Most users don't know how vulnerable their email service is, and how scary their government can be. Thus you need to know how to make it impossible for other people/organization to see your email, even make yourself invisible to them

If you/如果你

  • had nothing to hide/没什么要隐藏的

  • were using only QQ mail or didn't even know what email is/只有QQ邮箱或者不知道什么是电邮

  • were a good citizen and not aware of the existence of the wall/是一个遵纪守法的好公民

  • were already using numerous hidden email services and PGP/已经在用匿名服务和PGP

then you should stop reading by now/那么不要再看下去了

What you need/你需要

  1. Your own PGP keypair/你的PGP钥匙对

  2. GPG and other free software you might need/GPG和其它自由软件

  3. a secure mindset/安全的思维


Stop using, it's extremely unprofessional and I will not reply to any email sent from such an address

How does this work?/工作原理

  • For most users, you just need to know:/普通用户需要知道:

    • Use receiver's public key to encrypt emails sent to them/用收件人的公钥加密发给他们的邮件

    • They will be able to decrypt emails with their private key/他们可以用自己的私钥解密你的邮件

    • And they can use your public key to encrypt emails that sent back to you/他们也可以用你的公钥加密回复给你的邮件

    • How do they know what your key is? Well, put your key on one of the keyservers, like this one, and vice-versa/那么他们如何知道你的公钥呢?只要把你的公钥在一个公钥服务器发布即可,就像这一个,反之亦然(参考下面导入公钥的部分)

  • For advanced users, read PGP on Wikipedia

Generate your keypair with GnuPG/使用GnuPG生成钥匙对

1. If you are using Windows/如果你用Windows

2. If you are using *nix/如果你用Mac或者Linux

  • Use your packge manager to install gpg, for example, in Debian based distros you use apt-get install gpg/使用你的包管理器安装gpg,比如,在Debian类的发行版中你可以apt-get install gpg

  • From a terminal window, type gpg --full-gen-key, you will see the following:/在终端窗口里使用gpg --full-gen-key,然后你会看到:

    gpg --gen-key

  • Follow its instructions, choose 4096 bit RSA to ensure your encryption is strong enough/按照指导来生成你的钥匙对,注意请使用4096位 RSA加密算法以便确保安全性

  • Then you should export both your public and private keys to use them elsewhere/现在你应该把钥匙对导出从而在别的地方使用它

    • gpg --export -a <key name or id> > pub.asc will export an ASCII encoded public key to a text file called pub.asc, you can publish it on a keyserver/gpg --export -a <key name or id> > pub.asc可以导出ASCII编码的pub.asc文本文件,你可以在这里发布你的公钥

    • gpg --export-secret-keys -a <key name or id> > sec.asc will export your ASCII encoded private key to a text file called sec.asc, you will need your passphrase to export a secret key, never publish its content!, you need to chmod 600 sec.asc to make sure this file is readable only to you/gpg --export-secret-keys -a <key name or id> > sec.asc会导出你的私钥,同样使用ASCII编码,你需要输入之前设置的保护密码来导出这个私钥,这次的文件叫做sec.asc,绝对不要泄露这个文件,使用chmod 600 sec.asc来确保这个文件只有你可以阅读

Using a reliable email client and PGP plugin/使用可靠的邮件客户端和PGP插件

  • Personally I use Thunderbird in Arch Linux, with Enigmail plugin/我个人使用ThunderbirdEnigmail插件,它们都是自由软件(后者可以在前者的插件管理器里找到),而且都跨平台可用

  • Simply import your keypair into Enigmail/导入你的钥匙对到Enigmail


  • Then import the public key of your contacts who are going to receive your email/然后导入你联系人的公钥


  • When sending encrypted emails/发电邮的时候


  • Your contacts are able to decrypt your email with their private key (and so are you when you receive an email encrypted with your own public key)/你的联系人可以用他们的私钥解密你用他们公钥加密的邮件(同样的,你也可以解密用你自己的公钥加密过的邮件)

Looking for more solutions?/想知道更多?

  • On mobile platforms, Open KeyChain is available/在移动设备上,你可以用Open KeyChain

  • Also, I recommend using Protonmail, which is located in Swizerland with heavy encryption, and provides features such as expired email and email password/另外我也推荐使用Protonmail, 它是位于瑞士的加密电邮服务商,提供阅后即焚邮件密码等功能

  • You can find hidden email services yourself, but DO ENCRYPT YOUR EMAIL no matter what email provider you choose/你也可以自己寻找匿名电邮服务,但是一定要加密你的电邮,不管你用谁的服务


comments powered by Disqus