Securing modern communications in the internet require encryption. Existing electronic communication systems can be eavesdropped by a variety of parties. Examples of those parties are employers, ISPs, law enforcement agencies and national security agencies.

Many of the communication systems (email, instant messaging) communicate in the internet without using any encryption or user cannot affect the encryption between sending and receiving of the message. The user should also take into account how reliable the communication system vendor is. The Email or IM vendor may store or forward unencrypted version of the message to third party without user acknowledgement.

Encrypted / Unencrypted channels in email communication.

Instead of relying to automated encryption and decryption of the message, user should only send sensitive information encrypted in to the email or IM system. In that case user do not need to worry if communication media or vendor is compromised.

Encrypted communication.

There are currently few popular solutions available, one commercial and two open source products. Email encryption started in the ’90 with Pretty Good Privacy (PGP) which was later acquired by Symantec. After PGP went commercial PGP’s creator Phil Zimmerman felt that public key encryption should have standard and created OpenPGP standard with IETF. List of OpenPGP software can be found from here. Many of the softwares mentioned in OpenPGP list uses Gnu Privacy Guard (GPG) as encryption engine. Gnu Privacy Guard was developed in 1999 as OpenPGP compatible encryption software.

Public and private keys

In OpenPGP user have two keys which corresponds each other. Private Key is the key you can use to decrypt and sign messages. Public key in other hand is used to encrypt and verify.

In order to send encrypted message from Whistle Blower to Wrecked Security, Whistle Blower needs to have Wrecked Security’s public key. Whistle Blower encrypts the message with Wrecked Security’s public key and then signs the message with his/hers own private key. If Wrecked Security have Whistle Blowers public key, he/she can verify that Whistle Blower has indeed sended that message.

Public Key Message Communication.

 

Leave a Reply

Your email address will not be published. Required fields are marked *