PGP 1 Secure E-mail Nowadays, more and more of the information we handle at work comes in electronic form, often by email, or as an attachment to e-mail. This is such an everyday occurrence, that users tend to trust the system totally. All internet users ought to understand, however, that regular email offers no privacy, and can actually be read by many people other than the person it is sent to. Mail passes through several computers on its way to or from correspondents. All of the computers the email goes through on its journey can keep a copy. The administrators of all of these computers can read your email if they choose to, and they can send it to anyone they might want to. Anyone that can intercept your email, can alter your email's content; and anyone can send email that looks as if it was sent by you. What's the solution? One answer is make use of something called a Public Key Infrastructure [PKI]. This allows you to: keep information totally secure by transforming it into code which only you and your intended readers can decode ensure that any data you receive really does come from the person who claims to have sent it be sure that no one has altered it en route apply a digital signature to electronic documents Why should I bother with this? You may well be thinking 'I'm a law-abiding citizen – I've nothing to hide.' True, but then why do you conduct the affairs of your life by letter and not write it all on postcards for anyone to see? Besides this, there are other issues apart from your own privacy – some of these are: Are you transferring data (however innocent) about a student or a member of staff? What if commercially valuable data fell into the wrong hands? Do you ever accept an email as authorisation for an action? Recent legislation has given legal standing to digital signatures, but only if they are created under certain conditions. How does a PKI work? Each user has two keys [commonly called a key pair], one a public key, and the other a private one: the user’s public key is freely available to all and must be given to anyone with whom the user wants to exchange information. The private key, on the other hand, is kept private to the user and must never be given away. It acts as the user’s identity and so takes on the importance of a passport, for example. The private key is often protected by a pass phrase (i.e. the user is asked to supply a pass phrase before the key can be used). Each key in a pair can decode data encrypted by the other key in that pair – and no other key can do this. A: Encryption: using PKI to deal with confidential information Let us suppose that you wish to send a confidential e-mail to someone called Duncan and that you wish Duncan to know that it is really you who has sent it. The first thing you need to do is to get hold of Duncan’s public key. You then use this to encrypt your email message to him. The only way of decrypting this e-mail is with Duncan’s private key. (Remember that his private key is the only key that can decrypt this e-mail so provided he hasn’t given it away, only he can decipher it. It doesn’t matter if anyone else gets hold of the message en route. They will see only gibberish.) When Duncan receives the message his mail program will spot that it’s been encrypted and will ask Duncan to use his private key to decrypt it. In practice, Duncan will be prompted for his pass phrase. It sounds complicated but, in practice, it is no harder than clicking a couple of buttons. Secure Email 1 15/02/16 PGP 1 B: Authentication: are you who you say you are? Before you send your message, you need to give Duncan your public key. You then use your private key to “sign” the e-mail message. This is not quite the same as just adding a line at the end of the message as you would do with a real signature. There is more to it than that but we won’t go into it here. Suffice it to say that the signature is formed from your private key and the contents of the message itself. When Duncan receives it, he checks the signature by using your public key. He then knows that only the sender with the unique private key could have sent it i.e. yourself, provided you have not given your private key away to anyone else. The spin-off is that he knows the message can’t have been tampered with, en route. Again, in practice this comes down to clicking on some buttons in your e-mail program. To summarise, you encrypt your message with Duncan’s public key and sign your message with your private key. Before you embark on this, though, you must get hold of Duncan’s public key and he must get hold of yours. And before even this can be done, both you and Duncan (and anyone else with whom you wish to exchange information) must arm yourself with a public-private key pair. PGP One piece of software that implements PKI is PGP, which stands for Pretty Good Privacy. It supports Eudora as one of the e-mail programs that can use keys. And you can use it to generate a public-private key pair for yourself. With PGP, you can digitally sign your email: Automatically, PGP will calculate a complex mathematical value (called a hash) based on the exact content of your email message, and will then encrypt that value to your private key. The recipient of your email will use their PGP software to automatically make the same calculation - if the calculations match (the recipient's software automatically will use your public key to decrypt your encrypted hash), that is proof that the message has not been altered in any way (no spaces or letters have been added, deleted, changed, etc.). And since only you have the private key that encrypted the hash value that was now decrypted with your public key, this is proof that only you could have made the digital signature. So when PGP says that the signature is good, that proves that the message is both unaltered, and that the message does in fact come from the person it claims to. ________________________________ Secure Email 2 15/02/16