E-MAIL ENCRYPTION

Article 4

E-MAIL ENCRYPTION

One of the major dangers of advancing internet technology is the security of personal e-mail. E-mail can be a vital conduit of information and in extreme cases it can also be forged or tampered with. Therefore, e-mail security is a hot topic in the technology field and here is one of the most secure and widely used method to deal with this problem.

Conventional encryption relies on two methods. Symmetric encryption uses the same key for the encoding and decoding of messages. This key is known only to the two parties in the transaction. The only problem is getting the key to the other person securely. The second method is asymmetric encryption which uses two keys, one public and one private. The sender uses the recipient's public key to encode the message, and the recipient uses his or her private key to decode it. The two keys are mathematically related, but the relationship between them is so complex, that it's virtually impossible to define it. There are two problems with asymmetric encryption. First, you need to know the other person's public key and as you can guess this is being solved by developing a new Internet directory service called Lightweight Directory Access Protocol (LDAP). The second problem is that using two keys is substantially slower than using just one key. This is being solved by using a hybrid approach, called the digital envelope, which encrypts the message using the symmetric encryption method, but encrypts the key using the asymmetric encryption method.

Should by any chance, anybody get beyond these gargantuan security measures, there is still another way to check for tampering or forgery of the message that you have received. This technique is called the digital signature and it works this way. To alert the recipient in case of tampering, the security program generates a mathematical summary of the message, called a "hash", which it then encrypts with the sender's private key and sends to the recipient along with the sender's public key. At the other end the recipient uses the public key to decrypt the "hash" and if it matches the original message the recipient has received then there was no tampering or forgery. This field is rapidly advancing and many more stringent security measures are likely to be introduced.

from an article by Sheryl Canter in PC Magazine, April 8, 1997