Basics of email and cryptography

Public key, private key

Each human in a public key encryption system has two keys, a `public key' (Pu) and a `private key' (Pr). The Pu is publicly known. The Pr is top secret. Pr is generally stored on your hard disk, protected by a passphrase.

The fundamental fact of public key encryption is about the encryption operator e(). Encryption is done upon a message using a key. Fact: e(e(m, Pu), Pr) = m. And, e(e(m, Pr), Pu) = m. That is, a message encrypted using Pu is decrypted by pushing it again through e() using Pr, and conversely.

I want to be sure only you read my mail

I encrypt the message through your public key (which is known to me). In order to extract the original, the private key is required. Only you know your private key, so I can be sure that no snooper reads the email.

You want to be sure the message came from me and not from an impersonator

I encrypt the message through my private key (which is only known to me). You push this through my public key. If a message comes out, you know that it is from me, since nobody else could have known my private key.

Combining both elements

I write email, encrypt it through my private key, encrypt it through your public key, send it to you. You would do the dual steps -- push it through your private key and my public key. Only you can read it (since only you know your private key), and you can be sure that only I wrote it (since only I know my private key).

Mutt interface

In mutt, the 'p' keystroke accesses PGP options. Say 's' to sign only and 'b' to both sign and encrypt.

Vulnerabilities

There are several threats that need to be considered:

• At the simplest, somebody snoops on your keyboard when you are typing in your passphrase, and thus reads your private key. With this in hand, he can either generate email claiming to be you, or he can read your incoming encrypted email.
  One simple way in which this can happen is if you type in your passphrase on a telnet (un-encrypted link). For this reason, typing in your passphrase should only be done on a local computer, or over ssh.
• Keyboards emit characteristic electromagnetic radiation, and law enforcement agencies have sophisticated equipment which can remotely read the keystrokes being typed in by you. In principle, it is possible for them to know the passphrase that you are typing.
• An attacker can subvert your public key (held on my disk), and then send me email claiming to be you.

Protecting your own keys - get them signed by others

A big step forward in the safety of public keys is to sign them. The most vulnerable thing is a naked public key sitting on my disk. To make it safer, I sign it using my private key. Now an attacker needs to subvert my private key in order to tamper with your public key.

This can be carried a few steps further. For example --

$ gpg --list-sigs ajayshah
pub  1024D/B1B82EE1 2001-05-21 Ajay Shah 
sig        B1B82EE1 2001-10-24  Ajay Shah 
uid                            Ajay Shah 
sig        B1B82EE1 2001-05-21  Ajay Shah 
sig        6E25E283 2001-07-16  Viral Shah 
sig        894A158D 2001-07-19  Vikram Aggarwal 
sub  1024g/0A67E090 2001-05-21
sig        B1B82EE1 2001-05-21  Ajay Shah 

This shows that my public key (that I am holding) is signed by Viral and Vikram. Now, an attacker will have to subvert both of them, in order to attack my public key. Their public keys are, in turn, signed by many people. Such an approach yields safety.

How to sign a key

$  gpg --edit-key jeff
gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

pub  1024D/9D270AA5  created: 2000-05-30 expires: never      trust: -/q
sub  1024g/A5A77F55  created: 2000-05-30 expires: never     
(1). jeff covey 

Command> sign

pub  1024D/9D270AA5  created: 2000-05-30 expires: never      trust: -/q
             Fingerprint: 3732 CFCF 38D4 38CD D68E  5947 9B90 B6CB 9D27 0AA5

     jeff covey 

Are you really sure that you want to sign this key
with your key: "Ajay Shah "

Really sign? y
              
You need a passphrase to unlock the secret key for
user: "Ajay Shah "
1024-bit DSA key, ID B1B82EE1, created 2001-05-21

Command> quit
Save changes? y

The `fingerprint' above is crucial: I'm supposed to talk with Jeff in person or on phone and verify that the fingerprint is correct, else I'm signing a subverted key! Once this is done, I should export Jeff's strengthened-public-key back to the keyservers --

$ gpg --send-key
gpg: DBG: increasing temp iobuf from 8192 to 16384
gpg: DBG: increasing temp iobuf from 16384 to 24576
gpg: DBG: increasing temp iobuf from 24576 to 32768
gpg: DBG: increasing temp iobuf from 32768 to 40960
gpg: DBG: increasing temp iobuf from 40960 to 49152
gpg: DBG: increasing temp iobuf from 49152 to 57344
gpg: DBG: increasing temp iobuf from 57344 to 65536
gpg: success sending to `wwwkeys.us.pgp.net' (status=200)

How did he know what keyserver to talk with? I have set

keyserver wwwkeys.us.pgp.net

in the file $HOME/.gnupg/options

The PGP key servers of the net are brilliant - you just upload new information to one machine, and it will propagate to all the others in a short while. Through the above transaction, I have made Jeff's public key safer by giving it my signature (now an attacker will need to subvert my private key before he attacks Jeff's public key).

Finding out more

• Introduction to securing data in transit
• Public key encryption for dummies

Ajay Shah, 2002