Email is not secure... I have written on this before. Many will falsely believe that Email is secure enough to use it to sign up to services with and that emails come from who they claim to have come from. This is a false sense of security that leads to a vast array of issues which less-than-honest actors will take advantage of.
First and simplest solution to this issue is to assume that Email is insecure and easily "spoofed". What I mean by this is that spoofing is a technique that - among other thing - is used to trivially alter the appearance of the message. In this way, a scammer can pretend to come from a different address by "spoofing" the email header to appear like the message is coming from someone else. Email was never designed to be secure, it simply was not intended to be used for security when it was invented. As such one must always assume that Emails can be trivially altered and faked with minimal effort. Once this assumption is made then one will be harder to scam since the usual scams will become obvious once the false assumption of security is no longer in effect.
Second and more secure option is to use a very old and very strong technology to protect email the same way we protect websites. HTTPS (the lock in the corner of the browser's window) uses something called strong cryptography to mathematically scramble the webpage and all traffic so that only you and the website can understand it. The technology works very effectively, and in the case of websites is totally transparent to the user so that the user does not need to understand anything about cryptography to make this work. Something similar exists for email. There are two competing standards for securing email communications, they are called S/MIME and OpenPGP. While S/MIME has one advantage over OpenPGP, it has many disadvantages that make OpenPGP far more suited to fill this roll.
What OpenPGP does is it outlines a common "language" of sorts that several different programs can understand and utilize. OpenPGP relies on the concept of keys. To protect data and/or identities there must be something that you know or that you have that no other person has access to. This is called the "key". When an OpenPGP compatible program generates a key it takes some random numbers and runs them through some fancy math equations that create a set of two large numbers. One of these numbers is the "public key" and the other is the "private key". How this works is people publish and share the public key which is mathematically linked to the private key which they keep secret. Sending a message works by encrypting some data with someone's public key, because the keys are linked only the private key can decrypt the data and no one can reverse to process to figure out the private key... at least not in any kind of meaningful timescale (less than ten thousand years).
This sounds complex but the programs do all the heavy lifting for you. All you do is create a key, this key is stored as a file and is called the "master key". The master key can then be linked to "subkeys" that can be changed at a later data if desired. The primary uses of the master key and any subkeys are:
- Encryption - the ability to scramble and unscramble data for privacy
- Signing - to say that a chunk of data like a file or message was sent by you and is unaltered since you sent it
- Authentication - yes they can replace passwords with a digital key, this is rarely used but is still kind of cool
Typically, a good way to generate a key is to generate a master key, and then generate two subkeys, one subkey can sign data while the other one encrypts data.
The master key has a fingerprint which is basically a mathematical function that takes the data of the key and converts it into a short and human-readable series of digits that allow a person to tell if a key is really from the person that has their name on the key. Here are the fingerprints for my two keys:
Typically, the fingerprints are written with spaces so that humans can look at them in chunks and verify them that way. The fingerprints are very secure, and it's practically impossible to fake a fingerprint. The use of the fingerprint is if you get a key with my name on it, you would check that its fingerprint is the same as one of the two above.
Due to the laws of mathematics, I do not need to defend my identity if people ask for signatures from my keys. The reason is there is no known way to fake a signature from OpenPGP and the keys are considered to be so strong as to be resistant even against attackers with the resources of nation-states... and if a nation-state is after you, cryptography cannot help you since they can just seize your phone and computer.
I sign all my email messages with my key, and unless someone steals my key and coerces the password that protects the key file... yeah they're not going to be able to fake my signature.
An OpenPGP signature is millions of times harder to forge than a physical - pen on paper - signature, and it's far easier to verify an OpenPGP signature than a physical one because the programs do not require a hand-writing expert in order to operate... just a computer manufactured sometime in the last 30 years. This is becasue a regular signature is based on the assumption that no other human has the muscle memory that you have to produce the pen-on-paper movements that make up the signature. This is only valid if the signature is done before a trusted witness who has seen your signature and if no one else is able to practice and reproduce a convincing set of pen movements... a tall ask these days.
An OpenPGP signature works by turning the data to be signed into a mathematical hash. So for a document like a file, the file's content is processed into that hash, any alterations to even a single character will completely change the hash and to generate a hash that matches the original is something that simply cannot be done with any known or even theoretical technology. This hash is the document, or at least a fingerprint of the document. The hash is then encrypted with your private key so that it can be decrypted with your public key. This means that when someone checks the signature, their computer will decrypt the hash with the public key and thus it will know that the only way that hash could have been made is with your private key... which only you have. It then will hash the file, raw text, email message, or anything else that was signed and if the hashes match then the signature proves that you signed that file/data/message/etc. and that the contents were not in any way altered since you signed them.
Again this does sound complex, but all modern cryptography which you rely on does something like this. Your credit and debit cards do the same math to secure your money, your web browser does the same thing to check of the web page is actually from the proper person and to keep it hidden in transit for your privacy. The difference is that OpenPGP keys are not issued by some central authority which can be hacked or legally compelled to disclose their keys... including yours... without your knowledge. People like authorities to tell them who and what to trust, but that system is open to abuse and failures take down all of their customers. OpenPGP keys are generated on hardware you own (your personal devices), they are much harder to mass compromise since each key is stored by an individual user and no one else. A traditional "certificate" like for S/MIME is stored both on your machines and on the machines of the certificate issuing authority... that is two points of failure while OpenPGP only has one point of failure.
OpenPGP is based on a web of trust" which closely mimics how we humans interact. You know people which you use to validate an unknown person. The way we do this is by asking our circles of friends if they know about this new person, they will tell you if they know of them and what they think of them. OpenPGP works is a similar manner, only it uses mathematics and nothing else. The way it works is your OpenPGP program will check a new key for signatures, these signatures are made by people that have signed the key as a statement of "I <person> have met and confirmed that this person is who they claim to be". Your program checks its database for keys that you have marked as "trusted" such as the keys that your friends and family have given you. It then checks if any of your "trusted" keys have signed the new key and will tell you which of them match. So if you know me somehow and you trusted me enough to mark my key as "trusted", and you met someone like one of my friends. Your computer would alert you that their key was signed by me and therefore is likely to be trustworthy. This is handy because you may not be able to ask me if this person truly is someone I know becasue maybe there are time constraints or perhaps it's a person I do not remember anymore.
OpenPGP is not as hard as it appears to be. But most tutorials show a very hard way to use it and manage the keys. I am trying different ways to manage my keys and will soon release a tutorial that shows a reasonably easy way to use them. The reason I claim that my way is relatively easy is I have gotten my grandma using OpenPGP despite her relative lack of computer related experience. I figure that if I can teach this to a senior citizen, then I can teach this to anyone who cares about their privacy. This would be a video tutorial with a text blog post to back it up though.
Here are some examples of a signed PGP message that anyone can verify came from me. The first one is signed with an RSA key, the second one is signed by my Ed25519 key. The difference is which branch of math they use to operate. Ed25519 is something called elliptical curve cryptography, boasting faster performance and smaller keys for the same security as compared to the older RSA algorithm... RSA's advantage is that more programs understand it. Given the size difference is minimal for something like an email, I use RSA because more programs can verify it, but for certain devices such as networking equipment there is a significant interest in the Ed25519 method.
This one is signed using my RSA key, notice how the signature is larger than the one below it which is signed with my Ed25519 key.
Key fingerprint: 167E 19AC B8E5 38F3 2FD2 2766 81C9 678A 0987 8230
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
This is an example of text that is signed using OpenPGP.
The way this works is that PGP supports a "clear text signature"
which is composed of the raw text I typed along with a digital signature.
I have typed this and pressed the enter key to keep the lines from being
inconveniently long for the purpose of blog readability but that is not
really necessary most of the time.
Below this is the signature which looks like random characters.
Digital signatures are just long numbers, so those numbers are written
by using letters and other characters instead of the raw binary data.
Something similar happens to email attachments due to the way email works
which is why your email attachments get 30% larger in an email than they are
when stored on you machine.
Also note that this typo: "tpyo" cannot be corrected without making the signature
no longer match. This is handy because if even a single letter is altered, even invisibly,
the signature will detect it and the message will be shown to be no longer the exact
thing that I typed.
Whatever text you sign cannot be altered by anyone without the signature detecting a
mismatch. And since only you have the private part of the key, only you can update the
signature after a typo correction by creating a new signature for the new text.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEv2bZCEdTpZFfQZcqP0TIvZ+kF+kFAmHohNEACgkQP0TIvZ+k
F+nFzhAAvAZ2s2nMJse36et4uCw/kDjmRpBu92D+DEnsWNT9FmP/S0jgFfeidtK1
4LRX4u+cH+mueqPQk/+QkE9SW6FXvMBphtN3VH4uW1uR8GyNXUEGHOBdFMBzwD23
QlBnmj2XsMpoCAfBZAkML16vI/wgtArGgfLh58cLb1VLB2P4cpt340Q+3jWnty0j
AB6yZgvS/zli+9Aiac68ODDhRBG7f64otsh9FK2yiVWGQJIrKS+5VukeU0dVyc/R
y4eDl42vjALS70YnzVgxYtC0MEO3FsgxGdb1EiEYnSJt9eiWnmN0B8Z71HV1JeB5
vZpoGQPgJldUKSveuBgZJk5jDUuH17EOqMvimAnIJIH4We1QPBVdW4jRfSXpRW+7
1iJx2yGn8n0s2Tb23luH5DpUHWaVOt/XU4WYHnCm5jw+iXk8hc0bUkVjTvJpoJQ9
jMbPd9lCGv2VrkadRyCjreRVRHMQCxDu5/Sf6mVHcwyJKl4xjg+84yG/JWgIMzIs
UVBXliDIQ13QwwPSZIOkXOgg9WGJtgWzhbX3OOT393XVMlia0PONIoImvz50zvFx
an7KtXPK20BoJm/Zrh3TEFXnzaMRlf1dTBRe5Vr7lhB8cBsqYZT5vnh9fj60Fyhp
4JNXIF6UZw1BLA+vJp558VuwsjAwDH9RH8so62162oRzDDwQt2o=
=Vq6E
-----END PGP SIGNATURE-----
This one is signed with my Ed25519 key. The signature is smaller, yet the level of security is actually fairly close to the one made with the RSA key. This is why some cryptography enthusiasts love elliptical curve cryptography. The speed and size benefits cannot be overlooked. For OpenPGP the difference isn't that large compared to an entire email message but for say a web-server's certificate that serves thousands of clients per second... the difference is more noticeable.
Key Fingerprint: 1F32 5206 DE34 CFCF 0022 D045 48A7 3B8C 8920 7930
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
This is an example of text that is signed using OpenPGP.
The way this works is that PGP supports a "clear text signature"
which is composed of the raw text I typed along with a digital signature.
I have typed this and pressed the enter key to keep the lines from being
inconveniently long for the purpose of blog readability but that is not
really necessary most of the time.
Below this is the signature which looks like random characters.
Digital signatures are just long numbers, so those numbers are written
by using letters and other characters instead of the raw binary data.
Something similar happens to email attachments due to the way email works
which is why your email attachments get 30% larger in an email than they are
when stored on you machine.
Also note that this typo: "tpyo" cannot be corrected without making the signature
no longer match. This is handy because if even a single letter is altered, even invisibly,
the signature will detect it and the message will be shown to be no longer the exact
thing that I typed.
Whatever text you sign cannot be altered by anyone without the signature detecting a
mismatch. And since only you have the private part of the key, only you can update the
signature after a typo correction by creating a new signature for the new text.
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQTdEHZzdRj88+sPHs2DGTsp04R9UwUCYeiFFgAKCRCDGTsp04R9
U8WvAQDRnuS/wzYG6brzyJivLEBrMg8z+9eiVu+FPD/QI92MHgEA0R/fLblqvB9b
p1khptQJM15dYWh9/OsidXPuIJx1cg0=
=VuVl
-----END PGP SIGNATURE-----
A while ago people would use these signature texts to sign their words on some old forums on the early internet... it still has use today for me. I recently used it to sign an informal survey for one of the classes I am taking. The survey comment might go into a large collection with one comment from every student, and I wanted to be sure that if my words were altered that I could prove that there was an alteration... hence I used OpenPGP to protect my words from alteration.
No comments:
Post a Comment