Archived Weblog Entry - 01/01/2006: "Basics of email encryption"

[Previous entry: "New Year's Privacy Resolutions"] [Main Index] [Next entry: "Satellite surveillance for tax purposes"]

01/01/2006 Archived Entry: "Basics of email encryption"

Here's another New Year's resolution for you. In the wake of recent attacks on privacy, make 2006 the year to encrypt your email.

I was going to write today about how I'm now using Enigmail to provide GPG encryption for Thunderbird. But right away I realized I was getting ahead of myself, and a brief general introduction was needed.

Encryption was revolutionized in the 1970's with the invention of "public-key" encryption. Before this invention, the same "key" was used to encrypt and decrypt a message. This meant you had to find some way to safely send a copy of your encryption key to your intended recipient, and you couldn't share that key too widely -- if it was compromised, all of your mail could be read.

"Public key" systems use a pair of encryption keys. The brilliance of the system is that whatever is encrypted with one key must be decrypted with the other, and there's no way to deduce one key from the other. (Generating such a complimentary pair of keys is an exercise is really weird mathematics, and nothing we need to worry about here.)

So you generate such a pair of keys, and publish one of them (the "public" key). You keep the second key to yourself (the "private" key).

Now, suppose Joe wants to send me a secret message. He encrypts the message with my public key. Now the message is encrypted gibberish, and the only person in the world who can turn it back to plain text is the person with the private key -- me. I can publish my public key on my web page, send it by open email, even advertise it in the New York Times, and still no one but me can read the messages. This solves the problem of distributing the keys.

If I want to send an encrypted reply back to Joe, I need his public key. He can send it to me, I can get it from his web page, or I might be able to get it from dedicated "keyserver" computers which store published keys.

More fun is possible. Suppose I want to send a message to Joe, and ensure he knows it's from me and not from an impostor. I encrypt the message with my private key. Joe -- and the rest of the world -- can read this message by decrypting it with my public key. Anyone can read it, but the only person in the world who could create a message that decrypts correctly is the person with the private key -- me. Thus the system "authenticates" that only I could have sent that message.

Of course, I could do both -- encrypt the message with my private key for authentication, and then encrypt it again with Joe's public key so that only he could read it.

In practice, authentication is usually done by "signing" a message. The text of the message is converted into a numeric code (a "hash" code), then that code is encrypted with my private key and appended to the message as a "signature". The recipient can regenerate the hash code, and compare it to the one which was sent (which he decrypts with my public key). Any alteration of the text changes the hash code, so if the codes match, the recipient knows the plain text is exactly what I sent (and it was sent by me). If you've ever received an email that has "Begin PGP Signed Message" (or something like that) at the end, followed by a block of gibberish, this is what you're seeing.

This is a very simple overview of the concepts. The most popular systems that use this technique -- the commercial PGP (Pretty Good Privacy) and the compatible open-source GPG (Gnu Privacy Guard) -- include, in their inner workings, many more wrinkles that increase the security of the system. But you don't need to know those details. All you need to know is that your public key is public, your private key must remain private, whatever is encrypted with one requires the other for decryption, and you can use these to both encrypt and "sign" (authenticate) your email.

In my next post I'll explain how to set this up under Linux, with Mozilla Mail or Thunderbird.

brad

P.S. For those who wish to send me encrypted email, here's my public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (GNU/Linux)
mQGiBEKjNgURBAC3OEulAxc1Qxe7I+o2SfqNJ9tnhiP80v4oEquLwdEpcP8ynWcT
99bX5ZXZnIY/dZGolqDXcZC/lEtY8nqNxeLtKmn4TqNoMOPOLKS5xdh+oO4CzgkW
SxQ5YSObAXpdJ79x7BUec1WP/m8mdvydqY593fjE4QCaNUfFkinDa6KjqwCg1niX
6DntGmL6EotfQp/RzT8ZaLkD/1Ph49SW5IvpVxW6LXPvvZoFy9AGQScsdrswfbil
lVAUH6rkmkkbGi/0qgBtvrL+KKT0z6d8Ig4rv+aoWOznU652UkcWhSXLQwzJKbVG
wBhQvkwpNeKki8G1gkNsBrvi7zq+547t0804o54ofpgGSYU64tzCF/4RK1Ddtm4v
xU6wBACCbkqRUne+uKK2azgwwljJ/iLYtszoyylMz63ncD8gyO2goblJJhT9b15j
Lgve5qqY9lb6N7e4HCFYkqD4uGwDlqHtHjJ+mUxvdg+L0alIlphBLAu45D8r5F/2
ohVzOgDJjIcqQH4Ce2TCyoZDXlS9YLokSfL7KnB87Aa2rq58JbQhQnJhZCBSb2Ry
aWd1ZXogPGJqMkB6ZXRldGljcy5jb20+iF4EExECAB4FAkKjNgUCGwMGCwkIBwMC
AxUCAwMWAgECHgECF4AACgkQF6SxZ2muiQ3/MgCdFKzXVWdLbf0RVkf09tOSOvTC
Q8UAnRqFgWrgpLD4vuFNac8YSrf/lk3OuQINBEKjNmMQCACe/WpR8cKjsOmHAKa9
wGCY6Irt3cay4WXaLFf/sO1OnVwuffSQCt68TGTH7VENGWQbMyw5oJcONsefEFGb
EN8YiWOGIU6u8Iz/ZHKj9Y+r0K4S09GQ1pRJ2HunG0TzFcCFWWWMblbQEkxHnRGQ
4MJvfb3sLuBdFYX9v5m3mFcbC4O7TZcm02/f11309KoBwmycdieSRA5tatPdv9qZ
gfsmopcAk3LcMcoYGxsJ1zWgD9B6uvlBJDH/bgA/cgMBgfxUZBNv/Bx5u57YskD5
G/r8TamnFEIT3XOGWNeQClAeInOjIoZ8x2pGV7ud3TMeg04vmRTbU8z2hmS+mj4B
gZzvAAMFB/9V46FjfYKNO++CoZ90933SH1AlHWtIoB45gsPUqXItakgojlmNPYVm
c53Gm6YH2y7fbI3NHxRUrztRtvRyNNfRorm2wBGNK//5cLaLdrsWKgXgHrplqAWU
domK+z07bES9j9ZrNqWJqomGRlPj3+2FTyOop2OMOpa0Mg8AdSOyHQ1/65Wy8bmN
V+eop8PZXwJJqBdvttsHqzlH4tGwsp8tWMS/421Jj6CYW3D4ZER9+pH6N83zbwjq
R/1dzEtMw9N2sYUpGUZnYahyTFYtpH8EabiyOsgGpM5kWdTlmLOYJJ0qwBSrF1rN
ODHa34QH020JxSALDGGd3i1mMmZ/j2zhiEkEGBECAAkFAkKjNmMCGwwACgkQF6Sx
Z2muiQ3t+QCeOVJaMhGZuNf963DduD+d2uaayDoAnjRsq7ULD+g09oscidx465Zk
TA0K
=OiID
-----END PGP PUBLIC KEY BLOCK-----