Que:- What Is E-mail Encryption? Explain in Detail.
Ans:-
Signing and Encrypting an E-mail
Organizations often want to protect the confidentiality and
integrity of some of their email messages. Email messages can be protected by
using cryptography in various ways, such as the following:
·
Sign an email
message to ensure its integrity and confirm the identity of its sender.
·
Encrypt the body
of an email message to ensure its confidentiality.
·
Encrypt the
communications between mail servers to protect the confidentiality of both the
message body and message header.
The first two methods, message signing and message body
encryption, are often used together. For example, if a message needs to be
encrypted to protect its confidentiality, it is usually digitally signed as
well, so that the recipient can ensure the integrity of the message and verify
the identity of the signer.
The third cryptography method listed above, encrypting the
transmissions between mail servers, is typically applicable only when two
organizations want to protect emails regularly sent between them.
For example, the organizations could establish a virtual
private network (VPN) to encrypt the communications
between their mail servers over the Internet.
In some cases, organizations may need to protect header
information. However, a VPN solution alone cannot provide a message signing
mechanism, nor can it provide protection for email messages along the entire
route from sender to recipient.
Because most email messages are protected individually by
digitally signing and optionally encrypting them.
The most widely used standards for signing messages and
encrypting message bodies are Open Pretty Good Privacy (OpenPGP) and
Secure/Multipurpose Internet Mail Extensions (S/MIME).
Both are based in part on the concept of public key
cryptography, which involves a user having a pair of related keys: a public key
that anyone can hold, and a private key that is held exclusively by its owner.
Because public key cryptography is so complex, it is used comparatively
simple in email security; symmetric key cryptography, which is much more
efficient, is much more heavily used.
BASIC FLOW:
Symmetric key cryptography requires a single key to be
shared between communicating parties, the sender and recipient of an email
message. The process involves the sender generating a random key and encrypting
the message with it using a symmetric key encryption algorithm. The sender then
encrypts the symmetric key with a corresponding public key encryption algorithm
using the recipient’s public key, and sends both the encrypted message and
encrypted symmetric key together to the recipient.
This hybrid process uses public key encryption only to
encrypt the symmetric key. Because only the intended message recipient holds
the private key that is needed to recover the symmetric key, no other party can
decrypt the message and read it.
Digital signature techniques rely on the creation of a
digest or fingerprint of the information (i.e., the message being sent) using a
cryptographic hash, which can be signed more efficiently than the entire
message.
Following are the protocols used in
signing and encrypting emails:
OpenPGP:-
OpenPGP is a protocol for encrypting and signing messages
and for creating certificates using public key cryptography.
Although certain aspects of OpenPGP do use public key
cryptography, such as digitally signed message digests, the actual encryption
of the message body is performed with a symmetric key algorithm, as outlined
earlier.
The following is a brief description of signing and
encrypting a message with OpenPGP
·
OpenPGP
compresses the plaintext, which reduces transmission time and strengthens
cryptographic security by obfuscating plaintext patterns commonly searched for
during cryptanalysis.
·
OpenPGP creates a
random session key.
·
A digital
signature is generated for the message using the sender’s private key, and then
added to the message.
·
The message and
signature are encrypted using the session key and a symmetric algorithm (e.g.,
3DES, AES).
·
The session key
is encrypted using the recipient’s public key and added to the beginning of the
encrypted message.
·
The encrypted
message is sent to the recipient.
The recipient reverses the steps to recover the session key,
decrypt the message, and verify the signature.
S/MIME:-
·
The
most significant feature of S/MIME is its built-in and nearly “automatic”
nature.
·
The
actual process by which S/MIME-enabled mail clients send messages is similar to
that of OpenPGP.
·
S/MIME
version 3.1 supports two symmetric key encryption algorithms
·
Organizations
using S/MIME to protect emails should use AES or 3DES
To Download Word file
Click This Link --> E-mail Encryption
Sign up here with your email
ConversionConversion EmoticonEmoticon