Email encryption
Discussion
Been reading a bit about email encryption lately (GnuPG / Enigmail etc), and just wondered if there were actually any reasons for encrypting email assuming you're just doing day to day stuff, or whether it's all a bit tinfoil hat? I'm always interested in adding security to my online activities, but is this just "for the sake of it" and only necessary if you're a spy or something, or does it have practical uses? None of the FAQs I've read cover that sort of question, they just assume you already know why it's a good idea!
One question I can't find the answer to....
Say I decide to go the encryption route - what happens if I'm sending email to people who don't use any encryption? Does everyone you deal with have to have their own private key, digital certificates and so on? That's probably a really daft question.
Say I decide to go the encryption route - what happens if I'm sending email to people who don't use any encryption? Does everyone you deal with have to have their own private key, digital certificates and so on? That's probably a really daft question.
hornet said:
One question I can't find the answer to....
Say I decide to go the encryption route - what happens if I'm sending email to people who don't use any encryption? Does everyone you deal with have to have their own private key, digital certificates and so on? That's probably a really daft question.
Say I decide to go the encryption route - what happens if I'm sending email to people who don't use any encryption? Does everyone you deal with have to have their own private key, digital certificates and so on? That's probably a really daft question.
Perfectly reasonable question. Most modern mail clients will look at their list of "other people" certificates and if they find one, will use your "my" certificate and do the crypto magic, so the email is sent encrypted.
If they cant find one, it will usually drop to "digitally signed" so that the contents cannot be altered by someone else, or drop to unencrypted.
You used to be able to crash GroupWise 4 servers by sending encrypted mail into them. Which was fun.
Internet email is like conducting all your correspondence with postcards. Anyone who handles the mail along the way (your ISPs mail server and all the servers "en route"
can read your mail.
In order to use crypto mail, you have to have swapped keys (if using Public Key, aka asymmetric encryption) or agreed on a common key (if using symmetric encryption). In practise, most systems use public key to exchange a symmetric "session key", since the maths involved in most public key cryptosystems is a bit hard for your average PC.
PGP Corporation's (not to be confused with PGP, the software) "PGP Universal" product deals with emails sent to a recipient for which the sender has no key by intercepting the email, sequestering it in a web-based mailbox, then sending a plain text email telling the recipient how to access it.
can read your mail. In order to use crypto mail, you have to have swapped keys (if using Public Key, aka asymmetric encryption) or agreed on a common key (if using symmetric encryption). In practise, most systems use public key to exchange a symmetric "session key", since the maths involved in most public key cryptosystems is a bit hard for your average PC.
PGP Corporation's (not to be confused with PGP, the software) "PGP Universal" product deals with emails sent to a recipient for which the sender has no key by intercepting the email, sequestering it in a web-based mailbox, then sending a plain text email telling the recipient how to access it.
zumbruk said:
Internet email is like conducting all your correspondence with postcards. Anyone who handles the mail along the way (your ISPs mail server and all the servers "en route" can read your mail.
In order to use crypto mail, you have to have swapped keys (if using Public Key, aka asymmetric encryption) or agreed on a common key (if using symmetric encryption). In practise, most systems use public key to exchange a symmetric "session key", since the maths involved in most public key cryptosystems is a bit hard for your average PC.
PGP Corporation's (not to be confused with PGP, the software) "PGP Universal" product deals with emails sent to a recipient for which the sender has no key by intercepting the email, sequestering it in a web-based mailbox, then sending a plain text email telling the recipient how to access it.
can read your mail. In order to use crypto mail, you have to have swapped keys (if using Public Key, aka asymmetric encryption) or agreed on a common key (if using symmetric encryption). In practise, most systems use public key to exchange a symmetric "session key", since the maths involved in most public key cryptosystems is a bit hard for your average PC.
PGP Corporation's (not to be confused with PGP, the software) "PGP Universal" product deals with emails sent to a recipient for which the sender has no key by intercepting the email, sequestering it in a web-based mailbox, then sending a plain text email telling the recipient how to access it.
I can see a problem with the plain text email thing.....were I to get a message in my inbox saying "click here to access an encrypted email", I'd immediately think "phishing attack!" or somesuch other scam.
I'm not sending anything sensitive or sinister, but I'm of the opinion that I'd just like stuff kept private.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff