Encrypted e-mail question

John Massengale wrote:
> If I send my digital signature to tommac.com, so that he can read my
> encrypted e-mail, and the message with the signature is intercepted by
> sarahmsn.com, will she also be able to read my encrypted e-mail?

Yes. That's why it's not done that way. You encrypt with the
recipient's public key, and sign with your private key. That way only
tommac.com (should) have the key that can decrypt the message, and he
knows it must be from you because only you (should) have the key that
signed the message.



--
Paul Schinder
schinderpobox.com

On 1/3/2007 8:51 AM, "John Massengale" <johnmassengale.com> spake thus:

> If I send my digital signature to tommac.com, so that he can read my
> encrypted e-mail, and the message with the signature is intercepted by
> sarahmsn.com, will she also be able to read my encrypted e-mail?

No, that's not how it works. You've basically got the process backwards ---
if it did work the way you describe, then yes, it would be a problem. What
actually happens is that the encryption side of things is essentially
controlled by the *recipient*, not the sender.

There are two parts to this kind of encryption: a public key and a private
key (a digital signature uses the same keys, but isn't a key in itself). Tom
sends *you* his public key (as a certificate) and keeps his private key
secret. If you use Tom's public key to encrypt messages, only he can read
them, because you need the private key to decrypt. Keeping the private key
secret is therefore essential. If Sarah intercepts the public key, all that
enables her to do is send encrypted messages to Tom.

--
Nigel Stanger, Dunedin, NEW ZEALAND.
http://xri.net/=nigel.stanger

On Feb 28, 2007, at 11:51 AM, John Massengale wrote:

> If I send my digital signature to tommac.com, so that he can read my
> encrypted e-mail, and the message with the signature is intercepted by
> sarahmsn.com, will she also be able to read my encrypted e-mail?

No, it doesn't work that way. Public keys, not private keys, are
used to encrypt mail. When you encrypt a message meant for Tom, you
use Tom's public key. Since only he has the private key, only he can
decrypt the message.

On 2007-03-01, at 08:51, John Massengale wrote:

> If I send my digital signature to tommac.com, so that he can read my
> encrypted e-mail, and the message with the signature is intercepted by
> sarahmsn.com, will she also be able to read my encrypted e-mail?

Other people have answered this question, but I recommend the
Security Now podcast which covered this in the episode on Public Key
Cryptography.

Don't let the web page put you off. This is a great technical
podcast (very appropriate for this group) and has also included
things like DRM, spam, how to secure your system, and how the
Internet works.

<http://www.grc.com/securitynow.htm>

(Transcriptions available and latest episodes also in the iTunes Store)

On 2/28/07 11:51 AM, "John Massengale" <johnmassengale.com> wrote:

> If I send my digital signature to tommac.com, so that he can read my
> encrypted e-mail, and the message with the signature is intercepted by
> sarahmsn.com, will she also be able to read my encrypted e-mail?

There is some good general info on Using Digital Signatures (Getting started
with S/MIME) here:

<http://www.entourage.mvps.org/smime/index.html>

--
Diane Ross, Microsoft Mac MVP
Entourage Help Page
<http://www.entourage.mvps.org/>
One of the top five MS Entourage resources listed on the Entourage Blog.
<http://blogs.msdn.com/entourage/>

On Feb 28, 2007, at 11:51 AM, John Massengale wrote:

> If I send my digital signature to tommac.com, so that he can read
> my encrypted e-mail, and the message with the signature is
> intercepted by sarahmsn.com, will she also be able to read my
> encrypted e-mail?

No. If you send someone a signed message that contains your digital
certificate, that does not enable them to read encrypted email from
you. That enables them to send you encrypted email.

Here's a summary of how encrypted email works:

- You acquire a public/private key pair. Your public key can be
shared openly, your private key must remain secret.

- You can sign messages using your private key. Other people can use
your public key to verify that a given message was signed by you --
at least, that it was signed by someone with your private key, and
since you keep it secret (right?) it must have come from you.

- Other people encrypt messages they send to you, using your public
key. You decrypt them using your private key.

- To send an encrypted message to someone else, you need their public
key.

- A public key is usually transmitted to others within a certificate,
which provides other information, such as the email addresses for
which this certificate is considered valid. All of this information
is public and may be shared openly.

- To get the ball rolling, you and your correspondents typically send
each other signed messages that contain your certificates (which
contain your public keys). Then, you can send each other encrypted
messages using the recipient's public key.

Note that if you send an encrypted message to multiple recipients,
the message content will be encrypted separately for each recipient,
using each of their public keys. Those recipients won't be able to
read the copies of the message that was sent to others, since
decrypting requires the recipient's private key.

Also note that you do not typically send your certificate to others
as an explicit message attachment. Instead, you send a signed message
that contains your certificate in a special format that can be
automatically recognized by the recipient's email software. For
example, Mail automatically copies certificates within incoming
signed messages to the Keychain without any further user action.

Note that some email clients (e.g., Entourage) have an "include my
certificate when sending signed messages" option. Make sure this is
on. Mail always sends your certificate in signed messages.

--
Chris Page - Super Happy Fun Engineer

  Do not taunt Super Happy Fun Engineer.

--On February 28, 2007 11:51:04 AM -0800 John Massengale
<johnmassengale.com> wrote:

> If I send my digital signature to tommac.com, so that he can read my
> encrypted e-mail, and the message with the signature is intercepted by
> sarahmsn.com, will she also be able to read my encrypted e-mail?

Others have pointed out how encrypting an e-mail works but you also mention
a signature. That is a separate, but related issue to encyrption.

Encrypted e-mail is like a letter mailed in an envelope. Envelopes are
easier to open than encryption, but to read the letter you have to break
the envelope/encryption.

A signature is more like a notary seal on your real signature. Generally
when you sign documents you don't care who can read them, or it's actually
beneficial that the document can be read (do you want the deed to your land
encrypted so no one can read it?)

Signing an electronic document adds an encrypted block to a message
(leaving the original message unencrypted), the encrypted block is created
with YOUR PRIVATE key (this is the opposite of encrypting e-mail). This
means your PUBLIC key will decrypt the block. Since the public key decrypts
it means anyone with your public key (and trusts that it is YOUR public
key) can be assured that the document was signed by you. Further the
encrypted block contains information about the original message that can be
used to verify the document was not modified.

Kevin

Thanks to everyone for all the info, which has been helpful.

To be clear, there is no way that if sarahmsn.com can intercept my e-mail
and tommac.com's e-mail (perhaps through webmail?) there is no way she can
set things up so that she can download my e-mail to tommac.com or his
e-mail to me and use the certificates she has intercepted to read our mail?

If she has all the certificates and sets up a computer to use our addresses,
she can can't read the mail? It's not that hard for me to put a certificate
on another computer.

John

On Mar 6, 2007, at 11:33 AM, John Massengale wrote:

> To be clear, there is no way that if sarahmsn.com can intercept my
> e-mail
> and tommac.com's e-mail (perhaps through webmail?) there is no way
> she can
> set things up so that she can download my e-mail to tommac.com or his
> e-mail to me and use the certificates she has intercepted to read
> our mail?

Correct. Unless Sarah manages to steal your PRIVATE keys, she cannot
decrypt the email, regardless of how she intercepts it.

Since the private key is never transferred over email (only the
public key is EVER shared), your email is safe. (Barring, of course,
the possibility of Sarah or another hacker penetrating your computer
and stealing the keys -- not much you can do to protect against that
level of theft.)

--Nik

--On March 6, 2007 10:33:12 AM -0800 John Massengale <johnmassengale.com>
wrote:

> Thanks to everyone for all the info, which has been helpful.
>
> To be clear, there is no way that if sarahmsn.com can intercept my e-mail
> and tommac.com's e-mail (perhaps through webmail?) there is no way she
> can set things up so that she can download my e-mail to tommac.com or his
> e-mail to me and use the certificates she has intercepted to read our
> mail?
>
> If she has all the certificates and sets up a computer to use our
> addresses, she can can't read the mail? It's not that hard for me to put
> a certificate on another computer.

There are 2 keys (or certificates) for each e-mail. If you've kept your
private key truly private, and the encryption method is a reasonably modern
method with a reasonable bit length, then no sarahmsn.com won't be able to
read your encrypted mail, no matter how the e-mail is intercepted.

If she has a copy of your private certificate, then she can read any
message sent to you. She still won't be able to read e-mail you send to
someone else (because it is encrypted with THEIR public key, and she
doesn't have their private key to decrypt it.)

if she has private keys from both sender and receiver then she can read
messages in both directions.

There is another scenario that can be used to read your e-mail. Suppose
you send your public key to tommac.com, unencrypted and sarahmsn.com
intercepts it. She can then pull out your public key, and replace it with
her own public key and send the message on its away to tom. Then when tom
uses what he thinks is your public key to send a message, sarah intercepts
this, decrypts the message, reads it, re-encrypts it with YOUR public key,
then sends it on to you. You decrypt the message without realizing it
passed through Sarah on the way to you. This attack is called a
man-in-the-middle attack.

On 6-Mar-2007, at 11:33, John Massengale wrote:
> If she has all the certificates and sets up a computer to use our
> addresses,
> she can can't read the mail? It's not that hard for me to put a
> certificate
> on another computer.

If she has ALL the certificates of course she can decrypt anything at
all.

But no one ever ever ever should have your private key but you.

On Mar 6, 2007, at 8:50 PM, Google Kreme wrote:

> If she has ALL the certificates of course she can decrypt anything at
> all.
>
> But no one ever ever ever should have your private key but you.

And the public key is as public as you want to make it. You can
print it out and post it on power poles all over town. (Well, not in
Seattle, but it's cryptographically safe to do so, misdemeanor or not.)

   --John

--On March 6, 2007 8:48:21 PM -0800 Nik <gerberinik.net> wrote:

> Since the private key is never transferred over email (only the
> public key is EVER shared), your email is safe. (Barring, of course,
> the possibility of Sarah or another hacker penetrating your computer
> and stealing the keys -- not much you can do to protect against that
> level of theft.)

Depending on your level of paranoia, there are other ways than penetrating
your computer that might be used to recover your keys.

For example, do you use Apple's Backup program to backup your keys to the
.Mac server? If so, are they keys encrypted on their server? Are they
encrypted during transit to Apple's servers? Do you use some other
internet backup program? If so, what types of encryption do they use?

Do you backup to your iPod? Have you lost your iPod (I've lost one, it had
an PGP encrypted backup of all my finances on it, but not the keys!)

Not so much a concern for individual users, but several companies have lost
their backup tapes in transit to offsite storage. Of course the concern
there is all the unencrypted data on the tapes, not just potential that
there may be private encryption keys on the tapes.

On 9-Mar-2007, at 09:18, Kevin van Haaren wrote:
> For example, do you use Apple's Backup program to backup your keys
> to the
> .Mac server? If so, are they keys encrypted on their server? Are they
> encrypted during transit to Apple's servers?

I believe that Apple Backup does, in fact, encrypt everything. I've
certainly never had any success getting to a file in a backup set
without using backup to extract it.

[Backup stores files in disk images inside packages but does not encrypt them (nor does it encrypt data in transit). If you know what you're doing <cough>read my .Mac book</cough>, you can get at your files in the Finder. -jk]

> Not so much a concern for individual users, but several companies
> have lost
> their backup tapes in transit to offsite storage. Of course the
> concern
> there is all the unencrypted data on the tapes, not just potential
> that
> there may be private encryption keys on the tapes.

This is why laptops with sensitive information and backups, and
anything remotely portable that has sensitive information on it
should be protected by good passwords and god encryption.

On Mar 10, 2007, at 12:02 PM, Google Kreme wrote:

> should be protected by good passwords and god encryption.

I'll bet even the NSA can't break "god encryption" :-)

-Dave

On Mar 10, 2007, at 2:02 PM, Google Kreme wrote:

>
> This is why laptops with sensitive information and backups, and
> anything remotely portable that has sensitive information on it
> should be protected by good passwords and god encryption.

So that's what they mean when they say: May the gods protect you.

On Mar 6, 2007, at 20:50 PM, Kevin van Haaren wrote:
> There are 2 keys (or certificates) for each e-mail.

On Mar 6, 2007, at 20:50 PM, Google Kreme wrote:
> If she has ALL the certificates of course she can decrypt anything
> at all.


Point of terminology: Certificates do not contain private keys.

A public key may be placed into a digital certificate to share with
others, but a private key must never be placed in a certificate. In
fact, if you look up digital certificates on Wikipedia, you'll see it
forwards to the entry titled "Public key certificate":

   <http://en.wikipedia.org/wiki/Digital_certificate>

A digital certificate contains a public key and some other
information, including who it belongs to, who issued it, and what it
may be used for (e.g., email encryption, verifying signatures,
issuing other certificates). This information is used by someone else
to verify that it is your public key and that it is valid for the
desired purpose.

There are other, standard types of files that can be used to store
private and public keys, but they are not the same as digital
certificates and should never be sent to others.

--
Chris Page - Software Wrangler

  That’s “Chris” with a silent *and* invisible “3”.

On 12-Mar-2007, at 13:15, David Emme wrote:
> On Mar 10, 2007, at 12:02 PM, Google Kreme wrote:
>
>> should be protected by good passwords and god encryption.
>
> I'll bet even the NSA can't break "god encryption" :-)

They can't even break good encryption.

At 4:09 PM -0700 3/12/07, Google Kreme wrote:
>On 12-Mar-2007, at 13:15, David Emme wrote:
>> On Mar 10, 2007, at 12:02 PM, Google Kreme wrote:
>>
>>> should be protected by good passwords and god encryption.
>>
>> I'll bet even the NSA can't break "god encryption" :-)
>
>They can't even break good encryption.

Welll... I do know people who worship at the altar of Whitfield Diffie, but
I don't think he likes it much...

Cheers,
RAH

-----------------
R. A. Hettinga