While the deprivation of the Fourth Amendment of the Bill of Rights from the Constitution of the United States proceeds relentlessly from within the government of the United States of America, remaining secure in persons, houses, papers, or effects such as email requires more than simply an understanding of “certain inalienable rights” but that of cryptography. Cryptography, which is itself under attack now in the United States of American through legislation designed to undermine the Constitution of the United States of America (i.e., Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020 (EARN IT)), is an indispensable tool.
If you are in the mainstream of modern technological equipment, then you likely have a MacBook, Apple iPhone, Apple iWatch or AppleTV. While the latter three devices are completely insecure, from a MacBook there may still be a reasonable expectation of privacy after its hardened. MacBooks are susceptible to hardening through their Operating System. The operating system in MacBooks is based on Unix so many of the programs designed from within the Free Open Source Software (FOSS) are available for MacBooks.
One of these programs is GPGTools. GPGTools provides the basic elements of an encryption tool for MacBook. GPG Tools is a package of GPG based software tools. This suite contains four tools to bring encryption in all areas of your MacBook. The package contains an email plugin for Apple Mail, a key manager, a Service to use GPG in almost any application and an engine to use GPG with the command line.
Based on GnuPG, GPG (i.e., an acronym for GnuPG or Gnu Privacy Guard) is a free-software replacement for Symantec’s PGP cryptographic software suite, and is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP-compliant systems. PGP, an encryption program, or, rather a protocol, which is a set of standards, for designing specific software implementations. GPGTools is therefore a specific software implementation for PGP.
To implement cryptography in emails, the following guide provides a step by step formula. The first step is to install GPGTools. The second step is a generate a key pair. The third step is to obtain a public key. The fourth step is to exploit the implementation in a Simple Mail Transfer Protocol application. With these four steps you can use cryptography to help prevent the malign anti-Constitutional intelligence, law enforcement or police state organizations from access to emails sent or received.
GPG Tools is a long-running open source project based on Pretty Good Privacy or PGP. It’s a reliable source, but you can see for yourself by reviewing the code on their GitHub page. Navigate to the GPG Suite online.
Although there is no security protocol so foolproof as to be deprived of a percentage for which there is no chance that an unknown vulnerability’s exploitation would never compromise its integrity, there is a reasonable probability that a checksum may provide a modicum of confidence in the download.
- Download the GPG Suite.
- Open the MacBook’s Terminal, which is essentially a Bash (i.e., Bourne Again Shell), to run the following command:
shasum -a 256into the Terminal.
- Press spacebar and drag the download from the GPG Suite website’s into the Terminal
- Press enter.
- If the resulting SHA256 checksum matches SHA256, the download is secure.
If you have ran the checksum test for the download, the download may be considered to have been downloaded more securely than if the test had not been ran but there is no guarantee.
Generating a Key Pair
The NeXTSTEP is to generate a key pair. A key pair is comprised of both a public as well as a private key. The public key is publicly available. People who would like to initiate an exchange of cryptographic letters add the public key. The private key is used to lock (i.e., encrypt) or unlock (i.e., decrypt) cryptographic emails. The private key must therefore be protected.
- Open the GPG Keychain App.
- Fill in the prompt.
- Chose a password of the highest strength.
- Generate the key.
- Generate the key pair.
Obtaining a Public Key
With the key pair the cryptography process is ready. The NeXTSTEP is to export your public key.
- Open the GPG Keychain App.
- Press the Export button next to the Import button.
- A file ending in .asc should pop up with a request to download to the desktop.
- Add that file to your email as an attachment.
Your Mail App
A mail app is not necessary, as the encryption / decryption processes may be designated as keyboard shortcuts. However, you can access these basic features through right clicking on a selected plain text. Under the Services tab, there should be several options under OpenGPG for managing the cryptographic services.
If you use gmail or any SMTP web app that tracks in real time a number of different biometrics such as stroke, key speed, error rate, or, what is most important, your plain text message, then gmail or your SMTP web app may undermine the security of the cryptography protocol you have implemented. If your SMTP app saves a copy of your plain text prior to encryption, then there is a double danger. The first danger is that the encryption is not necessary for any administrator who has access to any or all carbon copies. The second danger is that a plain text offers insight into the encryption or decryption of cypher texts.
To avoid these dangers, a best practice may be to use a text editor for drafting, saving, or writing any or all emails subject to cryptography. A malign anti-Constitutional intelligence, law enforcement or police state organization may still access plain text copies but only if the malign agent gains access to your computer (where it may be saved) or flashes the Random Access Memory prior to shutoff upon its seizure or else during processing remotely.
If you would like to ensure, however, beyond a reasonable doubt that no plain texts may be accessed, then using two laptops, one connected to the Internet for transmission or reception, another disconnected from the Internet for drafting, saving, or writing, might present a reasonably strong barrier to a remote attack aimed at flashing your RAM. The second laptop may be secured further, if a new bootable USB thumb drive or MicroSD card is created anew for any session. Upon an imminent seizure the RAM along with the bootable USB thumb drive or MicroSD card from the disconnected laptop may be destroyed together fairly quickly.
Best Practices in the Extreme
If you suspect that you are under surveillance, then you would need to evaluate your approach to security from the ground up. It would not be sufficient to spoof your Mac Address, establishing a random Internet connection (i.e., such as Starbucks) through a Virtual Private Network (i.e., VPN) that does not store logs. You would need to perform a number of modifications to effectuate a laptop’s security properly. Although the subject of another blog, hardened laptops, however, are hardened to a specific purpose. For what specific purpose your harden a laptop, that determines which specific features for hardening you implement.