David's World

There are two competing standards for e-mail encryption. Pretty Good Privacy (PGP) and S/MIME. PGP has been around for a long time and is mainly used in academia. It is flexible and secure. However, S/MIME has attained a broad adoption in the software industry. Most e-mail clients support S/MIME. I have tried both over the last couple of weeks, and I'll give a short introduction how to make S/MIME work.

How public key encryption works

First of all: how does this kind of encryption work? You'll find a lot of detailed explanations on the web, so I'll just give you the scoop. Public Key Infrastructure (PKI) stands for a system using one-way encryption. Suppose I'd like to send you a message, I use a key code to encrypt it. This key code is something you have given me previously and it is not secret in any way. In fact, many people put their public keys on their website. That's because a message, once encrypted with
a public key, cannot be decrypted again with this key. Instead, you need a secret key, which belongs to the public one. And this one, the secret key, is something only you, the recipient, has. You can use it to decrypt my message.

So again: there is a key pair <P,S> with a public key P and a private key S. They belong together.
If A wants to send B a message M, then M is encrypted using P, resulting in M'. M' cannot be decrypted without S. That means, the recipient B has published P, but keeps S secret.

A neat thing you can do with PKI is to sign e-mails (and other documents). To sign something, you will need your secret key. Anyone else can then verify that it was you who sent that e-mail. To do so, the public key is used. Logical, isn't it?
A signature makes sure that the e-mail has not been altered on the way, and that you have sent it off.

There is more that belongs to PKI. Somehow, you'll need to make sure that you're using the correct public key P. You must be sure that P actually belongs to B, and not to some evil intruder. Techniques such as a web of trust allow people to vouch for somebody's keys, after they have verified that person's identify. That's a bit like a chain of friends at a party: the host invites guest 1, and guest 1 brings guest 2 along, and guest 2 brings guest 3. That way, the host can be fairly sure that guest 3 is not going to end up drunk in somebody's bedroom (unless the guests all enjoy that sort of thing). Of course, such chains of trust must be limited in length. PGP offers a mechanism for this, and for S/MIME, a similar mechanism is offered by Thawte.

An alternative means in order to establish authenticity for public keys is a so-called Certification Authority (CA), which checks your identity (they want to see your passport!) and then uses the signing mechanism to sign your public key. (Yes! You can sign any kind of document - therefore you can sign a public key, too!). The CA's public key, by the way, is called a root certificate, should you ever encounter the term.

Public key encryption is known to be very secure. I assume that even intelligence agencies have problems breaking through the codes: legislature in some countries limits the key strength (the longer the key, the more difficult is it to break the encryption). Bruce Schneier has written a paper about the general weaknesses of PKI.

So how to get started?

Here I'll explain in simple terms how to use S/MIME. I assume you're using a modern mail client that supports S/MIME. Most mail clients do.

First, you'll need your public/secret key pair. With S/MIME, your public key comes as a certificate, that is, a public key which is signed (certified) by a certification authority. These certificates adhere to a standard called X.509. There are quite a few certification authorities around, but unless you want to pay money
for your certificates (as a corporate customer), I recommend the use of Thawte. They offer a Free personal e-mail certificate for non-commercial use, and you don't need to show them your passport right away. Instead, they use a web of trust.

To get a personal certificate, go here and click on "Click to Request" under "personal e-mail certificates". Have
something like a Driver's License number or a passport ready. Once you're registered, you should add all of your personal e-mail addresses that you want to use to encrypt or sign e-mail. They will all be verified before you can proceed.

Then, you can request the certificate, which will take a few minutes. You will be notified by e-mail. Pick up your certificate with your web browser, and it will be automatically installed on your computer for you - at least, that is the case if you use a Mac and Safari (choose Netscape certificate when asked! Mozilla works, too!) On a PC, this should work just the same. If you need detailed instructions, I can recommend Mark Noble's tutorial.

Once your own certificate is installed, you can sign e-mails with your e-mail program. If you use Outlook, you will have an option in the Tools menu. As soon as somebody has received a signed e-mail from you, he will automatically have your public key, too. From that point on, that person can send you encrypted e-mails.

So, again: you will need to have received a signed e-mail from somebody, before you can encrypt stuff for that person. (Or at least, you will need to install the person's certificate!). On my machine, using Apple Mail, I get two nice buttons in my mail window, as soon as I have entered a recipient whose certificate I have, and selected an e-mail address for which I have my own certificate.

Note that the "Signature" function is just your conventional signature at the end of an e-mail. It has nothing to do with secure signing.

The installation of public keys happens more or less in the background. Windows will ask you, sometimes, if you trust a person's key, but apart from that, it should need little manual intervention. Things seem to be more difficult on Windows installations; on the Mac, there is a central repository (Key chain) to store all the certificates.

Happy encrypting!

(This text will be improved over time. Your comments and experiences with other systems are welcome. You're also welcome to send me signed or encrypted e-mails to test things, even if I cannot solve your installation problems!)

(revised definition of 'certificate' on 1/Feb/05)