Encrypting email with GnuPG

Anyone sending email unencrypted needs to be aware that everyone can intercept or tap into it. Thus, it's highly advisable to encrypt your communications. Two encryption methods have prevailed over the years, S/MIME and OpenPGP. Both are open standards that are constantly being monitored for vulnerabilities by security experts.

S/MIME, like the HTTPS protocol, is based on the name-checking of commercial certificates of Certification Authorities (CAs). It's used mainly in the corporate world, whereas OpenPGP is more prevalent in the private sector. This article focuses on the open source OpenPGP that the free software GnuPG [1] provides under Linux.

In this article, I'll provide some basic guidelines for encrypting your email and explains how to encrypt and decrypt messages with the common Linux mail clients KMail and Thunderbird. This scenario can also be used with other mail programs that support GnuPG. An important part of this process is ensuring that both senders and recipients are prepared to send and receive encrypted email traffic.

One-Way Street

Both encryption methods mentioned here rely on a combination of a publicly documented process and a key coding independent of the algorithm. The private key should never be publicly revealed. If it is, after a key change, you can at least continue to use the participating programs (GnuPG and the email client).

How do you secure the key against prying eyes? The answer: You can't. In the age of global telecommunication surveillance, this process definitely requires some personal responsibility. To deal with this, GnuPG uses asymmetric public key cryptography, with two keys that are mathematically linked – a public key for encryption and a secret one for decryption (Figure 1).

Figure 1: The public key encryption concept is like a padlock requiring different keys for opening and closing. The locking key (in green) can remain inserted but provides no method of entry. Only the owner of the private key (in red) can open the lock.

More important than mathematical details, however, is the public key cryptography's role in the encryption process. Anyone knowing the public key of the pair can encrypt messages so that they can be decrypted only via the corresponding private key. The latter secret key is normally known only to the recipient; thus, the sender himself can't even decrypt his own message to change it.

With OpenPGP, key servers handle the global availability of public keys. If you want to send an encrypted email to someone with a publicly available PGP key, you can just query one of the independently synchronized key servers for the recipient's email address.

Safety Net

The system, however, has a catch: Anyone can create and publish a key for any email address. If you encrypt an email with the wrong key, its owner can't decrypt it again, because his private key won't correspond to the public key you used.

Things get critical when an attacker uses a spoofed key to successfully intercept your email (Figure 2), because he also has the corresponding private key for decryption. After encrypting it, he can forward the message – even with changes made to its content – to the actual recipient encrypted with the authentic key pair. This so-called man-in-the-middle scenario can occur without the recipient's or sender's knowledge.

Figure 2: In a man-in-the-middle attack, an attacker can attach a spoofed public key (the green key bordered in black) while intercepting the message, along with a corresponding private key (the red key bordered in black), then send it encrypted with the authentic public key (in green) to the recipient. The recipient sees only the message encrypted with the authentic key.

OpenPGP provides two methods to ensure authentication of the two keys. Each PGP key has a fingerprint consisting of 10 four-digit hexadecimal numbers. Because spoofing a key with a number of that size is technically impossible, this process virtually ensures its authenticity.

Before sending security-critical emails, you should contact your recipient offline by telephone and compare the OpenPGP key fingerprints. It doesn't help any potential attacker to eavesdrop on your correspondence as long as he can't manipulate it. The key can then be considered trustworthy for any further messaging.

The second method for ensuring key authentication is to have it signed by a third party that vouches for its authenticity based on your OpenPGP key.

Because of potential signature falsification, however, the third-party method works only if you can authenticate it with the recipient's trusted fingerprint. The signature method technically guarantees only that certain fingerprints can't be generated to indicate possession of a specific private key.