By Kurt Seifried, [email protected], Copyright Kurt Seifried
Email is the killer application that made the Internet grow at first (the second killer application would probably be the web which makes sharing information on a one to many basis easy). Currently several billion messages a day are passed over the Internet. It is no longer uncommon to get 20 or even 200 emails a day for some people, a number that would have been quite amazing a few years ago. The percentage of email that is actually readable by an attacker, or that can be manipulated while in transit with little chance of discover is close to 100%.
There are two main issues with email encryption, this first is digitally signing email, the second is encrypting email. With digital signatures on an email you can prove the sender identity, and that the message was not tampered with while in transit. Imagine if you were to send a price quote via email to someone, and someone tampered with the numbers (say raised them to a larger amount then their quote), thus getting that contract (because they appear to have the cheaper price). The other aspect is encryption of sensitive messages, you would not write down the results of a medical exam and send it to someone on a postcard, nor should you send it via unencrypted email. Even if no malicious attacker reads it when it is sent, chances are that message will be stored in a back-up of server data, and at some point in the future someone could read it. If the message were encrypted however this would be much more difficult.
With Windows you have two main choices for signing and encrypting email with the standard mailers (Netscape, Outlook, Outlook Express, Eudora, etc.). The first is an X.509 digital certificate, and the second is PGP (or GnuPG in the future) and there is a web based encrypted email service available.
X.509 digital certificates are extremely easy to use, and most mail clients have built in support, so there is no need to get a software package such as PGP and install it at both ends. X.509 certificates from Verisign cost $14.95 US a year, and must be renewed on a yearly basis. If you are in a sufficiently large company, and you are primarily concerned about intra-company email, you can also buy Certificate Authority software and issue certificates to your own employees (the initial cost is quite high, and maintenance is expensive, however it can be more economical and easier to control then relying on a third party such as Verisign).
The certificate can be stored on the client machines, however this is a really bad idea (it's so bad in fact I decided to put this at the very beginning of the explanation). You can easily generate an X.509 certificate, take the file and load it into a client machine (typically the mail program or www program can make use of it). This however makes the assumption that only one person will be using the workstation, and that the machine cannot be misused by others. This is really only useful on a home PC (that is secure), or if you lock your office door and never let anyone in and have a secured PC. In a business environment the certificates could be useful as identification of the machine (but not as identification of the user), in Internet Explorer for example you can mark the private key non-exportable, meaning to copy the certificate off the client workstation and put it on another will slow down most attackers. In other words digital certificates loaded onto client machines are useless, in fact they can be worse then useless because they are usually not protected sufficiently (i.e. with a passphrase) so an attacker can steal the certificate and impersonate the user. The better solution is to store the X.509 certificate on a smartcard, this allows a much more secure method of generating and storing certificates, as well as being far more portable. The main problem currently with smartcards is the lack of smartcard readers on computers (although some companies like Siemens ship them as a relatively standard option) and the cost of a good smartcard and reader ($100.00 USD is not out of question). There are also a wide variety of smartcards, ranging from ones that simply store data (and are not secure) to ones with built in random number generators, encryption chips, storage, and have been built to be tamper resistant (these cards cost $25 USD each typically). An additional benefit of these cards is you can use them for logging in to a wide variety of services (Windows 2000 has smartcard support for logins), and are quite easy to use.
To get a certificate simply go to Thawte or Verisign (please note Verisign just purchases Thawte), and follow the instructions online. The process is rather simple, you prove your identity to them (via name, birthday, SIN number, etc.), pay for the certificate (via credit card, online), and then you generate the certificate locally (a private and public key pair), and then send the public key to them. They take the public key, add your information (name, email address and so on), and then sign it with their private key. In this way anyone with a common mail client can verify your key is legitimate, since most mail clients will have Verisign's and Thawte's public keys built into them. If you want real security I would advise buying a smartcard and smartcard reader. Currently Thawte is running a promotion with Datakey, you can purchase a Datakey smartcard, card reader, software, and Thawte personal certificate for $89.95 (USD). This may seem expensive but consider that the certificate is generated on the card, stored on the card, and cannot leave the card, in addition to this you need a password to access it, making it as secure as you can get without spending a ridiculous amount of money. I would recommend this kit, I actually own one and use it to sign all my email, it is very easy and convenient to use, as well as being portable, in a secure fashion.
Pretty Good Privacy was one of the original programs that made email encryption possible, however it was difficult to use, had to be installed by the user (unlike email clients shipping with X.509 support), and was generally a pain to use. This has changed in recent years, with the current version of PGP at 6.5.2, integrating it with most mailers (Outlook, Netscape and Eudora notably) is a painless task, even for novice users. PGP is available for free for non-commercial usage, and there are two commercial versions available from Network Associates (who also distribute the free version). Commercial PGP was historically only available in the US and Canada, however it was recently granted an export license which should help it's acceptance in other countries. The free version of PGP comes in two flavors, one with and one without patented RSA components. If you are within the US or Canada you can use the free version of PGP from here. If you are outside the US or Canada you can get the International version of PGP here, or potentially buy a commercial copy soon of either PGP Personal privacy or PGP Desktop Security (has some extra bells and whistles). Once you have downloaded the software simply double click on it to install, you will be lead through a rather normal Windows software install, however when you get to the components choice box you should uncheck anything you do not plan to use, especially support for mailers you do not have since PGP will be unable to find them, and the install will complain. Also if you do not need the VPN client, do no install it, it has a tendency to cause networking issues (small glitch like problems). The install will prompt you to either import an existing keyring (which if you are new to PGP you will not have), or create a new set of keys. I would advise using a 1024 or 2048 bit keylength for "daily" use, 4096 bit keys are slow to use and realistically if an attacker can factor a 2048 bit key in a reasonable amount of time they have probably found some flaw in PGP. You should send your keys to the keyserver when prompted to do so, as it will make it possible for other people to get your keys without having to go to you (so for example if I receive email from you, and I see it is PGP signed, I can retrieve your key from a keyserver and verify the signature, and in turn encrypt my reply to you).
If you want to find someone else's key either right click on the PGP tray icon and choose "PGPKeys" or go to the Windows Start menu and select "PGPKeys". Once in PGPKeys you select "Server", "Search", select a keyserver (ldap://certserver.pgp.com is a default so many people use it), and enter the email address you are searching for, it should be in the User ID of their key (since email addresses area relatively unique identifier). You will be present with a list of keys matching your criteria, simply right click on the key you wish to have, and choose "Import", and that is it. When you use this key to verify digitally signed email from the person the mail software will complain about it being an untrusted key, by default foreign keys are untrusted unless they are signed by someone you trust (such as a friend, or yourself). To get rid of this (i.e. I and my boss exchange a lot of encrypted email), sign their key with a non exportable signature, in "PGPKeys" simple right click on the key, choose "Sign", do NOT check the box saying "Allow signature to be exported. Others may rely upon your signature", and then choose the key to sign it with, and enter your password. You should never sign a key with an exportable signature unless you have met face to face with the person, proven your ID to each other, and then signed your keys.
When signing and decrypting email you will be prompted for your password, which can be annoying, PGP can cache the password, however be careful. If you enter your password and then leave your email client running and leave the computer unattended someone could use it and send email from you that is digitally signed (thus impersonating you). If you turn on the password saving feature you should be careful to always shutdown your mail client when you leave the computer unattended. To set the cache time simply go to the PGP settings (in Outlook it is "Tools", "PGP", "Options", then the "General" tab), and simply set the cache time to an appropriate length. If you want to be safe do not cache the signing passphrase, this way you can read email encrypted with your private key and not have to enter the password for your private key constantly, but you will be prompted for your password when you try to send signed email.
GnuPG for Windows is planned however not yet available (well it is, but it's not terribly user friendly yet).
Hushmail is a new contender in the web based email wars. It however offers something that none of the other web based email sites offer, and that is signed and encrypted email to other Hushmail users. Hushmail uses a java applet that is downloaded to your PC with your keypair, when you send and receive email within Hushmail it is signed and encrypted, providing for a high degree of security despite it's web based nature. Hushmail is a free and easy solution to use, and has the added advantage of being much more portable then X.509 certificates or PGP (you don't even need a mail client, you only need a Java and SSL capable web browser). The primary problem with Hushmail is proving your identity, as far as I know Hushmail does not check the users identity, so unless you establish the persons identity through some other channel like a face to face meeting where you verify each other's key fingerprints, you could be dealing with anyone (this problem is endemic however, as impersonating someone to get an X.509 certificate in their name is not impossible). The Hushmail Java applet source code is also available, so you can compile it and verify that this is indeed the binary that Hushmail is using (so you can inspect the code for problems, etc.).