• 1 Concepts in Message Encryption
• 2 Tips for Learning Message Encryption
• 3 Limitations of Message Encryption
• 4 Email Encryption with PGP
• 5 Instant Message Encryption with OTR

Message security is the practice of encrypting messages on your device so that they can be read only by the intended recipient. Although network security and device security are important, this kind of message encryption is necessary in many situations:

• Confidentiality: Message encryption is the only way to ensure that only the indented recipients are reading your messages.
• Authenticity: Message encryption is the only way to ensure the identity of the people you are communicating with.

Practicing message encryption, however, can be a challenge:

• You must own a device: The idea with message encryption is that you don’t trust another party to encrypt your communication for you. Therefore, all the encryption takes place on your machine, which means you need to own your own device.
• Steep learning curve: In order to use encryption software correctly, you will need to spend a significant amount of time learning important encryption concepts like public keys, private keys, keyrings, etc.
• Limited correspondents: With message encryption, you can only communicate securely with other people using the same software.

Obviously, these guarantees of security don’t apply if your device has been compromised.

Concepts in Message Encryption¶

What these help pages call “message encryption” is technically called “public-key cryptography”. Here is how it works:

• Private key: Everyone has their own private key. As the name implies, this key must be kept private. You use this private key in order to read the encrypted messages sent to you.
• Public key: Everyone also has a public key. This key is often distributed far and wide. When someone wants to send you a secure message, they use your public key to encrypt it. Only the person with the corresponding private key will be able to decrypt it.

Tips for Learning Message Encryption¶

Although it provides the highest level of security, public-key encryption is still an adventure to use. To make your journey less scary, we suggest you keep these things in mind:

• Be in it for the long haul: using public-key encryption takes a commitment to learning a lot of new skills and jargon. The widespread adoption of public-key encryption is a long way off, so it may seem like a lot of work for not much benefit. However, we need early adopters who can help build a critical mass of public-key encryption users.

• Develop encryption buddies: although most your traffic might not be encrypted, if you find someone else who uses public-key encryption try to make a practice of only communicating securely with that person.

• Look for advocates: people who use public-key encryption usually love to evangelize about it and help others to use it to. Find someone like this who can answer your questions and help you along.

Limitations of Message Encryption¶

Although you can hide the contents of email with public-key encryption, it does not hide who you are sending mail to and receiving mail from. This means that even with public key encryption there is a lot of personal information which is not secure.

Why? Imagine that someone knew nothing of the content of your mail correspondence, but they knew who you sent mail to and received mail from and they knew how often and what the subject line was. This information can provide a picture of your associations, habits, contacts, interests and activities.

The only way to keep your list of associations private is to to use a service provider which will establish a secure connection with other service providers. See our directory of radical servers for a list of such providers.

Email Encryption with PGP¶

The universal standard for public-key encryption is Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG). GPG is Free Software, while PGP is a proprietary product (although there are many freeware versions available). Both work interchangeably and are available as convenient add-ons to mail clients for Linux, Mac, and Windows.

For information configuring your mail client to use public key encryption, see our mail client tutorial pages. In particular, see the tutorials for Apple Mail and Thunderbird. Otherwise, you should refer the to documentation which comes with your particular mail client.

For more information about encrypted email, check out our encrypted email FAQ.

• Primer on using OpenPGP keys
  • For Linux
  • For Windows
  • For Mac
• Encrypting your email
  • With Thunderbird and Enigmail

Instant Message Encryption with OTR¶

Off The Record (OTR) is a way to send and receive secure instant messages.

[insert-toc otr]