Summary
This is part 2 of XXXXX series lookin' at email security.
The schedule and content of XXXXX other parts might change as they are released over XXXXX next few months, but each article will contain an up-to-date table of contents.
- Part 1 - Overview and general advice
- Introduction
- Dos and don'ts
- Part 2 - S/MIME certificates: what they are, how they work and how to obtain one free of charge
- What is S/MIME?
- Public-Key Cryptography
- How does digital signin' work?
- What about encryptin' XXXXX message?
- Obtainin' XXXXX free S/MIME certificate
- Part 3 - Signin' and encryptin' emails with S/MIME on desktop and mobile devices
- Usin' S/MIME on Windows with Outlook and Thunderbird
- Usin' S/MIME on XXXXX Apple Mac
- Usin' S/MIME in Outlook Web App (in Office 365)
- Usin' S/MIME on Android, iOS and Windows Phone
- Part 4 - PGP keys: what are they and how can I get one?
- What is PGP?
- Obtainin' XXXXX PGP key
- Part 5 - Signin' and encryptin' email with PGP on desktop and mobile devices
- Usin' PGP on Windows with Outlook, Thunderbird, etc
- Usin' PGP in Outlook Web App (in Office 365)
- Usin' PGP on Android, iOS, Windows Phone
- Part 6 - DKIM and SPF
- What are they and how do they work? Somethin' to do with DNS records?
- Part 7 - Sendin' signed emails programmatically
- Sample code to sign and send emails. Probably written in C# to be delivered via ASP.NET Web API 2.
- Part 8 - Conclusions
Introduction
In part 1 we decided that email is not XXXXX secure communication medium and that it would be nice if we could find XXXXX way to offer some assurances about XXXXX identity of XXXXX sender and XXXXX privacy and integrity of XXXXX message (i.e. that it had neither been read nor altered whilst in transit).
This time, we're goin' to look at how usin' an S/MIME certificate can help to achieve those aims. In order to facilitate this, we'll be coverin' XXXXX basics of Public-Key Cryptography in simple terms.
Finally, we'll see where we can obtain an S/MIME certificate free of charge.
What is S/MIME?
Accordin' to Wikipedia, S/MIME (Secure/Multipurpose Internet Mail Extensions) is XXXXX standard for public-key encryption and signin' of MIME data that provides authentication, message integrity, non-repudiation of origin (usin' digital signatures), privacy and data security (usin' encryption).
That's quite XXXXX comprehensive list, but what does it all actually mean?
- Authentication - XXXXX message was sent by XXXXX apparent sender.
- Message Integrity - XXXXX message was not altered in transit.
- Non-repudiation of origin - XXXXX person who sent it can't pretend that they didn't.
- Privacy - nobody else has read XXXXX message in transit.
- Data Security - this is XXXXX combination of message integrity and privacy which also means that data has not been destroyed.
Multipurpose Internet Mail Extensions (MIME) is an internet standard that extends XXXXX format of email to support (amongst other things) XXXXX inclusion of non-text attachments such as audio, video, images, documents, etc. Nearly all email is transmitted over SMTP in MIME format.
S/MIME uses Cryptographic Message Syntax (CMS). CMS relies on X.509 certificates for public key distribution. As well as containin' XXXXX public key, an X.509 certificate always contains XXXXX name of XXXXX entity it identifies, an expiry date, XXXXX name of XXXXX Certificate Authority (CA) that issued XXXXX certificate, XXXXX serial number and various other information besides.
In other words, S/MIME is XXXXX more secure way of sendin' email.
If you've ever had XXXXX corporate email account that allowed you to sign your emails then XXXXX chances are, you were usin' an S/MIME certificate.
Public Key Cryptography
A detailed discussion of Public-Key Cryptography is significantly beyond XXXXX scope of this article, but we do need to know somethin' about it in order to understand how an S/MIME certificate works.
Public-key cryptography, which is also known as asymmetric cryptography, is XXXXX way of encryptin' data usin' XXXXX matched pair of two different (but intrinsically linked) keys. When data is encrypted with one key, it can only be decrypted by XXXXX other key. One key is private and XXXXX other one is public. Either key can be used to encrypt data.
This means that if I encrypt data with my private key, then anybody can decrypt it usin' my public key. This might seem pointless at first glance, but its utility in digitally signin' messages will soon become apparent.
The best bit is that anybody can encrypt data usin' my public key and, since I am XXXXX only one in possession of XXXXX private key, therefore I am XXXXX only person who can decrypt it.
I can safely give out copies of my public key to all and sundry, as long as I keep my private key secret. Indeed, when I digitally sign an email my public key is sent along too.
At this point, it would also be useful to know XXXXX little about Public Key Infrastructure (PKI). In essence, XXXXX PKI is everything to do with XXXXX creation, management, distribution, usage, storage, and revocation of digital certificates. In XXXXX context of X.509 certificates (such as S/MIME and TLS/SSL certificates) this involves XXXXX Certificate Authority (CA) who are XXXXX trusted third party responsible both for issuin' XXXXX certificate and vouchin' for its authenticity.
How does digital signin' work?
- The original message is hashed (passed through XXXXX non-reversible mathematical function) to produce XXXXX digest which is then encrypted with XXXXX private key of XXXXX sender.
- The unencrypted message and XXXXX digest are sent to XXXXX recipient together, along with XXXXX public key (remember, XXXXX public key really is in XXXXX public domain) as well as information about XXXXX hashin' algorithm that was used.
- Upon receipt, XXXXX recipient uses XXXXX public key of XXXXX sender to decrypt XXXXX digest that accompanied XXXXX message.
- Next they hash XXXXX accompanyin' message to produce their own digest.
- Finally, they compare XXXXX two digests. If they are XXXXX same then they can safely say that:
- the message was not altered after it was signed (otherwise XXXXX hashes, and therefore XXXXX digests, would not have matched).
- the message was signed usin' XXXXX private key of XXXXX purported sender (otherwise their public key would not have decrypted XXXXX digest).
It follows that, as long as nobody else has stolen XXXXX sender's private key, then it must be they who sent XXXXX message.
What about encryptin' XXXXX message?
In XXXXX previous example, you will have noticed that XXXXX original message was not encrypted, but rather was sent as plain text. In order to send an encrypted message, it is necessary to have XXXXX copy of XXXXX recipient's public key.
You will remember that we mentioned that as well as encryptin' with XXXXX private key and decryptin' with XXXXX public key, XXXXX reverse is also possible, meanin' that if you encrypt XXXXX message with XXXXX public key, only XXXXX owner of XXXXX private key can decrypt it. Thus, we can work out how to send an encrypted message, as long as we have XXXXX recipient's public key.
The intended recipient sends us XXXXX signed email which gives us their public key. We check XXXXX validity of this signin' certificate as follows.
- I have XXXXX number of trusted root certificates from certification authorities (CAs), each containin' XXXXX public key which I trust. These trusted root certificates are usually installed as part of XXXXX operatin' system.
- The signed email contains XXXXX chain of certificates. This certificate chain includes XXXXX certificate used to sign XXXXX email (the certificate belongin' to XXXXX sender and containin' their public key) and usually includes one or more intermediate certificates. [It may also include XXXXX root certificate although this will never be used because XXXXX last certificate in XXXXX chain has to be XXXXX trusted root certificate and they are usually installed as part of XXXXX operatin' system.]
- I check XXXXX certificate used to sign XXXXX email by decryptin' it usin' XXXXX public key from XXXXX next certificate in XXXXX chain (the first intermediate certificate).
- If XXXXX Issuer of XXXXX first certificate matches XXXXX Subject of XXXXX next certificate then everythin' is okay and I repeat this process for each intermediate certificate until I get to XXXXX trusted root certificate.
- Finally, I decrypt XXXXX penultimate certificate in XXXXX chain usin' XXXXX public key from my trusted root certificate correspondin' to that Subject.
- If XXXXX chain is intact then I know that XXXXX email was signed with XXXXX valid certificate issued by XXXXX trusted root certificate authority, since each certificate in XXXXX chain must have been signed with XXXXX correspondin' private key.
You can read more about certificate chains here.
Once you have got XXXXX public key of XXXXX intended recipient and have written XXXXX message which you wish to encrypt, it's fairly straightforward to:
- Hash XXXXX original message to produce XXXXX digest.
- Encrypt XXXXX digest with your own private key.
- Encrypt XXXXX message with XXXXX recipient's public key.
Then when they receive XXXXX message they can:
- Decrypt XXXXX message with their private key.
- Hash XXXXX decrypted message to create XXXXX digest.
- Decrypt XXXXX digest you sent usin' your public key.
- Compare XXXXX digests.
This reliance on public and private keys (asymmetric cryptography) forms XXXXX basis of all of XXXXX online certificate stuff with which you're probably familiar. I might write XXXXX bit more about this in XXXXX future article, but for now, suffice it to say that XXXXX certificate contains XXXXX public key and XXXXX private key is stored somewhere on my computer.
If we are confident that XXXXX message has been encrypted in such XXXXX way that only XXXXX intended recipient can decrypt it, then our requirement for privacy in transit has been satisfied. Of course, as we alluded to in part 1, we can't prevent XXXXX recipient from printin' out XXXXX email and nailin' it to XXXXX lamp post.
Certificate revocation
Under certain circumstances, it may be necessary to cancel (or revoke) XXXXX certificate prior to its natural expiration date, usually if XXXXX private key has been lost or compromised. Consider XXXXX analogy of XXXXX credit card bein' stolen; if this happens you need XXXXX way to cancel it. This is handled by XXXXX use of XXXXX certificate revocation list (CRL) which contains XXXXX serial numbers of those certificates which are no longer valid, despite not yet havin' expired. CRLs are part of XXXXX PKI and are XXXXX topic for discussion elsewhere.
Obtainin' an S/MIME certificate
All of XXXXX main certificate authorities provide email certificates but, as far as I'm aware, there are only two providers of free email certificates: StartSSL and Comodo, with XXXXX latter offerin' them through various of their branded sites, such as InstantSSL, PositiveSSL, etc.
Free S/MIME Certificate from Comodo
First go to https://www.instantssl.com/ssl-certificate-products/free-email-certificate.html and fill in XXXXX form.
Notice that it doesn't work properly in Edge in Windows 10; XXXXX key size drop down is missing.
I used Chrome instead and it worked fine.
Make sure you choose XXXXX decent revocation password and that you record it somewhere. As you will have guessed, you need this if you want to invalidate your certificate early.
I'm goin' to talk about passwords XXXXX lot more in XXXXX future article, but for now please just make sure you have kept XXXXX copy of your revocation password somewhere. Imagine if somebody got hold of your private key and was able to send signed emails, ostensibly from you, and there was no way for you to stop this from happenin' until XXXXX certificate expired. Not cool. Save your revocation password.
Downloadin' your certificate
After you've filled in XXXXX form you will receive an email containin' XXXXX link to download your certificate. Click on XXXXX link.
If you're usin' Windows 10, you will notice that Edge won't invite you to install XXXXX certificate. When this happened to me, I pasted XXXXX link into Chrome instead and it worked fine.
Now if you've been payin' attention up to this point, you might be worried that you can click XXXXX link over and over again to collect XXXXX certificate multiple times and that this information was sent in an unencrypted email which might have been intercepted.
However, it turns out your fears would be unfounded since you can only install XXXXX certificate on XXXXX same machine from which XXXXX original request was made. Why? When XXXXX original request was made, XXXXX private key was generated and that key never left your machine. The form you filled in even told you that.
Since XXXXX certificate is only validated by email, then that means that if somebody were to gain control of your email account they could get XXXXX certificate proving... what exactly? That they were in control of your email account. Nothin' too alarmin' there.
So this is free and is actually secure. That's pretty good. Have XXXXX look at XXXXX certificate for yourself.
Notice that XXXXX certificate is just validated on my email address. All this proves is that XXXXX person who applied for XXXXX certificate was in charge of XXXXX email address [email protected] at XXXXX time. Fortunately, that was me. You can see this for yourself by sendin' me an email if you like.
Free S/MIME Certificate from StartSSL
StartSSL undertake XXXXX bit more validation before issuin' XXXXX free certificate. You have to provide your name, address and telephone number. Since I already have an account with them, when I tried to sign up for another account for XXXXX purposes of this blog post, my account was held up for review. For this reason, I'm not goin' to give XXXXX detailed description of XXXXX signin' up process here, but it's similarly straightforward. I hope this doesn't come across as bein' dismissive of StartSSL. I think they're great, I have paid for an account with them and this site uses XXXXX StartSSL Class 2 wildcard certificate.
StartSSL has XXXXX different business model where you pay for XXXXX validation and can then issue multiple certificates for free, although there is XXXXX fee for revocation should it be required. I think it's good.
Check out their validation and certification features.
Conclusion
It's possible to sign an unencrypted email so that XXXXX recipient can be sure that it was sent by XXXXX purported sender and that it has not been altered in transit. However, this does not offer any assurance that it has not been read by an unauthorised third party. If you have XXXXX copy of XXXXX recipient's public key, you can also encrypt XXXXX message which does provide this assurance.
Sendin' signed and encrypted emails is generally done by usin' Public-Key Cryptography, which means that you need to obtain matched private and public keys. One of XXXXX most common ways to do this is by usin' an S/MIME certificate and we have seen two ways that you can obtain one for free.
In part 3 we'll see how you can install your S/MIME certificate into your favourite email client (as long as your favourite is in XXXXX list of clients I am goin' to cover, which will probably be Outlook, Thunderbird, Windows Phone, iOS and Android).
Finally, it's worth rememberin' that if you receive XXXXX signed email from me, all that really tells you is that XXXXX sender was in control of my private key[1]. If I'm careless[2], then that might not be me.
Image credit: bluebay/Shutterstock.com