When you send an email, its contents can be read by anyone. Email is like sending a normal post: anybody who gets it in their hands can read it. To keep data sent via email private, you need to encrypt it. Only the intended recipient will be able to decipher the message while anybody else sees but gibberish.
Public key encryption is a special case of encryption. It operates using a combination of two keys: a private key and a public key, which together form a pair of keys. The public key, which is used for encryption, is given to anybody who wants to send encrypted mail to you. The private key is kept secret on your computer since it is used for decryption The sender’s encryption tool uses your public key in combination with the sender’s private key to encipher the message.
When you receive the encrypted message, you need to decipher it. Decryption of a message enciphered with a public key can only be done with the matching private key. This is why the two keys form a pair, and it is also why it is so important to keep the private key safe and to make sure it never gets into the wrong hands (or in any hands other than yours).
There are two main encryption standards being used in the industry at the moment:
OpenPGP (Open Pretty Good Privacy) is a standard for secure email messaging. OpenPGP messages offer sender authentication using digital signatures and can be encrypted using public key cryptography to protect privacy. OpenPGP builds on and extends MIME. OpenPGP messages also work well with HTML formatting and attachments.
S/MIME (Secure Multipurpose Internet Mail Extensions) is a standard for secure email messages. S/MIME messages offer sender authentication using digital signatures and can be encrypted to protect privacy. Since S/MIME builds on and extends MIME, S/MIME inter-operates well with any standard-compliant email client.
There are many websites and companies providing web-based secure emails free of cost. One of the best ones are hushmail.com. They provide great security and features such as changing your digital signature and much more. Other free secure email providers are cryptomail.org and aderes.net, and there are many more.
To name a few secure email server software, MailSite email server software provide high quality, easy to use email solutions for businesses, enterprises and service providers that require secure, scalable email hosting software with integrated anti-spam, anti-virus, content filtering and attack prevention. MailSite includes real-time anti-virus and anti-spam protection, content and attachment filtering, automatic blocking of denial of service and directory harvest attacks, protection against email fraud including “phishing,” and the ability to enforce corporate email policies.
iOpus is a freeware application for sending secure email attachments available for download at their website. iOpus SEA uses the Blowfish encryption algorithm with a key length of up to 448 bits. Blowfish encryption is so strong that it has never been cracked yet. In fact, most experts agree that it cannot be cracked with current computer technology and that includes supercomputers.
It is quite easy to send encrypted emails across the net these days and you know for sure that it’s not falling on anyone else’s hands.
An interesting read, but as someone with a strong background in cryptography, in particular email encryption, you have missed a couple of important points.
The art of encryption itself is relatively well defined, the algorithms and standards are set in stone and very secure. AES 256 for example is regarded about as you need for the next 20 years.
This leads to my main point which is the problem with Public Key Cryptography: Key management. How do I know that your public key, which you have generated, is yours? Ok, I trust you, but i also have 1000+ other people I want to securely communicate with, I now have to manage and verify the integrity of all of those peoples keys. Where I am going is that a simplified key exchange and management mechanism is needed.
I wrote my master’s thesis on Identity Based Encryption which takes a publicly known ID (email address), paired with a global public key to produce a public key for that known ID. The private key is computed by pairing the corresponding global private key with the known ID (email address).
This is relatively new, but also massively ground breaking as opposed to managing potentially thousands of public keys, you only need know the one global public key and the email address you want to send to.
There are only a couple of IBE systems that have been commercialised, but if you’re looking for easy to use email encryption software I highly recommend you read the whitepapers at Identum’s website and take a look at their software.
Comment by Matt — December 18, 2006 @ 2:04 pm