Chapter II – Public-key cryptography, an overview

This is the second theoretical chapter in the discussion of email encryption. The understanding of the notions described below is paramount for the correct, practical application of email cryptography.

We will begin constructing our secure email system in Chapter III

When discussing the application of cryptography in email communication one should understand well its two functions:

  • assurance that an email sent from person A to person B can only be read by person B
  • verification that an email arriving presented as coming from person A has indeed been sent by person A

Both function are in practice executed through the application of a pair of cryptographic keys – a private and a public key. This chapter describes in layman’s terms what this means, and how it works exactly.

The public-key cryptography is often called the asymmetric cryptography because both processes mentioned above are executed using a private key on one end an the public key on the other.

Public and private encryption key

In computer based communication a cryptographic key is a set of letters, digits and punctuations signs forming a long, often fixed length “word” (although for a cryptographer this is understood as a set of 1/0 bits, which for practical reasons is only presented as letters, numbers, etc.)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keys2.kfwebs.net

mQENBFiS2roBCADS8n/3eN4LIWIoZOSvS8Hl6hoPzIzDDnDrysYk7bVQOsGaQQhUSGrupF4z
bg1P7Shf3piLsoCqG2XMGBQ+xaInitdWCjk/erVXz7ZtLcTUGfKQzfpo2uk1pzNArOIvrjBG
FCMu3LyWUHA/tKK4DQW8MQvadpYezkEIy43Kj7gRrw/q97QgVFiKLWalo6fUhnRYS8ZXY4ag
LtZzFVXZqSBaNpUrTpNaAGLxUOhXwOCEgB7FZzYO/VHkTHZq3CEwYuvcFkpe+dmKAfNNPHTo
FXj8C9ALISoUxa2dxi7HcZK9txaWXcPYzW0FZamgIeKZgZJ0TDkq2i9L5vcoO1QujZJLABEB
AAG0Jk1hcmVrIFN1bGlnYSA8bWFyZWsuc3VsaWdhQGlnYXVnYS5uZXQ+iQEyBBABCAAmBQJY
ktq6BgsJCAcDAgkQTbwOFPfCfa4EFQgCCgMWAgECGwMCHgEAAKADB/4nBpZj0yIMr9z1xrSz
NiAenhfd98bJtizxcUsJi9hAVnnXW5WAnTxkUSUz7HqutPquf7GuZECGs/w+FjYRw5GoEzfW
K0gy9tdNx2zCA6k9rjPcsfwcTtBZFNTpUIvXmNKHBdXhSOEV6SxWd8BwhiA6FaTv3Lkkt32u
YEheZ0aUKUNjIuicc1Omcyp5rcFn4BVy8V1yN7DKPxOBhZiuVmjH8GJC3c6K3zmEMXGapU4l
D60Q1ZoXLBcQ/YQS7rlSYW2pEO18yMnk8lPxvp3zTCP+XFEl+IFVK1Id3oXDK7PNlaCLZXMV
UvL30rEvygqQ87ywrJVeC/SOPrl+0k7Na5I/uQENBFiS2roBCADNfdWbaVFdqq0o/4o4HP+0
9fVf7W161XdHeZmXp1+ISPjwB3/kPTvi+132rqYIv381/WHVnazY8gqWu8zC2AI9tyhwQAbE
LGSZE0MgCBP2fjJU58zEaqGHeHechEGYNZCitGV2T8pKPLDQv20a7Je47KIPYy5/IZeun/Ky
NMivmtvNcvaZztauEE6/0rQc0uAa8YnwFzSePgFjEJ3W8vMwDZZ5DefMH5PbO7qtmWfplBdL
sZ/9ItBcnO/icEcx0nh4NCi22lBsva0IHMsjRbTHzMaB4vmYhB0z9mrpW2+9yT/bt6iL5o/P
a7RFape7RFpfF1qPS2IIO5H0bRJD9A8TABEBAAGJAR8EGAEIABMFAliS2rsJEE28DhT3wn2u
AhsMAAAuzggA0eNZTB7Cv/6oh8hoSPR7cePFJYmYv/e/hNGCnDG0vA+4O143m3uko3gp21+m
9WvaVFkisban/TlLnbYD17ivj8paqRmQ6U7PntjN1Y5h6FE3KgzKwif8csLQSO5WWytezWqB
vCFzThaRR6IAvqlLFsEeym8ian9jdOJUA14dpIn1Gj33kYPukzAthoJOsQObMutv9VD3SGVO
eC2eZ2S7innJdiym9fAgbYvgKhtwurPd//q+eG9zWl7FNy1EkB8SSTKBYs/uo5xWtHP6yiVA
wzxECRN0C+HIp8owcs2GIq1va6n+GUynvYMxuIj+dTUyqjVN43Ow18bZGpO3fmENgQ==
=bdqR
-----END PGP PUBLIC KEY BLOCK----

When setting up your encrypted email, your system will generate two such keys 1) a private key which only you will (should) have access to, and 2) a public key that everyone you want to communicate with will (should) have access to.

The two keys always work together to complete whichever process (encryption/decryption or signing/identification).

Encrypting and decrypting an email

When person A sends an encrypted email to person B the following steps take place:

  • once the content is ready, before sending, the email is encrypted at person A’s end with person B’s PUBLIC key. This key could be retrieved from a key-server (another chapter) or delivered in an email from person B or delivered as a file on a usb stick….. Bottom line is that in order for person A to send an encrypted message to person B, A has to have B’s PUBLIC key to encrypt en email to person B.
  • Once the email has arrived, person B uses their PRIVATE key to decrypt and read the email.

Since only person B holds their private key, only person B can decrypt and consecutively read the email.

A worthwhile note on the private key. All tools available today will only allow you to create your private key protected with a password. Why is it so? This protects you against anybody who may sit at your computer while you’re brewing your coffee and read your communication.  The password on your private key is independent from the password you use to log in to your email service.

Signing an email

The purpose of signing en email is the identification, or the verification of identity of the person who sent the email. The following processes happen:

  • person A signs an email with their PRIVATE key and sends it to person B. This signature it NOT the private key. It is calculated through an irreversible formula, namely, one can calculate the signature using the private key, but it is impossible to calculate the private key using the signature
  • person B’s email system matches (again through a mathematical formula) this signature to person A’s PUBLIC key and therefore verifies the senders identity.

There’s only one signature that matches person A’s PUBLIC key. And to create it, person A uses their private key. Therefore, person A is the only one that can create the correct signature.

 

Until now it should be clear that we will operate with a private and public key that work in unison. None of the processes described below can be completed using only one of these keys.

It should also be clear that the PRIVATE key has to be kept secret and protected from unauthorized access .

It should also be clear that the PUBLIC key has to be distributed to everybody who we want to communicate with.

The last thing that should be clear is that the PRIVATE key should be kept save from loosing. Once gone, we will not be able to read our email or to verify our identity when sending one.

We can replace our set of keys with a new one at any time but we have to keep in mind that 1) the content of old emails won’t be accessible any more and 2) we have to make sure we redistribute our new public key to all entities we communicate with.

 

End of Chapter II