[ Jonathan McPherson's home page]
[ thoughts ]
other areas : home | music | me | reviews | thoughts | misc
 
 

On E-mail Cryptography

I've used e-mail cryptography off and on over the past few years. It's come a long way since its inception, but has mostly failed to gain widespread acceptance. This essay is for those new to the idea or curious about why I like it.

What Is E-mail Cryptography?

Most e-mail crypto (crypto is short for cryptography) uses a system called public-key cryptography. In this system, a computer generates two keys, a public key and a private key. Either of these can be used to scramble information. The keys are opposites: anything scrambled with the public key can only be unscrambled with the private key, and vice versa: anything scrambled with the private key can only be unscrambled with the public key.

When you set up e-mail crypto, you have your computer generate a public and private key. You give the public key out to anyone (on your web site, etc), but keep the privte key and protect it with a very strong passphrase (longer than a password).

So, how does this help anyone?

Secrecy

Suppose that you want to send me a message, and you want to be sure that only I can read it. Traditional e-mail is not suitable for this purpose: the message is sent, in clear text, through many mail servers and other systems on the Internet, and can be easily observed by anyone watching on the path it takes -- similar to the way the notes on a postcard can be read by any of the postal staff who process it.

Even if the message made it to me through the 'net without anyone reading it or intercepting it, there is a small possibility that someone could hack into my computer (or just sit down in front of it!) and read the e-mail you intended for my eyes only.

E-mail crypto solves these problems: simply scramble the message using my public key. Since the e-mail is scrambled, it is worthless to anyone who intercepts it, because unscrambling the e-mail in a reasonable length of time without using my private key is nearly impossible. Even if someone is at my computer reading my e-mail or has hacked into my e-mail account, they need my private key and passphrase to read the e-mail.

Authenticity

Suppose that you get a message from me, and you want to be sure that it's really from me.

E-mail is very easy to forge. It is trivially easy to set the From: line of an e-mail message to anything you want and pretend to send e-mail from someone else. Of course, simple forgeries are also simple to spot, but more advanced forgers can make relatively convincing-looking e-mails.

Again, someone could hack into my account or sit down at my computer and send e-mails directly from my account. How could you tell that such e-mails were not really from me?

E-mail crypto solves these problems: I need only scramble the message (or a hash of the message) using my private key. Then anyone can check, using my public key, that indeed it was my private key that scrambled the message. Since only I have access to my private key and passphrase, only I can scramble the message using it -- if an e-mail is "signed" with my private key in some way, it must have come from me.

Why Use E-mail Crypto?

Very few people currently take advantage of e-mail cryptography. Here are some reasons that I think most computer-literate people can and generally should take advantage of it:

  1. E-mail cryptography provides secrecy and authenticity. This is the most obvious reason, and often the reason that gets people started using it. Why use regular, unsafe e-mail when a secure alternative exists?

  2. E-mail cryptography helps increase your e-mail's signal-to-noise ratio. After exchanging public keys with someone, you can communicate with each other via secure e-mail -- whereas mass mailings, spam, company announcements, and the other scourges of the e-mail world are almost never sent securely. This allows a sort of natural prioritization of secure messages.

  3. E-mail cryptography helps protect free speech. Here's why: the government has the capability to monitor e-mail and apply sophisticated heuristics to them to find things they don't like. People who want to speak freely to each other about things the government (or their company, etc) doesn't like can use e-mail crypto to do it. But that will make their communication suspicious ... unless everyone uses e-mail crypto to begin with. By using e-mail crypto, you protect your own privacy and indirectly help protect the privacy of others. Even if you don't "need" the privacy (you have nothing to hide, right?), using e-mail crypto helps protect the rights of people who do need that privacy.

How Do I Use E-mail Crypto?

Unfortunately, tools for e-mail crypto are often not trivially easy to find or use, especially for people who are not accustomed to using computers.

The E-mail Crypto Third-Party Program

Most e-mail programs (in fact, all email programs I know of) do not come with built-in crypto. You must use an add-on program to do the crypto.

If you are using a variant of Unix, I highly recommend using the GNU Privacy Guard (hereafter, GPG). It is the software I use, and it's relatively easy compared to other Unix tools. (-: It integrates well with e-mail software.

The E-mail Client

Many e-mail programs do not support crypto at all.

The e-mail client that comes with Mozilla (a web browser available on many platforms, including Windows) can be extended to use crypto with the enigmail plugin.

Under Linux, the e-mail client mutt (my personal favorite) has very good integration with GPG.
subjects
This page is valid XHTML 1.0 Strict.
DESIGN AND CONTENT © 2003 J. McPherson UNLESS NOTED OTHERWISE.
LAST DML REBUILD (UPDATE): May 22 2003 03:42 PM
SEE CONTACT INFO.