Safe-mail, GPG and Tails

Tormail is down and most probably compromised. The TBB also now looks quite dangerous. So I’ve switched to Tails.

I was looking for an email provider that would work with the mail client in Tails (Claws). I stumbled upon Lavabit, made an account and right when I started to like it, Lavabit got discontinued. Probably because some 3 letter agency asked Lavabit to help them spy on some or all their users but Lavabit flipped them off and closed shop.

So looking around more I found safe-mail.net which provides very little storage (3MB) but it’s free and offers SMTP and IMAP support, both encrypted.

The bad thing is that following their instructions I didn’t manage to make SMTP work so I sort of improvised and found a setup for Claws that work. Here how you can have Safe-Mail running in your Tails:

  1. If you want this setup to be persistent make sure you have enabled persistence on your Tails and that you have setup Claws (the mail client) to persist it’s settings. Instructions on how to enable persistence can be found here: https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html
  2. Go to https://www.safe-mail.net/ and create a free account.
  3. Login to your inbox and go to Preferences.
  4. In the left sidebar click on IMAP/POP and then click onΒ Account access.
  5. In the pop-up check both IMAP and POP (we won’t use POP so you may try leaving this unchecked).
  6. Open Claws (Tails’ email client).
  7. Unfortunately you can’t bypass the wizard so type in these settings when asked: (if your email is xxx@safe-mail.net)
    • Your name: xxx
    • Your email address: xxx@safe-mail.net
    • Server type: IMAP
    • Server address: pop.safe-mail.net
    • Username: xxx@safemail.net
    • Password: your safe-mail password
    • Use SSL to connect to receiving server (CHECKED)
    • SMTP server address: pop.safe-mail.net
    • SMTP username: xxx@safemail.net
    • SMTP password: your safe-mail password
    • Leave the SSL settings for SMTP as is, we’ll change them later.
  8. You may get some errors but don’t worry yet.
  9. Open menu Configuration –> Preferences for current account.
  10. Make sure the settings are as shown in the screenshots bellow. Obviously use your own email instead of mine. πŸ˜‰Screenshot-1.cleanedScreenshot-2.cleanedScreenshot-3.cleanedScreenshot-4.cleanedScreenshot-5.cleaned
  11. In the last screen you have the option to create GPG key using the default DSA/Elgamal settings. In my opinion you should not use these settings. Instead create your own key with a big RSA key by opening a terminal (click on the black terminal icon on the top bar of Tails) and executing:

    gpg –gen-key

  12. Select (1). RSA and RSA.
  13. Type 4096 for your keysize.
  14. Type 0 and then confirm. Your key will last forever. Feel free to choose otherwise if you know what you are doing.
  15. Real name: obviously don’t type your real name here. Type xxx again. (where xxx is your username in safe-mail.net)
  16. Email address: xxx@safe-mail.net (again, xxx is your username in safe-mail.net)
  17. Leave the comment empty unless you want to put some other info that will be visible publicly with your key.
  18. Type O and press enter to create your key.
  19. Choose a passphrase to protect your key with. You will need this passphrase to send signed emails or to decrypt emails and files sent to this key.
  20. Now to publish your key so that people can find it and send you encrypted emails, type and execute:

    gpg -a –export xxx@safe > Desktop/mykey.txt

  21. Go to your desktop and press F5. Double click on mykey.txt
  22. Select all text and copy it to your clipboard.
  23. Open Iceweasel (NOT THE UNSAFE BROWSER) and visit http://pgp.mit.edu/
  24. Paste your key (the one you copied to your clipboard into the Submit a key text area.
  25. Click on Submit this key to the keyserver!
  26. You are done! Try sending an email to yourself and don’t forget to click on the Get mail button to retrieve new email.
  27. To send me an encrypted email you have to import my GPG key first. Download my key: https://smallpeanuts.files.wordpress.com/2013/08/sponsorc.key
  28. Double click on the downloaded .key file to import it.
  29. Try to send an email to me. You can see my email on the screenshots above, no need to write it again here for the spambots.

To import a friend’s key that does not have a .key extension, you can rename his key (as he exported it in step 20) into “hiskey.key” and then double click it and Tails will import it. (as you did with my key in step 28)Β  You may also read the comments below to see two more ways to import a key.

If you have any problems applying this to your own Tails leave a comment. If you don’t have any problems applying this to your own Tails, again, leave a comment. πŸ™‚

Advertisements

13 thoughts on “Safe-mail, GPG and Tails

  1. thank you very much for the tutorial, I have been very useful. But I am unable to send or receive any mail.

    Can you please specify how to send and receive emails using this method?

  2. Great write. However, it does not explain how I import my friends public key. How do I import a freinds key to my tails keyring?

    • Better late than never I guess:
      On the top right corner of your screen, there is a clipboard icon. Click on it and then go to “Manage Keys”. Then form the menu you can “Import” the key from a file. So you should have it stored in a file first.

      Another way is to open a console and type “gpg –import”. Then press enter and paste the key text in the console (Ctrl+Shift+V pastes in Linux consoles). Then press Ctrl+D and enter and it should get imported.

  3. I think you left out the ‘-‘ in point 7 as in ‘safe-mail.net’ instead of “safemail.net”.
    Also the step in point 11 doesn’t work or at least it’s not clear. Is it:

    – gpg-gen-key
    – gpg -gen -key
    – gpg -gen-key???

    Anyway, none of the above commands work. As a newbie to Linux/Tails I’m stuck at this point. Such a shame as clearly you’ve taken a lot of effort to write this tutorial but -as with most online tutorials- if just one step is incorrect new users as myself are lost.

    Hoping you’ll provide an answer/solution.

    Regards,

  4. I finally found the answer on google: “–” but now I’m stuck at point 20.
    Again, I am unable to read the commandline. Use “”” /how many spaces….?

  5. Sorry man, found the culprit. You probably can delete all my messages now.
    I do appreciate you’ve taken the time to write this tutorial but as I mentiond before writing a tutorial for a total newbie (as myself) requires absolute detail.
    For eg. with the last command line “xxx@safe” it was unclear to me I should enter my whole email-adress as opposed to thinking “xxx” is like “*” in DOS (wildcard).

    Anyway..thanks!

    • Thank you Wish Play and sorry for not replying earlier. I wasn’t getting notifications in my mail for some reason…

      As for the xxx it’s explained in other steps that it’s “your email on safe-mail”. I thought it would be clear that I am using it as a convention throughout the post. Isn’t it? 😐

  6. Okay, last comment/question: When I try to send mail I get an error message and the log says I need a premium account to send messages via this server.
    Does that mean that SafeMail is no longer free or is it something with my SMTP settings?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s