Explain that this is an introductory session for encryption as a concept, so you will not yet be going into great depth on any of the encryption tools that participants have likely heard about before (GPG/PGP in particular).
Split participants up into pairs, and then start the session by demonstrating a few examples of encryption techniques. Here are a few examples that you can prepare ahead of time to share with the group:
Each of the letters in the word Blueprints is assigned a number.
B L U E P R I N T S 0 1 2 3 4 5 6 7 8 9
This is a specific example using a specific word, but can be broadly applied to any number and letter sequence - for instance, if you use the same system as above, the sequence of numbers 8 2 5 7 9 would spell T U R N S when “decrypted”.
You could also switch the order of the numbers, so that instead of the above sequence, it now goes:
B L U E P R I N T S 9 8 7 6 5 4 3 2 1 0
In this instance, the sequence of numbers 8 2 5 7 9 would now spell L N P U B (which isn’t a word) when “decrypted”; however, you could now “decrypt” the sequence 4 3 2 0 6 as R I N S E.
Use an image of an older-style phone keypad (see below) to demonstrate another kind of “encryption” that participants may be familiar with.
Ask participants how they would use this keypad to spell different words – one example you could use would be to have each participant explain how they would use the keypad to spell their name. For instance, a participant named Luisa would spell her named by typing the sequence 5 5 5 8 8 4 4 4 7 7 7 7 2.
Once you’ve completed the above examples, ask participants if they have ever used other kinds of encryption – either like the above, or any other examples they can think of (e.g. a common instance of encryption used by many people every day is HTTPS).
Close this part of the session by following-up with another question: What are the common elements they can identify from these different examples of encryption?
Building on the common elements of encryption identified by participants in Part 1, you should now expand on some further basics and practices for the group:
Encryption Methods: Take time to explain how encryption works, referring back to the examples from Part 1 as well as by showing a few example screenshots of what a GPG-encrypted email looks like. Highlight common implementations of encryption – in particular, spend time reviewing HTTPS, end-to-end encryption and GPG/PGP encryption.
Keys and Keypairs: Explain how encryption keypairs work, and the algorithmic relationship between public and private keys. Go back through the example implementations previously mentioned (HTTPS, end-to-end and GPG/PGP) and explain for each of these where their respective keys are stored and/or visible to the user.
Encryption Practices: Highlight some of the critical best practices associated with common implementations of encryption, such as fingerprint verification and key-signing. To demonstrate, ask participants to locate where within Signal one can verify another user’s fingerprint; similarly, if participants already have GPG/PGP keys you can discuss the benefits and disadvantages of signing and distributing public keys. This is also a good time to discuss end-to-end encrypted messaging for chat apps such as Signal, Telegram and Whatsapp – remind participants that end-to-end encryption on some of these services is not always enabled by default.
Encrypted Backups: Building off the GPG/PGP example above, ask participants whether they think it is a good idea to backup their GPG private key, and if so, how might they go about doing so?