Basic secure E-mail procedures
The procedure for securing E-mail is more or less the same in all
known secure E-mail systems.
- For privacy, one encrypts the mail with a known algorithm, most
commonly a symmetric algorithm (both encryption and decryption
use the same key) and a
secret key. This may be generated for the occasion (session
key), or may be one that both parties have agreed to use for
encryption.
- For integrity, one calculates a checksum over the bytes of the
message.
- For signatures, one then encrypts the checksum, and
possibly other data, using the senders's private key and an
asymmetric cryptoalgorithm, to form a signature.
- The session key, if present, is encrypted using the
recipient's public key.
- All pieces are then put together in an envelope and passed to
the recipient.
The reason for using two cryptoalgorithms is mostly the fact that the
asymmetric cryptoalgorithms in use today are so slow that it would
take too long to use them on the entire message, and the unique
properties of an asymmetric cryptoalgorithm are not needed for the
simple encryption of data.
When the mail arrives at the recipient (who must have the shared key
or the sender's public key), the following steps are performed:
- If the message is encrypted with a session key, the recipient
decrypts the session key using his own private key.
- If the message is signed, the recipient decrypts the signature
using the sender's public key.
- The recipient can now decrypt the message and verify the
signature, and can have some faith in the
confidentiality and integrity of the message based on his trust
in the
confidentiality and integrity of his own and the sender's
private keys.
Harald.T.Alvestrand@uninett.no
Last modified: Fri Nov 3 10:40:37 1995