Email messages are sent in plain text. It is possible for anyone with access to our network with packet sniffing software to read your email messages as they are being sent in plain text. This is why we recommend that you use secure email communications when sharing sensitive data via email. Encrypting your email messages protects the privacy of the message by converting it from plain, readable text into cipher (scrambled) text. Only the recipient will be able to decipher the email message.
You should use secure mail whenever you send a message that contains:
- Individually identifiable personal information
- Legal communication
- Financial communication (credit card or bank account numbers…)
- SSN (but we prefer you do not send these in email at all)
- Medical or Educational records (grades used in context with personally identifiable information such as name, address, Student ID …)
- if in doubt use secure email..
The process of sharing encrypted email requires the sender AND recipient to acquire a Certificate. An issued certificate will contain a private and a public key. Then the sender and recipient must share their public keys (which is part of their digital signature). These keys will be stored in the CONTACTS folder in Outlook. A certificate will only need to be requested (step 1&2) ONE time. You will need to share your key (step 3) with EACH co-worker that you will send/receive encrypted email . You must send them your key- they must send you theirs.
The method of sending and receiving encrypted email at USI, is to use GPG. Instructions below.
GPG instructions 1.1.4 (Gnu Privacy Guard)
- Start Internet Explorer, go to http://ftp.gpg4win.org
- Scroll down and find GPG4WIN 1.1.4.exe double click
- Click RUN (then wait)
- Click RUN, Next, Next,
- In list of Components to add – check GnuPg2 box ,Uncheck Novice manual (GERMAN) and Advanced Manual (GERMAN) , click NEXT, Next
- Leave the start menu checked, leave desktop and Quick launch unchecked, Next, Install, Next
- Uncheck “show readme” and click FINISH
- Close Internet Explorer
Generate and backup your keys
- Click Start, All Programs, GnuPG for Windows, WINPT
- Select Generate a GnuPG Key pair, OK
- Enter your name and click Forward
- Enter your email address and click OK
- Enter passphrase (must be 8+ characters and contain at least one letter and number)
- Reenter password (wait), OK
- Backup Key now – YES
- **In the next 2 steps you will name/rename your public and Private Keys **
- Choose “Desktop” (on the left) and name the first file: username_PUBRING_bak.GPG where username is your username (example: jsmith_pubring_bak.gpg) click SAVE
- Put the second file on the desktop also, name it username_SECRING_bak.GPG
- Use Copy and Paste to copy these 2 files (on desktop) to your H: drive as a backup.
Put a copy of your Public Key in a shared location (O drive) and in your H: drive.
- Start WinPT (double click KEY icon in lower right corner by the current TIME)
- Highlight YOUR name and at the top click the word KEY (on the FILE, EDIT.. menu NOT an icon)
- Click EXPORT, click MyComputer (on left), Choose the H drive, (let file name default to firstname_lastname) , Click Open, Click Save
- Click EXPORT, click MyComputer, chose the O drive, find and double click the folder GPG Public Keys . Click OPEN, SAVE (This is a common place we can all share our PUBLIC keys)
Import a copy of other people’s public key
- Start WinPT
- Click Key, IMPORT
- Click on MyComputer (on left), navigate to O:\gpg public keys\
- Highlight the name of someone you will share encrypted messages with, and click OPEN
- Click IMPORT, and OK
(do these steps for every person necessary)
Set up Outlook to use your keys
- Start WinPT
- Find YOUR public/private key pair in the list (it should say pub/sec in the TYPE field)
- RIGHT click on YOUR public/private key pair, choose KEY ATTRIBUTES
- Choose COPY KEY ID To CLIPBOARD
- Close WinPT
- Start Outlook, choose TOOLS, Options, GnuPG Tab (if this tab isn’t here – close Outlook and reopen outlook)
- Check box “Also encrypt message with the default key,
- RIGHT click in the adjoining box and choose PASTE.
- Check the box “Also decrypt in preview window, click Apply and OK.
How to send a message:
- Start new message in Outlook
- Choose recipients, type subject
- Type your message – you can include attachments
- Click the Add-Ins Menu
- You will see 2 icons the first (top) is used to ENCRYPT the message; the lower icon is to digitally sign a message.
- Click each of these icons – they will appear highlighted.
- Click SEND
- A dialog box will pop-up, you will need to select the recipients of the message – double click on them and it should move their name to the lower window.
- Click OK.
- Enter Passphrase
How to receive an encrypted message
- Open message, it will ask for your passphrase
- Click Add-Ins
- Click Decrypt icon/button
Each time you have a NEW person to share encrypted messages with, you will need to do the step Import a copy of other people’s public key
To encrypt a FILE (not the whole email message)
- Start, Programs, GnuPG for Windows
- Click the file ICON
- Click OPEN, and Navigate to the file you want to encrypt.
- Choose your recipient, OK, Yes
- The new file will be in the same folder location as the original – with the same file name except .gpg file extension.
Since you have shared your key with the recipient they should receive this email and open it as a normal message.
What have you accomplished? If someone were “sniffing” the wire as this message was being passed, they would not see plain readable text – it would appear as garbled text.
Questions or corrections to this page? Call Carol Schmitt x1987 or the Help Desk x1080