Or email safely
Original article by Maurizio Antonelli
As well as documentation for those interested, I sincerely hope that it can raise awareness of the non-security of “electronic mail” and help users to take the appropriate implementation tools.
Let’s start with this basic idea: “Email is not a secure media for transmitting information.”
In fact, almost all e-mail when traveling in the network are in clear text, without any form of encryption. As you know, an e-mail message, from the time he leave the sender PC since it arrive to the destination PC, it’s crossing different networked machines, each of which deals with “forward” it in the right direction. Whoever is at the controls of any of these machines can then view (sniff) this message, at great risk to the privacy of the sender and recipient.
Again: travel in clear text also UserID and Password in the process of authentication to POP3 server (incoming mail) and SMTP (outgoing mail). For this reason it is always a good idea to use the servers that provide the service to authenticate using TSL or SSL encryption in order to avoid someone take control of your e-mail.
Another problem: the sender of an e-mail is never guaranteed. With a few tricks you can pretend to be anyone for most of the people on the net.
For example with Mozilla Thunderbird. In the configuration of email accounts anybody can set up a fake sender. I can fool anyone and make them believe to be an authority, a bank or whatever. Just so I can “cheat” easily 90% -95% of users. A few will be able to notice the anomalies that are still present, however, in the headers of the mail message. With some tricks, which are not shown here, you can also lead to the disappearance of these remaining tracks … Et voila … You’re done.
Let’s Crypt it
Let’s start with encrypt the mail. In this way only those we want can correctly read our message.
The world has always been full of coding systems. The most simple anagram words, replace characters and many other methods, more or less sophisticated.
our e-mail will travel on the network as bytes in the form of X values between 0 and 255. Substitute these values for X to X+2 values for all values of X between 0 and 253. We replace then 254 and 255 respectively with 0 and 1. We have just invented an encryption key. Only those who possess this key (because we gave it to them or because they had discovered it) will be able to understand the content of the message, others will not be able to read it.
The one shown above is a simple example of symmetric key encryption: the sender and receiver use the same key the first to encode and the second to decode.
It is a system that will not be useful for our purpose, since it ‘s not extensible to a third party. In fact, if a user A and User B are using an encryption key for their own communications, this can not be used by the user A with C. In fact, that would make decay privacy between A and B.
If the user A, to overcome this problem, invented and used a key to every other person he would have to handle a huge number of coding systems, and soon the system would become unmanageable.
Solution to problem: A certificate with asymmetric key.
We will adopt a system that will use a certificate that consists of two distinct keys, one private and one public.
The private key should remain exclusively in the hands of the owner of the certificate. Should be retained with absolute attention. The owner will use it to decrypt messages that are addressed to him and more it will be used to affix a digital signature to the message which will ensure the real identity of the sender.
The public key may instead be distributed to the whole world, without incurring any risk of danger. It will be used to encrypt messages addressed to the owner of the certificate, only the owner of the related private key can decrypt that message. Anyone else see a number of bytes/characters without any meaning. In addition, it will be used to verify the digital signature that has been affixed with the private key.
The public key can be distributed to anyone without control. The fact that fall into foreign hands will not constitute any danger. The greatest attention should be given exclusively to the private key, which must remain strictly in the hands of the legitimate owners. If it does not fall into foreign hands, the system will be 100% safe (although in many mathematics departments are continuing to check the security of this solution).
Let’s try to understand how to operate an asymmetric key certificate. The following example is not applicable for those who will be our aim, however, gives a clear idea of how in mathematics exist non bijective functions that fit for purpose.
Imagine having to give these data: 4, -2, -1 and 5. Now the public key, which encrypts the sequence of four numbers, will consist in raising the square each. This will give us: 16, 4, 1 and 25. Another user who has in his hand only the public key can decrypt the data? The answer is no. In fact, information from the first number: 16. We know from the public key, that the number is the result of a number that was squared. Reverse: the square root, but the square root of 16 is not unique. 4 is a result yes, but it is also -4. How do we know which one to take? With only the public key we cannot.
As mentioned above, this example can not be used: the process of encryption is too simple to be efficient, but makes a very good idea of how more complex math functions not reversible, can be used for our purpose.
Finding function much more fit, I can reach my goal: to create a certificate key-pair with which to encrypt with the public and be able to decrypt only with the private.
At this point, l’ll distribute the public key and anyone can encrypt messages they want to send to me. Only and only I, holder of the related private key, can decipher the e-mail.
Now we see another possible use of an asymmetric key certificate. Imagine you can make a transaction using the private key on a message written by me. This operation, taking account of the sender and every single character that makes up the message, will give a unique result that can be obtained exclusively if that has been carried out with my private key. The result is a kind of checksum, because it takes into account all the individual bytes that make up the mail. If the sender had a different character or whether one was different, the checksum is different.
Holders of public key can not do the same with the same results, however, they may conduct an audit to check that the result may have produced solely and exclusively by the owner of the private key associated with it.
I just found a way to digitally sign my message: it was definitely sent by the owner of the private key, in addition, through the checksum, I can be sure that during his trip, the mail has not undergone any change of any kind, even 1 character has not changed.
Now there is a little attention to maintain. I will have to distribute my public key. there are 3 way to do this meeting in person “face to face”, even through the key-party, the meetings organized to exchange public keys, I can put on my personal website, or there are available key-server where everyone can put your public key and where users can do research, as if the were online lists. The thing to check in all cases is that the public key is really associated to the person you think. If i’m sure that a key come from a guy, but in reality it is from another person, the authentication system has been seriously compromised.
When possible exchange of key is always better when done in person. Even a website can give assurances, for example, who knows me, knows that maury.it is my site, and then follows that the key is on http://www.maury.it/gpg I had entered it there, so it is mine but in all other cases, authentication, face to face is the surest guarantee.
I personally always carry in my pocket a note written the code of my certificate GnuPG: 0x51F1316C. In this way, anyone who meets me may ask me the code and check it, so that he could verify the one on my website, on a key-server or on my e-mail signed (many times I had attached the public key) is really mine; Once the authentication is done by me in person, he can be pretty sure that the certificate is really mine.
Let’s see now how to obtain a digital certificate.
Some companies issue certificates according to the standard S/MIME. This standard is supported natively by most email clients, so you will not need to install plug-ins and/or additional extensions.
The first company that i want to report is Thawte. it’s from South Africa and issues free certificates for personal use. Thawte, with the classic system of “Reply to this e-mail …” can verify the authenticity of your e-mail address. For the identity registry, in order to submit the certificate that is your name and your last name, use the system of notaries: the Web Of Trust. People thought to be reliable and authenticated by the company (public notaries) is delegated to give a score from 10 to 35, depending on your length of service, having personally verified the identity of a new user.
A user, reaching 50 points, is declared authenticated by Thawte and then he will have his name entered in the certificate. Upon reaching the 100 points it enter in the notaries and it can then authenticate other users. Of course, the identity registry system is subject to the seriousness of notaries for the truthfulness of the email address you must, instead, to trust Thawte, a company that will act as guarantor.
Thawte notaries are now all over the world, some authenticate for free, others require small sum, on the Thawte website you can find the one closer to your area. If anyone needs, I am a notary and, knowing other notaries, i can get the authentication on the fly, totally free, because I like disclosure of information and security for pure passion.
Other Digital certificates are awarded by Italian companies like GeoTrust, the Italian Post Office and several banks. GeoTrust certificates are also released free for personal use. The others, however, as a paid service: at the offices there will be the authentication procedure and then the software will be released containing the certificate in the appropriate CD-ROM.
With this system, the digital signature is enhanced by the recognized authority. Thawte is recognized worldwide from several years. The others, however, may have less confidence abroad: I do not know how much credibility can have, for example, in Canada a certified mail by an authority like the Italian Post.
This system of authority may not be the one i was searching for: I want to be the sole guarantor of my identity. So I need a tool to create a digital certificate with an asymmetric key. Here come GnuPG.
End of the first part of this interesting article, in the second part it will be explained in detail the use of GPG with email.