digitally signed email

By anders pearson 05 Jul 2004

since i digitally sign all of my outgoing email, i’m often put in the position of having to explain what digital signatures are and why one might want to use them. i’ve tried to find a good explanation on the web aimed at the layperson, but i haven’t found anything decent yet, so here’s my best shot at it.

summary: digital signatures are a way of ensuring that a document (such as an email) is from who it says it is and hasn’t been tampered with along the way.

the first thing that you should understand is that email is not at all secure. email protocols were designed back when the internet was used almost exclusively by the military and academic communities. it was a trusting environment and there wasn’t much thought given to malicious hackers. the result is that it is trivially easy to forge email. any clever 12 year old could probably show you how. ie, just because the ‘From:’ line of an email says the message is from grandma, doesn’t mean that it is. many of the Outlook worms that are floating around trick people into opening them by forging the ‘From:’ field so it looks like a message from a friend.

it’s also not very difficult for someone in the right position to change the contents of an email. as an email travels from the sender to the recipient, it usually passes through several different mail servers. anyone with administrative access (legitimate or not) to any of the servers on the path could substitute their own message and no one would be the wiser. another consequence of the insecure design of email systems is that there is no privacy. along the way there are many chances for nefarious people to read the email that you send. you should never write anything in an email that you wouldn’t be comfortable writing on the back of a postcard.

i shouldn’t really have to explain why this can be dangerous. there are an endless number of bad things that a criminal can do when they can impersonate someone. use your imagination or just google for “identity theft”.

now, perhaps you can see the need for some way of being sure that an email really is from who it says it is. this is what digital signatures do. i won’t try to bore you with too much explanation of how it works, but at a surface level, it’s fairly straightforward.

when you sign a message, it makes use of a ‘key’ that is unique to you. actually the key has two parts, both just extremely large numbers; one public, which anyone in the world can look at, and one private which only you can see and should be kept as a carefully guarded secret. the two parts are related to each other with a special mathematical relationship, but knowing the public key won’t give away any clues about the private key. indeed, to be useful, you need to make your public key widely available. mine is online here and there are servers on the web that just host public keys. my public key could also be downloaded from one of them here.

when a message is signed, it’s converted to a number (on a computer, everything is stored as a number at some level anyway, so this is a no-brainer) and a mathematical operation is performed using the message’s number and the sender’s private key. the result is the ‘signature’ of the message and it gets sent along with the message. if even a single byte of the message changes, the signature would be entirely different. since the private key was involved in the operation, no one else could generate the same signature for the message without stealing your private key. the actual math involved is fairly advanced and i won’t try to explain it here. the important part is that there is a similar operation that anyone else can perform using the message, the signature, and the public part of your key that will tell them whether the signature was really generated using the public key’s private counterpart (remember that there is a special mathematical relationship between the public and private keys). ie, they can use the signature and your public key to verify that it was signed with a particular key and hasn’t been modified since it was signed.

that’s a very rough sketch of the theory behind it. if you really want to understand more, read this introduction to cryptography and then just start googling. now for some more practical information. there are two main approaches to digitally signing email: PGP and S/MIME. both have their strengths and weaknesses. PGP is more ubiquitous and it’s what i use, so that’s what i’ll explain and recommend. both also let you encrypt email (solving the privacy problem), but for that, both the sender and recipient need to have keys. actually, the primary purpose of both is encryption, but i think that for most people, handling signatures is a more pressing need.

PGP stands for ‘Pretty Good Privacy’ and is pretty well known. it can be downloaded from pgpi.org for free. there are also commercial versions available and the open source GnuPG, which is what i use. if you want to sign your emails or verify the signatures of others’, download one of those and read its manual to see how you go about setting it up. if you plan on using it very frequently (which you should), you’ll want to figure out how to integrate it with your email client. i can’t possibly cover every possible combination of mail client + PGP implementation. usually doing a google search for “your mail client + PGP” or something will lead you to a plugin and tutorial. eg, this page covers PGP + MS Outlook and enigmail is a plugin that will let you use PGP with mozilla thunderbird. if you use web-based mail like hotmail or yahoo, you’re pretty much out of luck. sorry.

one important point that i should also make is that if you start signing your email, you should get in the habit of signing all of it. if your correspondents get used to receiving unsigned email from you, they’ll have no reason to be suspicious if they get something forged. if you sign everything and they receive an unsigned email claiming to be from you, they might think twice before trusting its validity. i sign every email i send (with the exception of posts to a particular mailing list that blocks all attachments). if you get an email from me that isn’t signed, assume that it’s not really from me and verify things through some other channel.

i should also mention that some email clients (particularly Outlook) don’t always handle signed messages very gracefully. the signature shows up as a small plaintext attachment with a ‘application/pgp’ content-type. this can appear quite mysterious. Outlook even warns the user that since it doesn’t know what it is, it might be a virus (of course, had it actually been a virus, Outlook would have just infected itself and not said anything, but that’s a different rant). this is why i find myself having to explain digital signatures on a pretty regular basis.

as an added incentive to start signing your mail, keep in mind that if everyone always signed their mail and it was expected, spam could be pretty much totally eliminated.

Tags: security cryptography email pgp digital signatures