How secure email works

What is security?

Security people talk about confidentiality, integrity and authentication.

Confidentiality is about making sure that no one (other than the intended receipient) can read your emails. Ordinary emails have no confidentiality because they are sent in the clear for anyone to read. They usually pass through many different parties before reaching the receiver, so any them or other evesdropers could read it. It is like writing your message on a postcard when you would rather have the message put inside an envelope.

Integrity is about making sure that the message the receiver gets is the same message the sender sent. Ordinary emails have no integrity, since there is no way for the receiver to detect that a message has been tampered with.

Authentication is about making sure of who the email came from. Ordinary emails have no authentication, and anyone can make a fake email claiming it came from you.

Secure email can give us confidentiality, integrity and authentication.

Cryptography

Secure emails is built upon a technology called Public Key Cryptography. It relies upon mathematics and algorithms, but we don't need to understand how it works--just how to use it. There are three things that every user of secure email will have: a private key, a public key, and a certificate.

Public and private keys

Public key cryptography relies on two numbers, sometimes referred to as "key-pairs" since they are closely related. The mathematical relationship between them allows us to use one to encrypt and the other to decrypt (or vice versa). These are really really big numbers that are impossible to guess. And knowing one of them doesn't help you guess what the other one is. We arbitrary pick one and call it a private key and call the other the public key.

The private key is treated like your secret password. If someone knows your private key they can read encrypted emails sent to you and send emails that pretend to have come from you. Good thing it is a really big number that cannot be guessed.

The public key is also impossible to guess. But no one needs to try and guess it, because you deliberately want to tell everyone what it is. It is not a secret.

Encrypting

A message encrypted with your public key can only be decrypted using the corresponding private key. Encryption (as you know from spy movies) is scrambling a message and decryption is unscrambling it.

If someone wants to send you a secret message, they simply encrypt it with your public key. Anyone can get hold of your public key, so anyone can send you an encrypted message. But only you have the private key, so only you can decrypt and read the message. No one else has your private key, so no one else can read the message. Similarly, if you want to send someone a secret message, you would encrypt it with their public key.

Encrypting an email is how we get confidentiality.

Signing

A message signed by a private key can have that signature verified by the corresponding public key.

Think of a signature as encryption with the two keys reversed. You sign a message by "encrypting" it with your private key. Only the corresponding key can decrypt it. But everyone can have your public key, so anyone can decrypt it. If the decrypted data matches the message, then the receiver can be sure that only you (the holder of the corresponding private key) could have created that signature. No one else could have forged that signature, because no one else can guess what your private key is. Also, if the message has been tampered with, the "decrypted" signature will not successfully match the message so the receiver will know that it is not what you signed.

Digital signatures on an email proves integrity and provides authentication of the sender.

Certificates

We have assumed that the other person knows that a particular public key is yours. This is where certificates come in.

A certificate is a piece of data used to establish an identity. It contains your public key and information about you (e.g. name and email address). This way, a person can get hold of your public key and also know that it is your public key.

The certificate is issued by an authority. The certificate is digitally signed by the authority, so (like a signed email) it cannot be forged or tampered with. The theory goes: if you trust an authority, then you trust that they are associating the correct public key with the correct person.

There can be a chain of certificates, where each certificate is digitally signed by another private key which has an associated certificate. This continues until the root certificate which is a self signed certificate -- one that is signed by its own private key. Email programs are usually preloaded with a set of trusted root certificates.

For our purposes, we will nearly always deal with certificates. You will very rarely handle just the raw public key. If a program want to use the public key, we will usually give it the certificate and it will extract the public key from it.

Note: a lot of programs and documents incorrectly use the term "certificate" to refer to the public key or (worse) refer to the private key as a certificate. They also sometimes calls the key-pair a certificate. They also sometimes refer to a private key and one or more certificates as a certificate. This is very confusing. In this article, a certificate will only refer to the digitally signed data issued by a certificate authority (it contains a public key as well as other information).

S/MIME and X.509v3

This guide will be using Secure Multipurpose Internet Mail Extensions (S/MIME), which is a specification for how to represent digitally signed and encrypted emails.

S/MIME uses X.509v3 certificates, which is a standard that specifies the format and information inside a certificate. We will be using X.509v3 certificates issues by commercial certificate providers.

Other approaches

The alternative to S/MIME is Pretty Good Privacy (PGP). PGP is not used here because it is not built into email programs and would require users to obtain and install plugins to handle it. PGP has a differnt format to S/MIME. PGP also uses a different type of certificates.

The connection from the email program to the email server (using SMTP, POP3 or IMAP) can be secured using TLS (or SSL). Unlike S/MIME or PGP, it only secures that link and it provides no security at or beyond the email server. Not all email server installations support it, but if yours does then it is a good idea to use it -- if you can work out how to configure it in your email program!

To make the experience as simple as possible, we are only going to consider certificates from certificate authorities who have their root certificates in existing mail clients. Although it is possible to create your own certificates, they will not be automatically trusted and receivers of your emails will get a warning that says the email cannot be trusted. If that doesn't frighten them, the instructions to manually install and trust your certificate probably will. Since commercial certificates are easy to obtain, there is no reason not to use them.

Summary

Public key cryptography is a simple concept once you understand it.

The key things to understand are:

This is how we use them:

To use secure email, you will need to get yourself a public and private key, and have a certificate issued with that public key in it.

Return to the overview or go to the next step of choosing a certificate provider.