Encrypting email to secure your deal making–or just to avoid Big Brother’s invasive eye–just got a whole lot easier.

FireGPG is a Firefox add-on that acts as an easy-to-use interface for the fantastic–and normally fantastically difficult to use–GnuPGP encryption. GnuPG is free, open source, military-grade strength ‘public-key’ encryption for email. It’s truly par excellence.

In short, in public-key encryption, each user has both a public key (for encrypting email) and a private key (for decrypting email). You give your public key to anyone and everyone. Your friends, family, and business contacts use it to encrypt email that they send to you. A public key can only encrypt messages. It cannot decrypt messages. So even if your enemies have your public key, all they can do with it is use it to encrypt messages that only you could read. On the other hand, your private key and password to it must kept absolutely secret because they are used to decrypt and read your messages.

So, many people have your public key, only you have your secret private key, and over time you’ll gather a public key for each of your contacts. FireGPG keeps these organized and easy to use.

1.) Download & install GNU Privacy Guard: GnuPG 1.4.10b (PC) or GnuPG 2.x (MAC)

This is a binary. So once downloaded and installed, you won’t launch and use it like a regular application, per se. Rather, other applications–such as FireGPG–use it on their back end for the actual encryption algos.

2.) Download & install FireGPG

3.) Launch FireGPG Setup Assistant (FireFox > Tools > Add Ons > FireGPG Preferences)

You’ll probably want to leave the home directory at the default. This will store your keychain locally on your computer (easiest). If so, just click ‘Next.’ But if you’re feeling a bit James Bondish and want to store your keychain on a secure, encrypted USB drive, set your home directory to that device here. This can be a really good idea actually if you want to keep your contact list secure and always with you. (If you use the default now, you can always change it later by running through the set up assistant again from within FireGPG’s options panel.)

Enter your name (‘Me’ or whatever), your email address, and choose a password that you’ll use to decrypt and read messages that you receive. (This can be changed again later.) Select the longest key length available (4096) for greatest security. You won’t notice a speed difference over shorter keys anyway. Then generate your key pair.

You’ve now created your own PGP public/private key pair. The hard part is over.

4.) Now you can share your public key with your friends, family, and business connections so they can encrypt messages that they send to you. This can be accomplished in person via a USB drive, emailing the public key file, posting on your website for download, or uploading to a PGP key server.

To find your public key file, open FireGPG’s ‘Key Manager,’ select your name, then click ‘Export to File.’ And share widely. Or click ‘Export to server’ to share really widely.

5.) When friends give you their public key, just do the reverse. Import their public keys to your keychain by opening FireGPG’s ‘Key Manager’ (right-click, ‘FireGPG’ > ‘Key Manager’) and clicking ‘Import from file.’

6.) Using FireGPG day-to-day is surprisingly easy.

To encrypt email: Just compose your message like normal, select it (Ctrl+A), then right-click and go to ‘FIreGPG’ > ‘Encrypt’. Your keychain contact list will appear. Just select the recipient’s name and FireGPG automatically encrypts your message using their public key!

To decrypt email: Select the entire message (from ‘BEGIN PGP MESSAGE’ to ‘END PGP MESSAGE’), right-click and go to ‘FIreGPG’ > ‘Decrypt’, and enter your password. That’s it!

A few caveats:
1.) Subject lines are not encrypted. So be generic!
2.) For Gmail users: Gmail autosaves messages while you compose them–even sensitive messages before you’ve finished composing and encrypted. To protect against this, you can turn off autosave a number of different ways: a.) Turn off autosave within Gmail, b.) Turn off Gmail autosave via FireGPG’s options panel (Firefox > Tools > FireGPG options > Gmail > check ‘Disable autosave feature’), or c.) Compose messages in FireGPG’s text editor, encrypt, then copy to Gmail and send.
3.) Encrypt everything! Even if it’s just your weekend plans. Encrypting everything prevents drawing attention to only those that are actually sensitive. Security through obscurity. And as more and more people encrypt email, everyone grows even safer.

If you got this far, the hard part is DONE. Day-to-day use is easy.