For those of us who spend heinous amounts of time online, cryptography and it's applications are both interesting and increasingly relevant. Stopping to consider the information we transmit and receive over the course of a day and then analyzing the potential ways that information could be exploited can be a little scary. The following are some freely available open source tools that can be used daily to protect your privacy and reduce some of the risks for information abuse. All should be readily available for most Linux distributions and other Unix variants, many probably are for Windows too, but you should seriously consider another OS if you're genuinely concerned about your security online.

Most of these tools make use of pubic-key cryptography, the basic premise being you generate a key pair for yourself which consists of a public key you can freely distribute to anyone, and a secret key you keep only to yourself. Anyone can encrypt data for you with just your public key, but the data can only be decrypted with the secret key in conjunction with a passphrase (usually). You can additionally sign data you transmit using your secret key + passphrase, and others who have access to your public key can verify that you were the original author and the contents of the data have not been modified since your signing.

As for how it works behind the scenes, I recall it has a lot to do with prime numbers and the inherent difficulty humans and computers have with factoring large integers. Many algorithms exist, a few are more common or standardized, and the cryptography community considers any algorithm to be obsolete if it can be cracked in anything less than a brute force attempt, even if you're still looking at thousands of years in theory. Basically, when using a current algorithm you can rest assured that no person/computer/government can possibly decrypt your data without your secret key and passphrase.

Using encryption to maintain secure communications with a banking site is one thing, using it to ensure nobody can listen in on your online conversations, read your email, or recover data from your hard drive is another. Some feel having the power to protect your privacy to the degree these tools will allow you to is only useful when you have something to hide and thus, should be illegal. Bruce Schneier's post on The Value of Privacy does a better job than I could of explaining what's wrong with this viewpoint and why we should always be entitled to a right to privacy.

With that out of the way, onward to the tools.

Software

PGP: GNU Privacy Guard

The staple of the open source crypto toolkit, GNU Privacy Guard (GnuPG or GPG henceforth) is a command line tool that allows you to generate and manage your own crypto keys, those of others, and encrypt/decrypt data. It is PGP compatible and very full featured. Windows users can even install it via Cygwin.

Getting up and running with GnuPG isn't hard, even on the command line. The GPG Mini-HOWTO covers the process quite nicely.

One of GnuPG's more common uses is for e-mail. With a client that supports it (i.e. Thunderbird with the Enigmail extension, Mutt for you console ninjas, or Evolution) it's really quite easy to sign all outgoing mail and fully encrypt to people you've exchanged keys with.

GnuPG is great for file encryption, I find it quite useful for creating backups I can then send anywhere off-site without having to worry about the data being recovered. Just make sure you've got a separate backup of your secret key and don't forget the passphrase.

GnuPG also offers a nice symmetric encryption option with the -c argument that just encrypts based on a password. (no public/private keys involved)

Seahorse

Seahorse is a terrific Gnome front-end to GnuPG that gives you all kinds of control over your keys as well as integration with the Nautilus file manager. I've found it most useful for managing the keys of people I know, signing them, and exporting/importing from key servers. All of this can be done with just GnuPG on the command line, but its not as user friendly.

Instant Messaging: Off-the-Record

I was quite surprised to learn that most of the major instant messaging networks aren't encrypted. Not only are they sending around messages in plain text (readable over home and wireless networks or any of the routers that might be traversed en route to the server), the servers themselves are usually hosted in the United States, which is anything but a privacy haven when it comes to digital communication.

This is one of the areas that bothers me the most, chatting online should come with the expectation that nobody else could possibly be listening in on the conversation. Off-the-Record Messaging is a library for secure instant messaging. A plugin is available for the Gaim instant messaging client, and can be used on Windows as well as Unix. OTR generates public/private keys for your various instant messaging accounts, and can then exchange these with others you wish to chat with securely provided they're running the OTR plugin. The great thing about OTR is that it transmits all it's meta-data as regular messages and thus, can work with pretty much any network without doing anything hacky.

gaim-otr is popping up packaged for more and more distributions, I've found it in both Debian and Fedora. Once it's installed just enable the plugin from Tools -> Plugins, and go to Configure Plugin to generate account keys and control various options. After that an OTR button sits beside your normal Gaim text-entry box that you can use to enable/disable encrypted chat.

Password Management: Revelation

Revelation is a Gnome application for securely storing and managing all your logins and passwords. The program has some shortcomings right now, but the author is currently in the process of a major rewrite which promises to deliver a much more feature rich solution.

Hard Drive Encryption: dm-crypt

While not quite as user friendly, hard drive encryption is really quite neat, particularly in the case of a laptop. If stolen and the hard disk is encrypted, at least you won't lose your identity too.

dm-crypt seems the be the recommended Linux kernel approach for disk encryption right now. Setting it up is a little tricky, while included by default with the kernel in most modern Linux distros you need still to muck around with your hard drive partitions, create filesystems, and arrange for on-boot mounting. Your best bet is probably to search for dm-crypt and your favorite distribution and see if you can find some decent guidance.

Honorable mention goes to Truecrypt for Windows, which makes the process quite painless. (it's usable in Linux but not recommended)

Outro

These are just a few of the tools I know of and use whenever possible, please feel free to send other recommendations along.

The only thing that bothers me is how few people really take advantage of technology like this. Hopefully this post will inspire someone out there to do so. Grab my GPG key or look me up on IM and we can chat about our plans to overthrow the government.