Saturday, October 2, 2010

Encrypt Your E-Mail



Your e-mail holds the bulk of your online information. Unfortunately, that information is out in the open. That is, unless you decide to encrypt it so only you can determine who can read it.

The growth of the internet, and e-mail in particular, has given rise to numerous types of encryption software for the secure transmission of information. There are various reasons for wanting to encrypt your e-mail today:

  1. Client confidentiality. You need to transmit sensitive commercial information over e-mail, and you don't want people who sneak onto or steal your computer to compromise your clients' privacy.
  2. You want to avoid prosecution by the government. Perhaps you you live under an authoritarian regime that is trying to infringe on your civil liberties. We'll give you the benefit of the doubt here.
  3. You are a business owner or the head of an organization targeted by digital con artists and you need a system to authenticate your identity amongst your clientele.
  4. You read "Cryptonomicon" by Neal Stephenson and you geeked out on the encryption descriptions
What You'll Need

Encryption on the internet is not unlike your typical lock and key combination. What you'll need to do is choose the lock, in the form of encryption platform, and then generate a key to lock (encrypt) or unlock (decrypt) your data.

Choose your lock

There are various encryption platforms. Some popular standards include:

  • Advanced Encryption Standard (AES)
  • Triple Data Encryption Algorithm (TDEA), X.509
  • Various flavors of Pretty Good Privacy (PGP), including Open PGP and Gnu Privacy Guard (GPG)

Because encryption ought to be tightly integrated with your e-mail client, the standard you end up using is probably going to be determined by what works with your e-mail client of choice. For example, Microsoft Outlook comes with TDEA encryption, Apple's Mail supports X.509 encryption, and there is a GPG add-on for Firefox that works with Google's GMail.

Create your keys

To get started with encryption, you need to create an encryption key pair, which is like a digital signature and pass code. Your e-mail client or stand-alone encryption software might be able to create these keys for you or you may be directed to the web site of a certificate authority such as Thawte or Verisign to create and store your key.

Enter your full name, your e-mail address, and create a pass phrase that will ensure that only you can use your key. Your pass phrase should be fairly long and complicated - you shouldn't use names, dates, addresses, or anything else that can be easily guessed at. One simple method is to use mondegreens; you know, those misinterpreted words you used to sing along with, until you learn what the real lyrics really are and become terribly embarrassed. For example, Jimi Hendrix's "'scuse me, while I kiss this guy."

Certificate authorities create a key pair of both a private and a public key for you. The only people who should have access to your private key are you and the certificate authority; this key is what allows you to encrypt files and decrypt files meant just for you. The public key is freely distributed to anyone you correspond with; it allows other people to check your digital signature to confirm that you are the actual author, and it allows them to encrypt files and messages that only you can decrypt. Depending on the encryption standard you are using, you may have to send people your public key by attaching a file, or it may be automatically downloaded from the certificate authority's public key server.

Start encrypting!

The two most common functions of encryption software are Signing and Encrypting. Signing an e-mail lets anyone who has access to your public key decrypt the message, and serves to confirm that you are the original author. Signing is useful in situations where unsavory characters may be sending out fraudulent information in your name and you need people to know what information is really coming from you. Encrypting scrambles plain text or file attachments and only allows the intended recipient to access them. Encrypted files and messages are also signed as a matter of course, so the recipient can also confirm that the message they are decoding did actually come from you.

In the Future

As computers get more powerful, it becomes easier to crack encryption. In fact, one of the very first digital computers ever created, Colossus, was used to decrypt German codes during World War II. Typically as code breakers get more powerful, encryption systems just use longer and longer codes to slow down brute-force attempts to guess them: right now most desktop encryption software offers up to 4,096-bit encryption.

An entirely new system of encryption is being developed that takes advantage of the principles of quantum mechanics: quantum encryption creates an entangled key pair of qubits that is shared among two parties. These entangled qubits allow the two parties to share information securely, and - due to the peculiar role observation plays in quantum mechanics - also alerts them if anyone is attempting to eavesdrop on their secure channel. Quantum cryptography is already running on experimental military and university communication networks, and if the example of the World War II code-breaking machines is any indication, it's only a matter of time until the technology trickles down to consumers.