Email - Encrypt and Sign

Worldwide, all e-mail traffic is systematically scanned. The NSA is in the lead with Echelon, which, as we learned from Edward Snowden's documents, is also used for industrial espionage and NGO interception. France operates a similar system called "French ECHELON". The Russian counterpart to the NSA is the SSSI (formerly FAPSI). The Swedish secret service FRA and the Swiss Onyx project use supercomputers to process the aborted data. Relevant activities have been proven for Saudi Arabia, Syria, Iran and Egypt and the "Great Firewall" of China also has the necessary features.

In Germany, the e-mail traffic in the context of "Strategic Telecommunications Information"scanned by the secret services. A keyword list released by the G-10 Commision of the Bundestag with 16.400 terms (state 2010) will be used for automated preselection to search for weapons trafficking, proliferation and terrorists. In 2010, the scanners reported 37 million emails as suspicious. 2011 has succeeded in combining BND's automated scanners with a spam filter so that "only" 2,1 million emails have been reported as suspicious and copied.

With the encode E-mails ensure the confidentiality of communication. A message can only be opened and read by the recipient. OpenPGP and S / MIME are two established standards for this task.

Asymmetric encryption

  • Each user has a key pair consisting of a secret and a public key. While the secret key should be carefully protected only to the user himself, the public key must be distributed to all communication partners.
  • When Anton wants to send a signed e-mail to Beatrice, he creates a signature with his secret key. The user Beatrice can verify the message with Anton's public key, since only Anton should have access to his secret key.
  • When Beatrice wants to send an encrypted message to Anton, she uses Anton's public key to encrypt the message. Only Anton can decipher and read this e-mail with his secret key.

OpenPGP encryption

PGP (Pretty Good Privacy) and the free alternative GnuPG (GNU Privacy Guard) provide a long-tested software for encryption. Usually, common e-mail programs can not deal with OpenPGP out-of-the-box. Installation of additional software is necessary. It is relatively easy to generate the necessary keys. For the exchange of keys, the Internet provides a developed infrastructure.

OpenPGP has been continuously developed since its introduction.

S / MIME encryption

The Secure MIME protocol (S / MIME) was developed by 1998 and is today integrated in most e-mail clients. X.509 v3 certificates are used for the encryption that 1999 has been issued.

A Certification Authority (CA) confirms with a signature the authenticity and identity of the owner of a issued certificate. This signature uses the Root Certificate of the CA. The root certificates of established CAs are included in almost all browsers and e-mail clients. Anyone who trusts in these certificates trusts the personal certificates of other users signed with them without further inquiry.

In addition to the option of having a certificate signed by an established CA for up to 100 Euro annually, CAcert.org, StartSSL.com and others offer free alternatives. However, these CAs are not established and their Root Certificates do not exist everywhere by default.

For experienced users it is also possible to set up and maintain your own CA.

Leave a Comment