UNINETT Forrige Start Neste

Basic secure E-mail procedures

The procedure for securing E-mail is more or less the same in all known secure E-mail systems.
  1. For privacy, one encrypts the mail with a known algorithm, most commonly a symmetric algorithm (both encryption and decryption use the same key) and a secret key. This may be generated for the occasion (session key), or may be one that both parties have agreed to use for encryption.
  2. For integrity, one calculates a checksum over the bytes of the message.
  3. For signatures, one then encrypts the checksum, and possibly other data, using the senders's private key and an asymmetric cryptoalgorithm, to form a signature.
  4. The session key, if present, is encrypted using the recipient's public key.
  5. All pieces are then put together in an envelope and passed to the recipient.
The reason for using two cryptoalgorithms is mostly the fact that the asymmetric cryptoalgorithms in use today are so slow that it would take too long to use them on the entire message, and the unique properties of an asymmetric cryptoalgorithm are not needed for the simple encryption of data.

When the mail arrives at the recipient (who must have the shared key or the sender's public key), the following steps are performed:

  1. If the message is encrypted with a session key, the recipient decrypts the session key using his own private key.
  2. If the message is signed, the recipient decrypts the signature using the sender's public key.
  3. The recipient can now decrypt the message and verify the signature, and can have some faith in the confidentiality and integrity of the message based on his trust in the confidentiality and integrity of his own and the sender's private keys.
Harald.T.Alvestrand@uninett.no
Last modified: Fri Nov 3 10:40:37 1995