails
- Configure OpenPGP for mail in Tails
- Next steps
Why secure mail?
- SSL/TLS has several weaknesses
- ¬secure sites (e.g. MNsure, Lavabit)
- MiTM is a business model
- work: send administrative credentials (w/o Post-It's)
- play: sweet nothings ♡
" The stakes for getting copyright right have never been higher. There has never been a fight over entertainment-related technology where the consequences for everyone outside the entertainment industry were potentially more disastrous than they are now. "
attrib"... Every day that goes by creates more people
for whom the Internet is a key part of their lives. Meanwhile,
the entertainment companies have told they world that unless
they get to regulate the Internet, they will die.
It's us or the Internet, they say. The danger is if they keep
this up, they'll be right. "
WHO U GONNA TRUST?
THE WEB OF TRUST!
attribOpenPGP
attrib2 degrees of separation
An OpenGPG encrypted e-mail looks like...
The WoT beyond mail
- Verifying software
- With monkeysphere.info
- Verifying websites (w/o CA)
- Verifying ssh host ids
- Authorizing ssh users
OpenPGP e-mail:
- Sender has a OpenPGP key
- Receiver has a OpenPGP key
- Both have:
- each other's public key
- e-mail server supporting IMAP/SMTP
- e-mail client configured for OpenPGP
version 1.2.3 due today Jan 14
attribRunning Tails
- a live system from a USB drive
- includes GPG (an implementation of OpenPGP)
- includes Claws e-mail (supports OpenPGP)
- uses Tor
- ...and much more!
anonymity is hard
attribInstall Tails
- get 2 USB drives (4GB is fine)
- download tails-i386-1.2.2.iso & .sig
- [opt] gpg --verify tails-i386-1.2.2.iso.sig
- install Tails on first USB drive
- boot into Tails
- use Tails to install on the second USB drive -- this time with a persistent volume
tmarble → WoT → tails
Starting tails...
Boot into the (first) USB drive...
Install Tails on the second USB drive
Boot into the second USB drive...
Configure the Persistent/ volume
Reboot into Tails
to enable the Persistent/ volume
Now use the Tor browser to log into webmail
to verify that you can reach your e-mail server.
note: you may have login challenges
note: you may have to enable IMAP
warning: logging in will de-anonymize you
You got webmail working?
Great! Let's make an OpenPGP key...
GPG 1/9
GPG 2/9
GPG 3/9
GPG 4/9
GPG 5/9
GPG 6/9
GPG 7/9
GPG 8/9
GPG 9/9
remember
your
passphrase!
Yay! Now let's trade public keys...
↷ export mine, share with a friend
↶ acquire friend's key, import it
Export my key: tommarble.asc
Import their key: tmarble.asc
Configure Claws e-mail in Tails
Setup Claws e-mail preferences
Ooops I CAN HAZ A nasty BUG?
Must workaround this or else...
UR MAILZ CLEARTEXT READ THEM I CAN
attribLet's send secure mail!
note: you can accept the dialog about your friend's key not being trusted
SENT... yay!
Let's double check webmail...
wut? ☺
What does my friend see?
decrypts your mail and
encrypts a response...
You have new mail!
I knew that!
Next steps...
- create a new OpenPGP key (or copy the key ~/.gnupg dir from Tails) on your laptop
- configure e-mail for OpenPGP
- Enigmail for Mozilla Thunderbird
- PGP Tutorial for Mac
- My guide to Secure Mail for Windows
- attend a Key Signing Party
- and sign keys 1 on 1 when you can
Resources
In the future...
Secure e-mail will be easy
PLEASE!
attrib- tmarble
- biz card
- OpenPGP
- fingerprint
Questions? Discussion...
attrib
Credits
- Presentation engine is pink by @bodil
- Hover in lower left corner for image credits
- Slides gitorious.org/tmarble/mailz-in-tails
- Blog tmarble.info9.net
