Mac Security 101
applemacpunk@cox.net
Secure Email: Encryption Basics
by Kale Feelhaver aka: Applemacpunk
Secure email is a phrase that is often used, but rarely understood. In reality, secure email is a combination of digital signing and encryption. A digital signature is used to verify the integrity of the message and encryption is used to protect the contents. Neither of these are lightweight concepts, and putting them together makes them even harder to understand. This article is meant to provide a high level view of encryption and show how it relates to secure email.
Before exploring encryption, letÕs look at the basic email process and spot some flaws. You want to send an email to Jim and another one to Cindy. These emails are sent using the normal unencrypted method. If Jim intercepts CindyÕs email, he can read it and change it. Jim can then deliver the modified message to Cindy, and she has no way to verify that Jim changed it. As far as Cindy knows, she is receiving the letter you sent her. Even if Jim doesnÕt want to change it, he can still read the message, which was intended only for Cindy. There are 2 major flaws here. First, Jim is able to ready CindyÕs email, and second, Jim is able to modify CindyÕs email without her knowing. Secure email is designed to fix these flaws. In order to understand secure email, you must first know a little bit about encryption, and how it works.
There are many types of encryption, but for the sake of this article, I will concentrate on three basic types: asymmetric encryption, symmetric encryption, and hash encryption. Think of encryption as a lock box, and an email as a letter. You can physically put a letter inside a lock box and deliver the lock box to the recipient. Using this analogy, think of symmetric encryption as a lock box that has a single key. The same key can be used to lock and unlock the box, and you can make as many copies of that key as you want. So, essentially if you want to send a secured letter to Jim and Cindy, you have to put the letter in the box, lock it, and make sure that both Jim and Cindy have a copy of the key. When they receive the box, they can unlock it and get the letter from inside. The concept is simple, but it has a major flaw. Jim can retrieve CindyÕs letter, and Cindy can retrieve JimÕs letter. Essentially, anyone who has the key can open the box.
Asymmetric encryption uses 2 keys. One key is used to lock the box (this key can be copied). The other key is used to unlock the box (this key cannot be copied). Together the keys are called a key pair. The first key is called the public key (because it can be copied) and the second key is called the private key (because there is only one). Using the above example, Jim and Cindy will each create their own key pair. They will each retain their private keys and give you a copy of their public keys. Now if you want to send a letter to Jim, youÕll lock the box with his public key. When he receives it, heÕll be able to open the box (with his private key) and get the letter. If Cindy intercepts the box (or it is delivered to her by mistake) she will not be able to open the box, because her private key will not open it. Only JimÕs private key will open the lock.
Hash encryption is one-way encryption. This means, once it is encrypted it cannot be decrypted. This type of encryption is not used to secure the contents of the letter, but to verify its integrity. In other words, there are no shared keys because the box will never need to be unlocked. Instead of thinking of this type of encryption as a box, letÕs think of it as a translator. If you write a letter to Cindy (in English) and translate it into Spanish, this works like a hash encryption. Now you can send both copies of the letter (English and Spanish) to Cindy. When Cindy receives the letters she can use her own translator to translate the English letter into Spanish. Then she can compare your Spanish letter to her Spanish letter to see if they are the same. If the two match, she has verified the integrity of the letter you sent. If the two donÕt match, she knows someone mustÕve intercepted the letter and changed it while it was in transit. This process is known as digital signing.
LetÕs apply two of these concepts to get a basic idea how secure email works. Cindy creates a key pair and gives you a copy of her public key. You write her a letter (in English) and translate it into Spanish. You then put the English copy of the letter into a box and lock it using her public key. For argument sake, weÕll say the box can only hold one letter, so you tape the Spanish copy to the outside of the box. Now you can send the box to Cindy. When she receives it, she can unlock the box with her private key and get the letter from inside. She notices the Spanish copy of the letter (taped to the outside) and proceeds to translate the English copy into Spanish. She then compares your Spanish copy to her Spanish copy. The two match. She is now satisfied that this letter is secure and she proceeds to read it.
NowÉ what happens when you bring Jim back into the scenario? Lets say you accidentally deliver the box to Jim by mistake. Jim will not be able to open the box because he does not have CindyÕs private key. Therefore, he cannot read the letter inside. However Jim can see the Spanish copy of the letter taped to the outside of the box. Jim proceeds to modify the Spanish copy because he wants to fool Cindy. After he has modified it, he delivers the box to Cindy. She unlocks the box with her private key and gets the letter from inside. She then proceeds to translate this letter into Spanish. She compares her translation to the one taped to the box and notices that they do not match. She then realizes that even though this message is encrypted, she cannot verify it, so she contacts you and asks you to resend it.
I know what youÕre thinkingÉ if Jim can read Spanish, he can still read the contents of the letter. This is true, but keep in mind this analogy is for illustrative purposes only. In reality, our ÒSpanish letterÓ is actually translated into a language that nobody can read. Remember, hash encryption is one-way only, so it can never be translated back into a readable format. Think of it as a special Spanish dialect that can be translated from English, but never back into English.
Take these fundamentals, and apply them to the secure email scenario. You want to send a secure email to Cindy. First Cindy sends you her public key. Next, you compose your message. After that, you take that message and run it against a hash algorithm producing 2 copies. The original copy (hereafter referred to as the clear text message) and the hashed copy (hereafter referred to as the message digest). You then take the clear text message and encrypt it with CindyÕs public key. This encrypted message is called a cipher text message. Now you can send both copies to Cindy. When she receives the messages, she uses her private key to decrypt the cipher text message back into a clear text message. She then takes the clear text copy and runs it against a hash algorithm to produce her own message digest. Cindy can now compare her message digest to your message digest to make sure they match. If they match, she proceeds to read the clear text message. It sounds like a lot of steps, but in reality, it happens very fast.
There are several email encryption programs available on the Mac. One of the oldest and most well known is a product called Pretty Good Privacy (PGP). PGP is an application that runs on your Mac and allows you to easily send and receive secure email. It can be purchased from the PGP Online Store. In the scenario above, letÕs say you and Cindy are both using PGP. You both have to share your public keys with each other before sending email. This is critical to the functioning of the software. One of the nice things about PGP is that it is 100% cross platform. You can send secure messages to Windows users, and (as long as the have PGP) they can read/verify them. Once you have exchanged public keys (the public key is a small text file which can be imported in the PGP application), you are ready to begin exchanging secure email. You will write you message normally, and then use PGP to encrypt/sign the message. Once encrypted, the message will not be in a readable format. The email will be sent in this format. When Cindy receives the message, she can use PGP to decrypt/verify the message and translate it back into readable text.
If you feel confused, thatÕs okay. Secure email is not a lightweight topic, and this article does not get into the intricacies of the process, it is meant only to provide a high level view. I am planning on writing a future article on Certificate Security that will further build upon the concepts in this article. If you take anything away from this article, know that secure email is a two-part process (encryption and digital signing) and that key pairs utilize two keys (one that is shared and one that is not). Once you have a good grasp on those conceptsÉ everything starts to fall into place. So next time you hear someone talk about encryption, think of Cindy and the lock box scenario. Make sure to watch out for Jim.
[Editor: By the way, Leo LaPorte and Emery Wells over at MacBreak also took a stab at explaining how ÒeasyÓ Email encryption is on the Mac in Episode #6 http://macbreak.com/index_copeland.php]
