If the NSA scandals are making you paranoid—and they should—one of the first steps you should take is to install email encryption software. Every time you read an article recommending the use of encryption software, the author inevitably remarks that it’s “hard” or “tricky” to set up GPG or PGP. That isn’t true. Really. Even your Mom can do. In the case of OS X, you just download GPG Tools and install it in the usual way. Other operating systems have similar packages.
If you’re extra paranoid and have a C compiler available, you can download GnuPG and compile it yourself. Of course, unless you’re a cryptography expert, in which case you already know all this, you’re still trusting GnuPG’s authors to implement the crypto correctly and not insert any weaknesses or backdoors. Since GnuPG is open source and lots of people who are crypto experts are looking at the source code, this seems an acceptable risk. As a practical matter, what better choices do you have?
That brings us to generating the keys that you use for encryption and signing. GnuPG walks you through that process and you don’t have to understand any of the technical details; just follow the prompts and choose the defaults. If you want to generate the strongest possible keys, Alex Cabal has an excellent post on Creating the Perfect GPG Keypair. Cabal walks you through the key generation process and tells you what choice you should make at each step to ensure a strong keypair.
Cabal also explains how to limit the inconvenience of a lost or compromised key. This is mostly for laptop users who may have their computer lost or stolen. On the other hand, your keys should be protected by a strong password so you may or may not want to take this additional step.
If you’ve been thinking about setting up email encryption or want to strengthen your current keys and encryption as much as possible, head on over and read Cabal’s post. It’s a good resource and shows you what to do even if you don’t understand the technical details of the crypto.