So here's how you can pass messages to each other without your parents1 reading them.
I can't help you with this. You need some computers2 and you need some friends to talk to, otherwise why would you be passing messages?
This should be pretty simple. If you're on Debian/Ubuntu type
apt-get install gnupg
Each of you should create a set of keys. Do that by typing
GnuPG will then give you a menu that looks like this:
gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Accept the default by hitting
enter3. It will then ask you
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Don't accept the default here, take the longest possible by typing
4096 and hitting
gpg will ask when your key should expire. You can either specify days, weeks, months, years or accept the default (never expire). It's a balancing act; the more often you get new keys the more secure they will be against brute-forcing. On the other hand, each time you change your key, you need to send the new one to each of your friends and they have to remember to use the new one for passing you notes. For now, just take the default (
gpg will ask for confirmation, so type
y and hit
enter). Next, fill in your name, email and comment and confirm them by typing
o and then
Next, enter a pass phrase. It can have spaces and it can be fairly long. Pick something easy to remember; a favorite quote or maybe a few lines from a song you like.
This next part may seem a bit weird, but
gpg actually needs you to do some other stuff on the computer. Anything you like, but actually do things. Compose an email, check your favorite news aggregator, do some drawing, hit your head on the keyboard, kick the mouse around for a while, whatever you need to do. It may occasionally ask you to keep at it because you're not a fast enough typist with messages like
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 148 more bytes)
Eventually, it'll give you back control of your terminal, and at that point your key has been created. The hard part is done.
Ok, get those friends that I told you to have ready.
Each of you should run the command
gpg --armor --output your-name.txt --export your-name
your-name should be the name you typed in as part of your information in Step 3).
your-name.txt is a text file that should look something like
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP PUBLIC KEY BLOCK-----
It won't look exactly the same, yours will be different, but it will be about that wide and surrounded by the
--- PUBLIC KEY BLOCK --- tags. That's your public key. Give it to your friends and get theirs. It doesn't matter how; either bust out the USB sticks or hop on a network and use
scp or just paste that text to your Linked-Book-Space page or personal site. Each of you should get the key text files and run
gpg --import your-friends-name.txt
for every key you have. Once that's done, check that you have all your friends' keys imported by typing
gpg --list-keys and hitting
Type up your message in a text file (we'll call it
message.txt, but it can be any type of file) and then run
gpg --output message.gpg --encrypt --armor --recipient your-friend --recipient your-other-friend --recipient and-so-on message.txt
Here's what a text file containing "something something dark side" looks like after it has been encrypted.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP MESSAGE-----
You can now send this to everyone. Email, Facebook, reddit, your blog, a random comment section, anything goes. Only people with the keys you specified as
--recipients will be able to decrypt it.
If you get a block like the above from one of your friends, save it to a text file called
encrypted.gpg4 and run
gpg --output decrypted.txt --decrypt encrypted.gpg
decrypted.txt will now contain the note your friend passed you in plain text that you can read. Of course, anyone can read it now, so if it discusses anything you really want to keep secret, you should run
shred on it once you've read it.
Your homework is: use the comment section of Joe Armstrong's Blog to send a message to a friend that only the two of you can read. If you're feeling adventurous, send it to all of the friends you got together in Step 1
Sending your friends messages that your parents can't read is nice, but if they catch you, they can still ground you until you decrypt it for them5. Ideally, you'd send your friends messages that your parents or teachers wouldn't even know are messages. To do that, you need a second program called
steghide. On Debian GNU/Linux, just type
apt-get install steghide as root. Cygwin supports this package too, but I have no idea how to get it on OS X so you Mac users are on your own here.
Get an image, like this one
encrypt your message, and then run
steghide embed -ef message.gpg -cf not-sure-if-secret.jpg
You will be asked for a pass phrase, leave it blank for now, but you should really agree to one with your friends and use it to protect these. You can now send your friends that image via email or imgurwithout raising suspicions (unless your parents are reading this blog). When they get it, they can run
steghide extract -sf not-sure-if-secret.jpg
(and enter the pass phrase if you set one) to get your encrypted message and then decrypt that to read what you sent them. You can use steghide to hide files in images or music that you can then send without raising suspicions.
Send your mailing list one of those stupid
Fw: Fw: Fw: Fw: joke mails, but embed a secret message to one of your friends in the first picture. Ideally, that friend should be one of the people you send the email, otherwise you're needlessly spamming.
Find a forum/reddit thread somewhere and carry on a steganographic, encrypted conversation about hipster ninjas with two or three of your friends.
Sneak onto your friends' computer while they're in the washroom and change their desktop background to a steganographic message. Chuckle about is constantly. When asked "What's so funny", burst with laughter and run out of the room with your stuff.
- Or teachers, or political enemies, or competitors, what-have-you.↩
- If you don't have access to your own computer, you can use a usb to run Ubuntu live, and merely plug it into whatever computer you do actually have access to.↩
- If all of your friends can be trusted to keep secrets, you might opt to go with a symmetric cypher instead. The process of sending and receiving messages is more or less the same, but there's only one key that the entire group shares rather than there being two keys per person (a public and a private). The advantage is that there's less to keep track of. The downside is that if anyone finds out your key, all your notes can be cracked rather than just those sent to the person who let their key get compromised.↩
- It doesn't actually need to be called that, just an example.↩
- They probably won't just ask for your key because they'd have no idea what to do with it.↩