How Secure E-mail Works | PC Magazine Windows Vista Security Solutions

The following sections explain how digital signatures and encryption work in the context of verifying a sender's identity and securing the contents of e-mail messages. A step-by-step example of the processes involved is also provided for illustrative purposes.

Digital Signatures

Digital signatures exist to verify the identity of the person who sends an e-mail message. In basic terms, a user with a personal certificate installed composes an e-mail as she normally would, and then selects an option (in her e-mail client program, for example Windows Mail) to digitally sign the message. When the recipient receives the message, he verifies this digital signature, proving that the message both came from the sender, and was not in any way modified in transit.

Note

In cryptographic terms, proving that a message came from the actual sender is commonly referred to as non-repudiation or authentication. An e-mail that was not modified in transit is said to have message integrity.”

Digital signatures do nothing to encrypt the contents of a message - the process of signing a message is designed to prove the sender's identity, and to ensure that the contents of the message haven't been altered since the message was sent.

In a public key cryptographic system, messages are signed via a process whereby the contents of a message are run through an algorithm that always produces a fixed-length output known as a hash value. The hash value is signed with the sender's private key, and sent along with the message.

When the signed message reaches its destination, the recipient uses the sender's public key to decrypt this signed hash value (the client e-mail program actually does this on the user's behalf). This process succeeds only if the real sender's private key was used to sign the hash. If the process fails and the hash value cannot be decrypted, the recipient knows that the message is not from the sender specified.

Assuming that the public key can decrypt the hash value, the sender's system runs the message through the same algorithm to produce its own hash of the message. If the results are the same as those included with the original message, the recipient knows that the message has not been altered in any way since it was originally signed. If so much as a single character in the message was changed in transit, the hash value calculated by the recipient's computer would produce a different result, and the recipient would know that the message had been tampered with.

Note

Public key cryptography is both slow and computationally taxing due to the long key lengths used by the RSA encryption scheme (typically 1024 bits in length). For that reason, most public key systems make use of what is known as a session key to encrypt or digitally sign messages. In the case of digitally signing a message, a one-time session key (usually 128 bits long) is used to sign the hash value attached to the message. Then, the session key is encrypted by the sender's private key and included with the message as well. When the recipient receives the message, he uses the sender's public key to decrypt the session key, and then uses the session key to decrypt the hash value. This method makes public key cryptography more efficient because it takes much less time to encrypt or decrypt a session key than it does to perform the process on an entire e-mail message, attachments, and so forth. For the sake of clarity, use of session keys is assumed throughout this chapter when not explicitly mentioned.

Encryption

In the context of e-mail security, encryption exists for the purpose of protecting the contents of messages, including attachments. When an e-mail message is encrypted, its contents are scrambled so that they cannot be read until the correct decryption key is applied.

To send an encrypted e-mail message, the sender must have a copy of the recipient's public key on her computer. If the recipient's public key is present, the sender simply composes the e-mail message as she normally would, and then selects an option in her e-mail client program to encrypt the message. The message (including any attachments) is then securely encrypted and forwarded to the intended recipient.

When the recipient receives the message and tries to open it, her own private key is applied to the message in an attempt to decrypt it. Assuming that the correct private key is present on her computer, the message is decrypted and displayed in the same manner as any other unsecured e-mail message.

It's important to remember that you can only send an encrypted message to another user if you have a copy of the person's public key. On Windows Vista e-mail client software packages like Windows Mail, your personal e-mail certificate is automatically attached to all e-mail messages that you digitally sign, and your public key is included in the certificate. So, if you want another user to be able to send encrypted messages to you, send them a digitally signed message - this effectively provides them with the required copy of your public key. If you want to send other users encrypted messages, have them send a digitally signed message to you.

Tip

If you're interested in the finer details of how different cryptographic systems work, check out the excellent multi-part Cryptography FAQ at http://www.faqs.org/faqs/cryptography-faq/.

Digital Signatures and Encryption in Action

The processes by which e-mail messages are digitally signed and encrypted is best illustrated with an example. The following steps outline a situation where two users - Dan and Jessica - want to engage in secure e-mail exchanges using encryption and digital signatures:

Both Dan and Jessica register for and install personal e-mail certificates from the CA of their choice.
Dan wants Jessica to encrypt all e-mail messages that she sends him. Dan knows that Jessica needs his public key to do this, so he sends her a digitally signed e-mail message.
Jessica receives the digitally signed e-mail message, which includes an attached copy of Dan's personal certificate and public key. Her e-mail program uses Dan's public key to decrypt the hashed signature included with the message, and verify that the message was not altered in transit.
Jessica then composes a new e-mail message to Dan, and attaches pictures from her last vacation. Before sending the message, she selects the option to encrypt it. Her e-mail program uses Dan's public key to encrypt the message (including attachments), and then sends it off.
Dan receives the encrypted e-mail message from Jessica. His e-mail program applies his private key to the message to decrypt its contents. The message is decrypted, and Dan can now read its contents and open the pictures attached to the message.

In this example, Jessica can send Dan encrypted e-mail messages because she has a copy of his public key. If Dan wanted to send encrypted e-mail messages back to Jessica, he would need a copy of her public key first. The easiest way for Jessica to provide Dan with her public key would be for her to send him a digitally signed e-mail message.

Tip

For secure e-mail to be truly effective, both parties engaged in a communication process must have their own personal e-mail certificates installed. Although you can't force anyone into obtaining a certificate, you can get the ball rolling by installing one of your own. If you begin digitally signing your e-mail messages and asking others to encrypt all messages they send to you, there's a better chance that they'll take an interest and obtain a personal e-mail certificate also.