Secure E-Mail with Gpg4win

On the 07.05.2019 the BSI (Federal Office for Information Security) has released a press article that federal institutions may use Gpg4win ( https://www.gpg4win.de/ ) to send VS-NfD / restricted data via mail.
which means for us..
-> if it's safe for restricted federal data...
-> it's safe to use for everyone's emails as well 🙂

https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Gpg4win-mit-VS-NfD-070519.html

A note on why you should encrypt and what the software does, can be found here

https://www.bsi.bund.de/DE/Themen/Kryptografie_Kryptotechnologie/Kryptotechnologie/Gpg4win/gpg4win_node.html

Basically.. if you send private messages... in the realworld, you wouldn't want to send several things readable to everyone on the way either, like on a postcard.

=> On the web.. sending emails is like sending postcards...

Of course, TLS/SSL helps that the way your message is transferred safely.. but on the servers, your emails are still readable in clear text.
Oh.. wait.. there is the patriot act, which allows national agencies to access to those on demand. but not only the USA has such laws..

The thing is, that federal security agencies like the NSA might copy your emails and make profiles from it.
Even your metadata 😉 speaks a lot about you
who you are friend with.. what topics you talk to them.. when you are awake, if you are in vacations, from which location/computer you send your email from... and many more

The goal here is: END to END
private/public key encryption (RSA)

How does RSA work?

You can encrypt with a public key but only decrypt with a private key.
https://www.tutorialspoint.com/cryptography/public_key_encryption.htm

You generate a password-protected private key, which you don't share.
With this one, you generate a public key.

Now you send your public key to the other person.
The other person encrypts the message with your public key and sends it to you.
You can decrypt the message with your private key.

I'll make a tutorial on how actually to use Gpg4win