Email Security with Digital Certificates (Part 4)

by [Published on 30 June 2016 / Last Updated on 30 June 2016]

In the previous article we introduced S/MIME and explored how digital signatures work and what they provide us with. Now it is time to dig into message encryption.

If you would like to read the other parts in this article series please go to:

Message Encryption

Message encryption provides a solution to information disclosure. SMTP-based Internet email does not secure messages, meaning they can be read by anyone who “sees” them as they travel or read them where they are stored. These problems are addressed by S/MIME through the use of encryption. Encryption is a way to change information so that it cannot be read or understood until it is changed back into a readable and understandable form.

Although message encryption is not as widely used as digital signatures, it does address what many see as the most serious weakness in Internet email. Message encryption provides two specific security services:

  • Confidentiality: message encryption serves to protect the contents of an email message. Only the intended recipient can view the contents, and the contents remain confidential and cannot be known by anyone else who might receive or view the message. Encryption provides confidentiality while the message is in transit and in storage;
  • Data integrity: as with digital signatures, message encryption provides data integrity as a result of the specific operations that make encryption possible.

Although message encryption provides confidentiality, it does not authenticate the message sender in any way. An encrypted but unsigned message is as susceptible to sender impersonation as an unencrypted message. Because nonrepudiation is a direct result of authentication, message encryption also does not provide nonrepudiation. Although encryption provides data integrity, an encrypted message can show only that the message has not been altered since it was sent. No information about who sent the message is provided. To prove the identity of the sender, the message must use a digital signature.

The following table summarizes what digital signatures and message encryption provide:

 

Authentication

Nonrepudiation

Integrity

Confidentiality

Digital Signatures

Y

Y

Y

N

Message Encryption

N

N

Y

Y

Encrypting Emails

Message encryption makes the text of a message unreadable by performing an encryption operation on it when it is sent. When the message is received, the text is made readable again by performing a decryption operation when the message is read.

Message encryption is not accomplished by only encrypting and decrypting the message using the key pair. The key pair is used in message encryption, but not for the entire message!

The goal of message encryption is to ensure that only authorized recipients can view the message, so the private key of the recipient is suited to provide that service. Because the private key can only be successfully used by its owner, the use of the key during the reading of a message ensures that the owner of that key, and only the owner of that key, can read the message. This capability provides the confidentiality that underlies message encryption. Furthermore, because the public key can be distributed widely, it allows any number of people to send information to a single private key holder. However, the key pair is not used on the entire message. This is because encryption and decryption using an asymmetric key algorithm is an expensive process, due to the necessary complexity of the keys’ algorithms. As such, the key pair is only used to “lock” and “unlock” the information. As long as the message is unreadable until the private key is presented, the goal of message encryption is met.

Public keys use strong algorithms to compensate for being publicly known. These strong algorithms mean that they are larger, and thus computations that use them are slower, than symmetric keys. Because a private key is only used to unlock information before it is viewed, and not on the entire message, it is more economical to use a key pair on as little information as possible and use a faster, symmetric key on as much information as possible while ensuring that the information cannot be used until the private key is presented.

Symmetric keys use a secret key, which both parties must know. This process is sometimes called “key negotiation.” With key pairs, there is no key negotiation because one public key can be used by many people. Key pairs can also be used in conjunction with symmetric keys to handle key negotiation. A symmetric key can be chosen and that key can be encrypted, using the public key of a key pair, and sent to the owner of the private key. Because only the private key owner can decrypt the symmetric key, the symmetric key remains a secret.

The goal of message encryption is to ensure that a message is unreadable until the private key is presented. The private key can be used in symmetric key negotiation to securely transmit a symmetric key. Because a symmetric key can be securely transmitted to a recipient, we can use a symmetric key to encrypt a message and then encrypt that symmetric key using the public key in a key pair. Only the private key holder can unlock the symmetric key, which is then used to decrypt the message. This operation functions as if the entire message had been encrypted and decrypted using the key pair. However, because it uses a faster, symmetric key on most of the information, the operation is faster than it would otherwise be. Throughout this process, the message remains protected until the presentation of the private key, thus providing confidentiality. Because of the encryption and decryption process, any alteration of a message after it has been encrypted will cause the decryption operation to fail, providing for data integrity.

Although the use of a symmetric key may be unexpected and its benefit not immediately obvious, it enhances message security by making the process of message encryption faster without sacrificing the security of the message. The following figure shows the sequence of encrypting an email message:

Image
Figure 1

Decrypting Emails

When the recipient opens an encrypted message, a decryption operation is performed on the encrypted message as follows:

Image
Figure 2

Digital Signatures and Message Encryption Together

Digital signatures and message encryption are not mutually exclusive. Each service addresses specific security issues: digital signatures address authentication, repudiation and integrity issues, and message encryption addresses confidentiality and integrity issues. Because each addresses different issues (apart from integrity which both address), a message security strategy requires both, often at the same time. These two services are designed to be used in conjunction with one another, because each separately addresses one side of the sender-recipient relationship. Digital signatures address security issues related to senders, and encryption addresses security issues primarily related to recipients.

When digital signatures and message encryption are used together, users benefit from both services. Employing both services in messages does not change the handling or processing of either service. To show how digital signatures and message encryption are handled together, the following figure shows the sequence of signing and encrypting an email message:

Image
Figure 3

The following figure shows the sequence of decrypting and verifying the digital signature:

Image
Figure 4

Conclusion

In this article explored message encryption and how it can work together with digital signatures. In the next part of this article series, we leave all the theory behind and start signing and encrypting our emails.

If you would like to read the other parts in this article series please go to:

See Also


The Author — Nuno Mota

Nuno Mota avatar

Nuno is an Exchange MVP working as a Senior Microsoft Messaging Consultant for a UK IT Services Provider in London. He specializes in Exchange, Lync, Active Directory and PowerShell.

Advertisement

Featured Links