E-Mail Privacy

Ways to protect and validate e-mail

I get asked a lot of questions about e-mail. Naturally, there are questions about e-mail servers, routing and delivery. Increasingly, though, I'm asked about e-mail that I'm sending out. Why? It's all about the security.

Lets wind the clock back a bit. Like most of us, the Internet spent its pimply faced period in school. The academic environment that developed the 'net as we know it was a trusting place. E-mail servers would be set up to allow anyone to use them, even someone from off-campus or at another school altogether. In fact, it was bad form if you didn't allow this (sure, it sounds strange now...). When e-mail was sent, it was done so without encryption or protection, and stored on disk the same way. Some things never change.

While most people now know to lock down their mail servers from outsiders (typically spammers), most e-mail is still sent without protection. I believe in freedom, and I believe in privacy. However, e-mail inherently offers neither. You send mail one way, without the freedom to choose how. Your mail is sent unencrypted, without any kind of authentication that it's even being sent by you. There are two ways to change this: signing and encryption.

Protection with PGP

PGP, or any program that follows the OpenPGP standard, such as GPG, will allow you to protect your e-mail. It does this in the two ways mentioned:

• Sign your e-mail message body cryptographically - This is not the cloak-and-dagger 'encryption' that most people think of. Signing does two things. First, it verifies the message sender. Second, it verifies the integrity of the message, that it hasn't been altered from its origin.
• Encrypt your message - This is kind of encryption that most people think of when it comes to privacy. PGP allows you to completely alter your message, cryptographically, so only the intended recipients can read it.

You sign messages destined for a large audience. A mailing list, or company announcement, for example. You can also choose to sign when the recipients of your message do not also use PGP. When they do begin to use it, they can still verify your messages. As mentioned, signing gives your message integrity, but still stores the message on disk as plain text.

You encrypt messages when you do not want your message in plain (readable) text after you've sent it. Not as it's being transmitted across the network, not on an intermediary server, and not when it's stored on disk when it gets to your recipient. In this case, both parties must be using PGP.

PGP uses public key encryption. Using the PGP software, you create a key that has two parts: a public side, and a private side. As the names imply, you give out the public key, and you keep the private key to yourself. To effectively use public key encryption, there needs to be a public key infrastructure which distributes keys to all parties.

Protection with Certificates

Digital certificates can protect your e-mail in similar ways to PGP. You can sign an e-mail with your certificate, giving it integrity, and you can also encrypt the contents. Like PGP, to be of real use, there needs to be a supporting infrastructure to distribute and validate certificates. A certificate authority ("CA") is set up to issue certificates. Many people are familiar with web certificates, but e-mail certificates are available also. While you can create your own certificate ("self-signed cert"), most operating systems, web browsers and e-mail applications are pre-loaded with a list of trusted certificate authorities.

This infrastructure can be likened to a government agency issuing passports. You provide the CA some proof of your identity, and they issue you a digital certificate. You can then present this certificate along with your e-mail to say, "yes, this really came from johndoe@example.com". Each certificate is specific to a single e-mail address, so you may need more than one if you have several e-mail addresses (and, honestly, who doesn't?). Two reputable CAs that issue free certificates for personal use are Comodo and Thawte.

What's the Difference?

PGP and digital certificates perform similar actions, so, why would you use one method over another? They're not mutually exclusive - you can use both. PGP doesn't require a CA to issue you anything. You create your own key, and spread it to others as necessary (yourself or via a keyserver). As mentioned, you can self-sign a digital certificate, but for it to work 'right', you really need to be issued one from a CA. PGP can actually sign or encrypt just about anything: a file on disk, text in a word processor, etc. The digital certificate will only work within your e-mail application.

One consideration is what your recipients are using. PGP will sign and encrypt by altering the message body. This will still look like a standard 'plain text' e-mail. The body of the e-mail will get tagged with your PGP signature, and your recipient will see this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, Dave;

Here's the message. Have a good day.
Ed-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFCvFjHlGFuHVJhyh0RAluVXJsHUNAWY7IQRHVxNEhxtmob2BFjVQCeO1xV
QUGZxNeNFVrh4PMhq8IhuPI=
=feyn
-----END PGP SIGNATURE-----

The recipient will need PGP to verify the signature, but can otherwise read the message. If you encrypt a message with PGP, you simply get a start and end.

A digital certificate will get inserted into a message as a MIME header. This keeps the message body clean, but can cause problems, though that's infrequent. One problem is with mailing lists that only accept plain text. They see the MIME header and kick your mail back. Another issue is with older mail clients (or, simply mail clients that are poorly written). On these clients, the message with the digital certificate will show up in several pieces, all as attachments - even the body text. However, when it works, it's very smooth, and most people won't know there's anything different about the message.

Apple's Mail.app, Microsoft's Outlook and Novell's Evolution will all import a certificate automatically when sent a message with one. So, if you're also set up with a certificate, you can immediately reply to that person and sign or encrypt that e-mail.

How to get started

There are many good tutorials on-line, so I won't try to reproduce them here. To get going with PGP:

If you're a Mac user, go to the MacGPG page.

If you're a Windows user, check out WHOA's tutorial.

If you're a Linux user, go to the Gnu Privacy Guard page.

To sign up for a digital certificate, go to Thawte, or Comodo. Personally, I'm using a cert from Thawte. If you do choose Thawte, you will probably want to opt-out from being contacted by Thawte and everyone they do business with by going to their opt-out page.

Once through with Thawte's sign-up, stand up, and walk around the room; you've probably been sitting long enough, and it will take them a little bit to generate your certificate. Once complete, you'll receive an e-mail with a link that will open in your web browser. You should then be prompted by your web browser to import the certificate.

Apple even has a page on all of this in their knowledge base here. Microsoft has a "Where to get digital certs" page here.

Overall

I'm a believer in these methods of protection. Unfortunately, PGP and digital certificates are a little beyond the average e-mail user. There has been no easy way to set this up with one mouse-click. Of course, you don't have to be Einstein to sign and encrypt your e-mail. Follow the instructions on the pages above and you'll be rolling along before you know it.

I don't expect anyone to encrypt their e-mail because they have something to hide. I want people to sign and encrypt their e-mail because they have the right to do so. The right to privacy. The right to not let everyone know your entire life because your laptop got stolen. The right to keep the nosy IT guy out of your mail. The right to comfort in the fact that the message you receive is from who it says its from.

Privacy. Freedom. Don't e-mail without them. That's why I sign.