Security at sea: encrypted email

Is there really such a thing as private communications anymore? By long-standing convention, radio traffic (except emergency and "all ships" calls) is supposed to be kept confidential, but these days, I wouldn't put too much faith in that. Public 802.11 wi-fi is also remarkably easy to hack, unless you're on one of the rare networks that use WPA2 encryption and rotate the access codes frequently. If you're using a Pactor modem and don't have a fully encrypted connection, you simply have to trust that nobody who picks up your signal has hacked their own Pactor to receive it. If you're cruising far from home, consider what might happen if a pirate, identity phisher or other criminal were reading every email you send and receive. How do you keep them out?

The solution has been floating around the geek world since 1991, although outside of crypto nerds, few have heard of it. It's a public key encryption scheme called PGP, for "Pretty Good Privacy". For our purposes, it can be summed up as follows:

Email you send is encrypted using a "public" key given to you by the friend you're sending the mail to, and can only be decrypted by the matching "private" key, which exists only on your friend's computer.

Email your friends send to you is encrypted with your public key, which you've made freely available to all of them (or even to the entire Internet). Anyone intercepting the message just gets a seemingly random series of garbled characters, but your own private key can decrypt it and restore the original message.

For instance, let's say you want to send a trip plan to a few fellow cruisers and to someone back home. Perhaps it looks something like this:

Departing Mombasa for Al Mukala morning of May 28.
Will check in on 8143 kHz at 0000, 0600, 1200 and 1800 each day.
2.30'15" S by 44.30'10" E
10.30'45" N by 53.15'12" E

You can imagine how a pirate or other criminal would love to get his hands on a transmission like this, and a lot of them certainly have the money to blow on computer and radio hardware to find and record it. Encrypt it with your friend's public PGP key, though, and anyone intercepting the transmission- no matter how sophisticated their equipment or how much hacking prowess they bring to the task- will only ever be able to get twenty-odd lines of garbled nonsense:


But the matching private key, safely hidden on your friend's computer, turns the mumbo-jumbo back into the original text. In between, you can safely transmit the ciphered message over any medium- Pactor modem, wi-fi, satphone- secure in the knowledge that nobody (with the possible exception of a full engineering team at the NSA) will be able to read it. No weird bandwidth-hogging protocols are required in between; the transmitted message is just a plain text email like any other, except for the garbling of the message text.

Linux users probably have the requisite software, GnuPG, already lurking in their software repositories. Windows users can use Gpg4win to manage their encryption keys. Also needed is a plugin for whatever email software you're using; Thunderbird users can do this with Enigmail while Outlook users will use the GpgOL plugin included with Gpg4win. Most other common email programs have PGP plugins to be found with a quick bit of Web searching. Of course, the users on both ends have to have the encryption software installed for it to work- thankfully, these are small, unobtrusive and easy to use programs.

Once the software is installed, you'll have to create a key pair (one private, one public) for each email account you want to use for encrypted transmissions. (Unlike most encryption schemes, PGP's "web of trust" model lets you create your own keys and to share your confidence, or lack thereof, in the validity of other people's keys.) Anyone with your public key can encrypt things "for your eyes only", so you should give this one to all your friends. Your private key remains safely locked up in your own computer's keyring software, along with copies of your friends' public keys. With these keys, plus a couple of buttons the plugins add to your email software, you can keep whatever emails and file transmissions you want a complete secret from anyone other than the intended recipient.




Add new comment