Email encryption with PGP
Motivation
Email is still one of the most widely used communication channels in business communication. Not only trivial information is exchanged, but above all business documents, agreements and other details. This information is generally to be regarded as business secrets.
What is completely ignored in this communication, however, is that email is still not much more secure than a postcard. A normal email is completely unencrypted and can be read in plain text. Not only on the local device, but also in transit.
In fact, this is no longer entirely true, as many mail providers now use SSL encryption in transit to ensure that data is protected against interception, but you should not rely on this. At least the mail provider can then read the unencrypted mails again.
End-to-end encryption has long been standard in instant messaging, but it is up to companies and citizens to ensure the security of their e-mail communication.
In addition to expensive commercial solutions, there have also been open source solutions such as PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard) for more than 20 years.
See also:
https://www.openpgp.org/
https://www.gnupg.org/
How does the encryption work
Possible attacks
Alice writes to Bob, Eve wants to listen in:
This is the standard case that we want to avoid. We want only the sender and recipient to be able to read the mail, but no one else.
In this case, Alice must encrypt the mail with Bob’s (public) key so that only Bob can decrypt it.
Alice writes to Bob, Mallory wants to manipulate the mail so that Bob receives altered information (person in the middle attack)
In order for Bob to recognize the manipulation of the mail, Bob must sign the mail with his key. Alice can now check the signature of the mail with Bob’s (public) key and thus ensure that the mail really comes from Bob.
Difference between symmetric / asymmetric encryption
There are two basic types of encryption. Symmetric and asymmetric encryption.
Symmetric encryption:
- The same key is used for encryption and decryption.
- All participants need this (secret) key
Problem: in order to send messages (on insecure channels), the key must first be distributed (on a secure channel). If the secret key is lost or stolen, communication is completely open.
Asymmetric encryption: (PGP / GPG)
A key always consists of a key pair:
- A (private) key for decryption
- A (public) key for encryption.
All participants generate their own key pair
There are different roles for the two keys
The public key can (and must) be distributed to anyone with whom you want to communicate in encrypted form. This may also be done via insecure channels.
The private key must remain private and be well protected. It is the basis for secure encryption. It should definitely be (data) backed up. If it is lost, the communication is no longer protected and the encrypted data can no longer be accessed.
The private key must never be disclosed.
Differences between encrypting and signing:
Encryption and signing are independent of each other. Both are used for securing, but can be used independently of each other or simultaneously.
Encrypt
The recipient’s public key is used for encryption.
Encryption ensures the confidentiality of the message, as only the recipient can decrypt the message with their private key.
Sign
The sender’s private key is used for signing.
Attention: Signing must not be confused with the mail “signature” (i.e. the signature / footer) in a mail.
The (PGP/GPG) signature is a fingerprint of the message that is encrypted and attached to the message when it is sent.
The signature ensures the authenticity of the message and clearly confirms who wrote the e-mail. Because only the sender could sign with this key.
Exchange of the public PGP key
In order to be able to communicate with a communication partner in encrypted form, both communication partners must first exchange their public PGP / GPG key.
The private keys must be kept secret.
Different methods can be used to exchange the public keys.
Examples:
- As an e-mail attachment:
Particularly suitable for distributing the key in a private circle - Via public key servers:
Keyservers are easily searchable and the e-mail address can be viewed publicly
Building a network of trust
Even when using encrypted e-mail communication, reliable security only exists if you can trust your communication partner. In this way, PGP / GPG users can express their mutual trust or distrust.
To express trust in a user, PGP can be used to sign someone else’s public key and thus ensure that the key belongs to the owner specified therein.
This signature is then integrated into the public key of the communication partner and can therefore be viewed by everyone else.
The mutual expressions of trust thus create a network of mutual trust, the so-called “Web of Trust” (WoT). If a PGP user cannot assess the authenticity of a key himself, he can check the signatures of the key and thus evaluate the trust more easily without the need for a central authority.
This assessment can be done manually, but is normally also done automatically in the background by PGP or GPG. The software determines a “key legitimacy” value. For example, if a public key is signed by at least two PGP users who are “slightly” trusted, it is considered trustworthy by GnuPG default. In the case of “full confidence”, a notarization is sufficient.
Most mail programs and encryption plug-ins simply indicate trust in traffic light colors.
Strengthening trust through public authorities
There are now also public authorities that allow you to have your key signed and thus have the trust of the key confirmed by an official authority.
You can do this e.g. via CAcert (cacert.org) or at the BSI (Federal Office for Information Security) using the electronic ID function of your ID card.
See: https://pgp.governikus.de/pgp
Advantages and disadvantages of email encryption
Advantages:
- The mail content is encrypted end-to-end
- Sender and recipient become unique (if the mail is signed)
Disadvantages:
- The metadata of the mail (recipient, subject, etc.) usually remains unencrypted
- Both the sender and the recipient of the mail must use PGP / GPG and mutually
have exchanged their (public) keys.
Integration of e-mail encryption in mail programs
In the past, the encryption software (PGP or GPG software) had to be installed manually in addition to the e-mail program. However, most mail programs have plug-ins that make it easy to use mail encryption from the mail program.
For example, the “Enigmal” plugin is available for Thunderbird(https://www.enigmail.net/index.php/en/)
Since summer 2020, however, the encryption function has been integrated directly into Thunderbird, so you don’t need to install any additional software.
Other mail programs have a similar solution.
Step by step instructions