Secure E-mail - University of St Andrews

advertisement
PGP 1
Secure E-mail
Nowadays, more and more of the information we handle at work comes in electronic form, often by email, or as
an attachment to e-mail. This is such an everyday occurrence, that users tend to trust the system totally. All
internet users ought to understand, however, that regular email offers no privacy, and can actually be read by
many people other than the person it is sent to. Mail passes through several computers on its way to or from
correspondents. All of the computers the email goes through on its journey can keep a copy. The administrators
of all of these computers can read your email if they choose to, and they can send it to anyone they might want
to. Anyone that can intercept your email, can alter your email's content; and anyone can send email that looks
as if it was sent by you.
What's the solution?
One answer is make use of something called a Public Key Infrastructure [PKI]. This allows you to:
 keep information totally secure by transforming it into code which only you and your intended readers can
decode
 ensure that any data you receive really does come from the person who claims to have sent it
 be sure that no one has altered it en route
 apply a digital signature to electronic documents
Why should I bother with this?
You may well be thinking 'I'm a law-abiding citizen – I've nothing to hide.' True, but then why do you conduct
the affairs of your life by letter and not write it all on postcards for anyone to see? Besides this, there are other
issues apart from your own privacy – some of these are:
 Are you transferring data (however innocent) about a student or a member of staff?
 What if commercially valuable data fell into the wrong hands?
 Do you ever accept an email as authorisation for an action?
 Recent legislation has given legal standing to digital signatures, but only if they are created under certain
conditions.
How does a PKI work?
Each user has two keys [commonly called a key pair], one a public key, and the other a private one: the user’s
public key is freely available to all and must be given to anyone with whom the user wants to exchange
information. The private key, on the other hand, is kept private to the user and must never be given away. It
acts as the user’s identity and so takes on the importance of a passport, for example. The private key is often
protected by a pass phrase (i.e. the user is asked to supply a pass phrase before the key can be used).
Each key in a pair can decode data encrypted by the other key in that pair – and no other key can do this.
A: Encryption: using PKI to deal with confidential information
Let us suppose that you wish to send a confidential e-mail to someone called Duncan and that you wish
Duncan to know that it is really you who has sent it.
The first thing you need to do is to get hold of Duncan’s public key. You then use this to encrypt your email message to him. The only way of decrypting this e-mail is with Duncan’s private key. (Remember
that his private key is the only key that can decrypt this e-mail so provided he hasn’t given it away, only he
can decipher it. It doesn’t matter if anyone else gets hold of the message en route. They will see only
gibberish.)
When Duncan receives the message his mail program will spot that it’s been encrypted and will ask Duncan
to use his private key to decrypt it. In practice, Duncan will be prompted for his pass phrase.
It sounds complicated but, in practice, it is no harder than clicking a couple of buttons.
Secure Email
1
15/02/16
PGP 1
B: Authentication: are you who you say you are?
Before you send your message, you need to give Duncan your public key. You then use your private key to
“sign” the e-mail message. This is not quite the same as just adding a line at the end of the message as you
would do with a real signature. There is more to it than that but we won’t go into it here. Suffice it to say
that the signature is formed from your private key and the contents of the message itself. When Duncan
receives it, he checks the signature by using your public key. He then knows that only the sender with the
unique private key could have sent it i.e. yourself, provided you have not given your private key away to
anyone else. The spin-off is that he knows the message can’t have been tampered with, en route.
Again, in practice this comes down to clicking on some buttons in your e-mail program.
To summarise, you encrypt your message with Duncan’s public key and sign your message with your private
key. Before you embark on this, though, you must get hold of Duncan’s public key and he must get hold of
yours. And before even this can be done, both you and Duncan (and anyone else with whom you wish to
exchange information) must arm yourself with a public-private key pair.
PGP
One piece of software that implements PKI is PGP, which stands for Pretty Good Privacy. It supports Eudora as
one of the e-mail programs that can use keys. And you can use it to generate a public-private key pair for
yourself.
With PGP, you can digitally sign your email: Automatically, PGP will calculate a complex mathematical value
(called a hash) based on the exact content of your email message, and will then encrypt that value to your
private key. The recipient of your email will use their PGP software to automatically make the same calculation
- if the calculations match (the recipient's software automatically will use your public key to decrypt your
encrypted hash), that is proof that the message has not been altered in any way (no spaces or letters have been
added, deleted, changed, etc.). And since only you have the private key that encrypted the hash value that was
now decrypted with your public key, this is proof that only you could have made the digital signature. So when
PGP says that the signature is good, that proves that the message is both unaltered, and that the message does in
fact come from the person it claims to.
________________________________
Secure Email
2
15/02/16
Download