[chmod]

As you know communication is key when working in groups to accomplish things, the problem is how to do it without leaking information with a third party. There are things you could do to help reduce this problem, things like IRC and PM systems on forums are good, but what if you could do it through email? sending text and files in a such a way that anybody but the intended recipient would have very little chance of actually reading/accessing, and sent in such a way that hides your identity and your friends identity. That's what we will be accomplishing today.

I will be writing this guide for Linux systems but all of the tools and techniques used are cross platform and can be used with windows/mac computers as well.

Before we get started you will need some tools:

TOR
Thunderbird
torbirdy
Enigmail
GPG

Note we need TOR to run as a daemon and not vidalia or this wont work

linux
mac/windows

Go ahead and install that and start the service as you will need it later.

Download and install GPG (it comes pre-installed on most Linux distros)

now generate a new key pair for Linux users open up a terminal and enter the following command:

Code:

gpg --gen-key

you will be presented with the following options

Code:

[chmod@localhost /]$ gpg --gen-key
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?

I used the default option, next you will get something like:

Code:

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)

the longer you make your key the harder it is to bruteforce but the longer it takes to encrypt/decrypt messages.

Code:

Requested keysize is 3072 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)

Again up to you I chose not to have mine expire but you can change this if you like next you will be asked for your name and email, make both of these up it doesn't matter

Code:

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: chmod
Email address: chmod@nowhere.com
Comment:
You selected this USER-ID:
    "chmod <chmod@nowhere.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

Next it will ask you to provide a private key that only you should know.
then it will go off and generate your public key try to move your mouse around as much as possible to generate some random bytes.

that's it you can now use

Code:

gpg --list-keys

to verify the key has been successfully created and use

Code:

gpg --armour --export chmod@nowhere.com

to get your public key which people use to encrypt messages/files they wish to send to you.

Importing keys can be done with

Code:

gpg --import filename.gpg

if the key is sent to you using plain text just paste it into Kwrite/notepad and save as whatever.gpg
or if a key is sent via email Thunderbird will ask you if you would like to import it.

to encrypt a file use the command

Code:

gpg --output doc.gpg --encrypt --recipient chmod@nowhere.com doc

Next we will use an @tormail.org account to send and receive mail this is a deep web service and gives very good anonymity connect to the TOR network if you haven't already and configure your browser to use it (or use the TOR browser bundle if you so prefer) and head over to http://jhiwjjlqpyawmpjx.onion/ which can only be accessed by TOR and therefore cannot be traced to your IP address, when you create an account you will only be asked for your desired email address and a password, no personal information is ever requested.

Now that you have your keypair and @tormail address you will need the Thunderbird mail client.

when you start Thunderbird go to Tools>add-ons and search for and install torbirdy and enigmail (you will need to restart Thunderbird to activate these)

next bring up the add-ons page again and select the preferences option on torbirdy then hit "test" to verify you are connected to the tor network if this fails you may have to manually enter the settings, go here for a how to http://jhiwjjlqpyawmpjx.onion/help.html and a guide for adding your account to Thunderbird.

That's it when composing a new message use the recipients public key to encrypt the message using the openPGP button in the new mail window and they can then decrypt the message using their own private key

[Linuxephus™]

This is a great little tutorial Chmod.
I have a similar setup on my end.
Though truth be told, I rarely if ever actually use it.
One of two differences is that Vidalia (the GUI frontend for Tor) works with-out problems for me whilst running Tor as a demon.
The second difference on my end is Torbirdy not being used because I configured Thunderbird directly with-out need of Torbirdy which merely does the configuring for you, much akin to Vidalia, which configures the Tor daemon for use.
That being stated, your tutorial serves well the purpose for configuring all of the above in a simple and direct manner, as it should be.:thumbs:

[chmod]

Yeah I found setting up thunderbird without the plugin fairly straightforward but chose to add it in out of ease, however while using vidalia alone I couldn't get thunderbird to connect to the TOR network, hence why I went the long way around again for ease. As for usage I too very rarely use it, I find myself using it purely for communicating with members of the deep Web

Anyway thank you for the feedback I appreciate it

[Linuxephus™]

Yeah I found setting up thunderbird without the plugin fairly straightforward but chose to add it in out of ease, however while using vidalia alone I couldn't get thunderbird to connect to the TOR network, hence why I went the long way around again for ease. As for usage I too very rarely use it, I find myself using it purely for communicating with members of the deep Web

Anyway thank you for the feedback I appreciate it

No worries mate.
The "feedback" certainly wasn't meant as corrective iteration or anything (nor am I inferring that you thought it to be such) of that nature as I'm sure you're already aware of.
Merely an explanation of my own set-up while remaining fully aware of why you chose the specific setup for The Reader as you did. Which in all actuality, your setup would avoid any potential problems versus the latter method we both use by default.

[chmod]

Yes I know that your comments where not meant as corrective, merely serving as showing there are always different ways to achieve things and discussing alternative ways to achieve the goals mentioned in post #1

[Mr.BerTii]

Wow this is great a loot off thanks

[Ex094]

Awesome tutorial mate, BTW how do you feel about Tor? Is it worth it?

[Linuxephus™]

Awesome tutorial mate, BTW how do you feel about Tor? Is it worth it?

It most assuredly is worth it.
Just as any good VPN is as well.
Both serve similar functions whilst going about differing ways of applying those "similar functions".

[chmod]

how i give my mail address?

isn't it compromise with my identy?

how can i solve this?

It's common sense, only give out your email address to trusted parties. Also providers such as tormail do not require you to enter any personal information when opening an account.