Secure E-mail Components

E-mail communications can be secured using a number of different methods and techniques. The most popular and widely used of these methods, however, are those based on a scheme known as public key cryptography. In a public key cryptographic system, users are assigned a personal digital certificate that is used to both validate their identity and enable the secure exchange of information through the use of encryption.

Public key cryptography systems are typically comprised of the following primary elements:

• Certificates

• Certificate Authorities (CAs)

• Public and private keys

Each of these elements is explored in more detail in the following sections.

Certificates

Certificates form one half of the foundation upon which public key cryptography systems are built. Although a certificate is technically nothing more than a file that can be stored on your computer, it acts as your personal digital identification - in fact, personal digital certificates are often referred to as digital IDs.

You've probably already come into contact with certificates in some form, perhaps without even knowing it. When you visit a secured web site (those starting with an https:// address, such as http://www.paypal.com or http://www.verisign.com), the server presents its identification in the form of a web site certificate. The certificate allows both you and your web browser to validate the site's true identity, and ultimately enables all traffic passed between your computer and the web site to be securely encrypted. In cases where a web site does not have a certificate installed, secure HTTP communications cannot occur.

In the world of e-mail, personal certificates are usually issued by entities known as Certificate Authorities (CAs). You complete a certificate request process with a CA as part of registering for a certificate, and ultimately obtain your personal certificate from the CA if the request is approved. A number of different public certificate authorities exist, including companies like Thawte and VeriSign. Some CAs deal with the general public, whereas others issue certificates for larger corporations only.

After you have a personal certificate installed, you can digitally sign e-mail messages you send, as well as decrypt messages that other users send to you.

Certificate Authorities

Certificate Authorities (CAs) are the entities responsible for issuing digital certificates, and represent the other half of the foundation upon which public key cryptographic systems are built. Public CAs not only generate certificate files (in a format known as X.509), but also digitally sign the certificates they issue. In this way, a CA acts a kind of trusted third party responsible for identifying the organizations or individuals to whom it issues certificates. When a CA signs your certificate, it's effectively saying that it vouches for your identity.

Consider completing a credit card purchase online. When you reach the payment portion of the process (where you submit your personal details and credit card number), an encrypted connection is used. Your web browser typically notifies you of this by displaying a lock icon toward the bottom-right corner of its window. However, your browser does more than just ensure a secure connection alone - it also verifies that a trusted CA has signed the web site's certificate, thus confirming its identity. In cases where a trusted CA's signature is not found on the certificate, your web browser typically displays a warning message alerting you to the fact that this site may not actually be who it's claiming to be.

CAs exist to help create a hierarchy of trust upon which a secure identification and encryption infrastructure can be built. Windows Vista systems (more specifically, programs like Internet Explorer and Windows Mail) implicitly trust certificates issued and signed by public CAs like Thawte and VeriSign. In other words, if you send your personal certificate to another user, her e-mail program verifies that a trusted CA (in this case, Thawte) signed it. Because the other user's e-mail program "trusts" certificates signed by Thawte, it inherently trusts you. CAs are trusted by way of having their root or top-level certificates included with Windows Vista by default. In cases where a user attempts to communicate with you using a certificate that wasn't issued by a trusted CA, a warning message usually displays, alerting you to the fact.

Public and Private Keys

In a public key cryptographic system, every person issued a certificate is also issued a pair of keys. One key in this pair is known as the public key, and the other as the private key. Only the private key can decrypt a message encrypted by its associated public key, and vice versa.

This two-key methodology is also referred to as asymmetric encryption. The fundamental idea behind this scheme is that you can freely distribute your public key to anyone, but your private key is for your use only.

Many people find this idea confusing, but it's actually quite simple. Your public key has only two real purposes: it enables others to verify your digital signature, and it encrypts messages they're sending to you. In other words, if another user encrypts a message with your public key, only your private key can decrypt and open that message. As long as nobody else has access to your private key, messages encrypted by your public key remain for your eyes only. Similarly, when you sign a message with your private key, only your public key can verify your signature. As such, when users receive a signed message from you, they know that only your private key could have been used to sign the message, and that it is indeed from you.

As you might expect, this scheme requires that your private key remain properly secured. Operating systems like Windows Vista store your private key in a protected storage area that is inaccessible to other users.