Menu
homeSocial network

Encryption of mail correspondence. Practical guide. How to send and receive encrypted emails

Department of Human and Animal Physiology

Pigaleva Maria, group 173B

Google Search

Keywords:

ENCRYPTION OF EMAILS

http://ru. wikipedia. org/wiki/Email

Electronic mail (English email, e-mail, from English electronic mail) - technology and the services it provides for sending and receiving electronic messages (called “letters” or “e-mails”) over a distributed (including global) computer network .

The main difference (and advantage of e-mail) from other messaging systems (for example, services instant messages) previously there was the possibility of delayed message delivery, as well as a developed (and confusing, due to the long development time) system of interaction between independent mail servers (the failure of one server did not lead to the inoperability of the entire system).

Currently, any novice user can create their own free email account; just register on one of the Internet portals (see services).

http://www. /security/03_01_26_Java_Crypto/Java_Crypto. html

Mail encryption

To encrypt mail in currently Two standards are widely used: S/MIME (using a public key infrastructure) and Open PGP (using certificates with a trust scheme grouped around the user).

Previously, there were also MOSS and PEM standards, but due to incompatibility with each other and inconvenience of use, they did not take root.

The S/MIME and Open PGP standards provide three types of security: tamper protection, irrevocable signature, and confidentiality (encryption). Additionally, S/MIME version 3 allows the use of secure acknowledgment (in which a receipt of receipt of a letter can be generated successfully only if the letter reaches the recipient unchanged).

Both standards use symmetric cryptographic algorithms to encrypt the body of the message, and symmetric key encrypted using the recipient's public key. If a letter is addressed to a group of people, then the symmetric key is encrypted in turn by each of the recipients' public keys (and sometimes, for convenience, by the sender's public key so that he can read the letter sent to him).

Cryptographic security methods in programming languages

Viktor Rudometov

Main problems and ways to solve them

As the transition from the era of industrial civilization to predominantly informational role accumulated and appropriately processed knowledge increases noticeably. The appearance and rapid development computer networks provided effective ways data transmission and fast access to information for both individuals and large organizations. However, local and global computer networks, however, like other methods of transmitting information, can pose a threat to data security, especially in the absence of adequate measures to protect it from unauthorized access.

Thus, now, as we become information society protective equipment is becoming one of the main tools. They provide confidentiality, secrecy, trust, authorization, electronic payments, corporate security and countless others important attributes modern life.

In this regard, the presence of built-in information security mechanisms and the effectiveness of their operation in application systems is increasingly becoming of decisive importance when choosing optimal solution. Therefore, developers have been paying attention to these issues for a long time. software. Cryptographic methods can provide the proper level of protection.

Mathematical cryptography arose as the science of encryption - the science of cryptosystems. IN classic model In a secret communication system, there are two participants who need to transfer secret (confidential) information not intended for third parties. This task about ensuring confidentiality, protecting secret information from an external enemy, is one of the first tasks of cryptography.

There are several approaches to solving this problem.

Firstly, you can try to create a communication channel that is absolutely reliable and inaccessible to others. Unfortunately, this is extremely difficult to achieve, at least for current level modern development science and technology that provide methods and means not only for transmitting information, but also for unauthorized access to it.

The second approach is to use public communication channels and hide the very fact of transmitting any information. The science of stenography deals with this area. Unfortunately, shorthand methods cannot guarantee high level confidentiality of information.

The third way is to use public channel communication, but transmit the data in a converted form, so that only the addressee can restore it. Cryptography deals with the development of methods for converting information that ensures its encryption.

Over time, the scope of cryptography has expanded and gone far beyond its original purpose. To illustrate this point, consider the following example. Let's say a bank client intends to transfer money from his account to the account of some organization. It should be noted here that not all transmitted information is confidential. Indeed, you only need to send Bank details, which are generally known and publicly available. However, it is important for the bank to make sure that it is the owner who wants to transfer the money, and not the attacker. The client is interested in ensuring that the amount is not changed, and that no one can send money on his behalf or change information about the recipient of the money.

It is worth noting that the cryptosystem works according to a certain methodology (procedure).

This methodology involves the use of:

one or more encryption algorithms, which can be expressed as mathematical formulas;

keys used by the data encryption algorithms,

systems key management,

unencrypted text

· ciphertext (ciphertext).

An example of an encryption methodology using keys is shown in Fig. 1.

Rice. 1. An example of an encryption scheme.

Classification of cryptographic algorithms

There are two key methodologies: symmetric, which uses a private key, and asymmetric, which uses a public key. Each methodology uses its own own procedures, methods of key distribution, their types and encryption and decryption algorithms.

In the symmetric secret key methodology, a single key is used to perform both encryption and decryption using the same algorithm. symmetric encryption. This key is shared between the two parties in a secure manner before the encrypted data is transmitted. The problem is that it is difficult to distribute private keys securely. The advantages of this system include relatively high speed when encrypting and decrypting transmitted messages.

An example of the ongoing use of symmetric methodology is the ATM network. These systems are original developments of the banks that own them and are not for sale.

The asymmetric public key methodology uses two interrelated keys. One of the keys is kept secret, and the other is published in open sources. Data encrypted with one key can only be decrypted with another key. One of the most important disadvantages is the need to use very large keys to ensure security, which undoubtedly affects the speed of encryption algorithms.

Often both methodologies are combined. For example, a symmetric (secret) key is generated and transmitted using asymmetric methodology algorithms.

Common symmetric methodology algorithms include DES (Data Encryption Standard), 3-DES, RC2, RC4 and RC5. An example of asymmetric is RSA and ECC. And a separate position is occupied by one of the most popular digital signature algorithms, DSA (Digital Signature Algorithm).

The relevance of the problem of maintaining the integrity or confidentiality of information has been obvious at all times. But it became especially acute with the development of information technology, in particular global network Internet. This network provides convenient, operational method communications. Use the same special means provides the necessary levels of confidentiality. At the same time, in modern life, a computer user often has to encounter such complex algorithms as RSA or DSA. As a result, almost no one is surprised by the possibility of using a digital signature or even encrypting email messages. email(Fig. 2).

Asymmetric cryptography in Perl

The fairly popular Internet-oriented language Perl also has built-in security features.

For example, consider the use of the RSA cryptographic encryption algorithm.

RSA algorithm

The problem that RSA solves is the transmission of secret information in such a way that only the recipient can read it.

The essence of the method is as follows.

The potential recipient of the encrypted message performs the following actions:

· two large ones are generated prime numbers(for example, 1024 bits, 308 characters) - p And q;

· their product is calculated n = pq;

A random number is selected e, which is coprime with the number (p‑1)(q‑1), and also does not exceed it;

· the value is calculated d such that ed = 1 mod (p‑1)(q‑1).

· pair (n, e) becomes the public key ( public key), A d- private key ( private key).

The public key is published in open sources, for example, sent via email.

For the encrypted message to work, the sender must perform the following steps:

· get the public key;

· create a message in numerical form m, not exceeding n;

· With and there is an encrypted message that is sent to the creator of the public key.

The recipient of the encrypted message calculates m = (cd) mod n and receives the message in decrypted form.

The strength of the RSA algorithm is ensured by the fact that the attacker needs to obtain the number d, which can be calculated by factoring the number n. However, on this moment there are no fast algorithms, solving the problem factorization of large numbers.

Basic methods of working with RSA

In Perl, all cryptography is delivered through CPAN modules. The RSA implementation is in the Crypt::RSA package.

Generation of 2048-bit keys:

$rsa = new Crypt::RSA;

$public, $private) = $rsa->keygen(Size => 2048)

The public key is published.

Data encryption (string $message) using a public key:

my $c = $rsa->encrypt(Message => $message, Key => $public);

The result is an encrypted message $c, which is sent back to the recipient. The recipient uses the previously generated private key $private,:

$message = $rsa->decrypt(Ciphertext => $c, Key => $private);

In addition to the lines provided source text in Perl, it is worth noting some Additional features package.

To send secure messages, information must be presented in the form of one or more numbers, the values ​​of which do not exceed n. In this case, each message corresponds to a certain number and vice versa. Perl language tools allow you to split a message into a sequence of such numbers, and also later connect them back into text.

Unfortunately, in RSA system there is one important feature, reducing the degree of security. If an attacker can force the sender to encode a message already known to him, then the values p And q can be calculated without factorization n. However, this can be successfully combated by overloading Original message“garbage” (padding). Over time, the PKCS #1 standard was developed for this operation. Crypt::RSA implements not only PKCS #1, but also the more modern OAEP, which uses padding by default. When using PKCS #1, you must pass the appropriate parameter to the constructor.

$rsa = new Crypt::RSA (ES => "PKCS1v15)

http://*****/article/a-72.html

If you are concerned about the confidentiality of your correspondence, then the next part of the article is especially for you.

To ensure the security of transmitted data, many encryption algorithms have been invented. Each of them is good in its own way. There are two ways to ensure the security of correspondence:
1. Use an encrypted communication channel with the mail server.
2. Encrypt the message itself.

Establishing an encrypted connection seems to be the simplest solution - just check the appropriate box in the client settings:
Tools - Account Settings...

Server settings - Use secure connection:

In this case, the further fate of our letter will be in the hands of mail server: It may happen that it does not support a secure connection. In addition, there is also a recipient server. Therefore, it is better to encrypt the message itself.

PGP encryption is traditionally used to encrypt mail. PGP (Pretty Good Privacy) is an application cryptosystem. This cryptosystem was developed specifically to protect email from outsiders. It is an asymmetric encryption algorithm. The essence of the action is this: each user has two keys - public and secret. You give the public key (send it by mail, post it on the website) to the person with whom you will correspond. This key does not represent a secret - it is needed so that your interlocutor can encrypt the letter that he wants to send to you. Once the message is encrypted, only the owner of the secret key can decrypt it. That is you. In the same way, you get your friend's public key in order to encrypt messages sent to him.
The idea itself asymmetric encryption not new, but in the context of mail encryption it was introduced in 1991. Subsequently, the public liked the idea so much that a corresponding open standard, OpenPGP, was developed. The emergence of the standard has led to the fact that many implementations of PGP encryption are fully compatible with each other, regardless of whether a given implementation is commercial or free and publicly available.

In order to use PGP in Thunderbird, we need a program that will generate keys and also encrypt and decrypt messages. Perfectly suited for this GNU program Privacy Guard (GnuPG or GPG). You can download it directly from the project website:

http://www. gnupg. org/

And here the paths of Windows and Linux diverge. When considering Linux, it is worth mentioning that GnuPG is present in many distributions by default. If your distribution does not have GnuPG, then download installation package you can from the project's FTP server:

ftp://ftp. gnupg. org

Alternatively, you can use a package manager:

Synaptic Package Manager is traditionally used to manage packages. Enter “gnupg” in the search bar, mark the package to install and click “Apply”.

In case of Windows distribution download from the same FTP server:

ftp://ftp. gnupg. org/

Size - about 2.1 MB.

The installer is the most common:

In the next window you can see the classic license that accompanies all free open source programs:

The installation procedure is trivial - click “Next” until the program is installed. The same program is used to provide encryption not only in Thunderbird, but also in other mail clients, for example, in The Bat.

This is the difference between operating systems ends and you can once again enjoy true cross-platform functionality.
The next step is to install the add-on to work with the newly installed GnuPG. The add-on is called "Enigmail". You can download it at:

http://enigmail. mozdev. org/download/index. php

The addition represents. xpi file. The size is about a megabyte. After that, select the “Add-ons” line from the “Tools” menu:

And then install the add-on itself by clicking the “Install” button and selecting the add-on file:

If everything is done correctly, the “OpenPGP” item will appear in the main menu bar. Find "Settings" there:

And indicate the path where GnuPG is installed. If you followed the sequence of actions described above, the system itself will determine the location of the program:

Here it is completed preliminary preparation. You can proceed to creating keys. Go to "OpenPGP" - "Key Management":

And we begin the mystery of generating our first pair of keys:

Select the settings as shown in the screenshot:

Here the password is not the password you use to access your mail, but simply a phrase that will be used during decryption. It is not necessary to indicate it. However, if someone else has access to your computer, then you can specify it.
In the "Advanced" menu, select the key length and encryption algorithm:

Click "Create Key". During generation, you can and even should not only look at the progress indicator, but also move the mouse and type something on the keyboard. Various generators are used to generate the key random numbers, and they depend on what is happening at the moment. Thus than more action is performed on the computer at the time of generation, the more random our key will be and the more difficult it will be to crack. This can be compared to the fact that it is easier to guess the password "" than "eR4_a#y0", despite the fact that the first one is longer.

Key generation ends with a message that everything went well:

You can immediately create a key revocation certificate. It will come in handy to let everyone know that your The secret key lost, out of date or stolen.

After this, your key will appear in the key management window:

Now you need to send it to everyone with whom you are going to secretly correspond. We create a new letter and attach the public key to it:

In response, they send us their public key, which we import into the database:

After importing the key, go back to key management and set the trust level for the key:

That's all. You can safely transmit the most secret information:

If your letter is intercepted, then the attacker will have to spend many (in the case of 204in something that can be read. But the one to whom you are writing will not feel any difficulties: with an 8-bit key - A LOT) years in order to turn this:

Trade secrets" href="/text/category/kommercheskaya_tajna/" rel="bookmark">trade secrets, then you will know how this is done and will be fully armed to meet the threat of interception important information competitors.

October 28, 2013 at 4:41 pm

How to encrypt messages via e-mail and will this make it “safer”

  • Information Security
Is information sent via e-mail?
The honest answer to this question would be: “Yes. But no". When you visit most websites, address bar displayed HTTP protocol. This is an insecure connection. If you log into the account of one of the major email services, you will already see HTTPS. This indicates the use of SSL and TLS encryption protocols, which ensure the secure “journey” of a letter from the browser window to the mail server. However, this does not give anything in connection with, which comes into force on July 1, 2014. Moreover, absolutely nothing protects your correspondence from an unscrupulous employee of the company postal service, hacker attacks, unclosed session on someone else’s computer, unprotected Wi-Fi points, as well as any requirement of the intelligence services - already now - and even the mail service itself, in accordance with their own privacy policy.


All letters arriving, leaving or stored on the mail service server are at the complete disposal of the company to which it (the server) belongs. By ensuring security during the transfer itself, the company can do whatever it wants with messages, since, in essence, it receives the letters at its disposal. Therefore, you can only hope for the integrity of its (company) management and employees, and also for the fact that you are unlikely to seriously interest anyone.

When using corporate mail, correspondence is protected by the IT service, which can install a very strict Firewall. And, nevertheless, this also will not save you if an unscrupulous employee “leaks” the information. It's about not necessarily about system administrator– the attacker only needs to be “inside” corporate network: if he is serious, the rest is a matter of technique.
Let's encrypt
Encrypting the text of the letter and attachments can somewhat increase the level of foolproof protection of your mail (they can also be placed in an archive with a password, for example, if the text itself does not contain confidential data, but the archive does). In this case, you can use special software.

The body of the letter itself can be encrypted by a third party cryptographic program, about this already, let me repeat a little in my own way. Most popular service, for which an encryption program was specially created - Gmail. The SecureGmail extension is installed in Google Chrome, which supports this encryption, after which everything is quite simple - a password is entered for the encrypted message and a hint question to recover it. The only drawback is that it is limited to GoogleChrome only.

There is an encoder that is suitable for almost any online mail, for example, mail.ru, yandex.ru, Gmail.com - for all mail services that you can open in a window Mozilla browser. This is an extension of Encrypted Communication. The principle of operation is the same as SecureGmail: after writing a message, select it with the mouse, then right-click and select “encrypt using Encrypted Communication.” Next, enter and confirm a password known to you and the recipient. Naturally, both of these clients must be installed on both the recipient and the sender, and both of these people must know the password. (It's worth noting that it would be reckless to send the password via the same email.)

In addition to plugins for the browser in which you open mail, there is an application for desktop clients that can also be used with online mail services - PGP (Pretty Good Privacy). The method is good because it uses two encryption keys - public and private. You can also use whole line programs for both data encryption and email text encryption: DriveCrypt, Gpg4win, Gpg4usb, Comodo SecureEmail and others.

Sadly, advanced encryption technology, no matter how easy to use and beautiful it may be, will not help if, for example, a backdoor is installed on your computer, which takes screenshots and sends them to the network. That's why The best way encryption - do not write letters. The motto “We must meet more often” takes on a new meaning in this context.
We minimize risks
As noted above, perfect way encryption - do not write letters. Most often, you should not use free email services for work-related correspondence, especially if you signed a non-disclosure agreement. The fact is that if your messages are intercepted from corporate email, the company’s IT department will deal with the security gap. Otherwise, you are personally responsible. Remember: when using “external” mail, correspondence will definitely reach third parties, at least employees of the company providing the postal service. And they did not sign a non-disclosure agreement with your employer.
If you are an important person in the company, do not forward key documents By open channels, or do not use e-mail to transmit them at all, but use corporate mail and don't send it important letters to the addresses of free mail services.

In all other cases, for example, when concluding contracts, it is useful to use mail, since the electronic message contains the facts of your work agreements and can help you in the future. Remember that most “leaks” of information are not the fault of hackers, but “ human factor" It may well be enough for you to use complex passwords, change them regularly and prevent their loss. You should remember to close your sessions on other people’s computers and not use unsecured connections when working via Wi-Fi in in public places, check the boxes in the settings mailbox“remember my IP address”, “track IP addresses from which sessions were opened”, “prevent parallel sessions”. And also don't create simple questions and answers to recover your password and not lose mobile phone, if your account is linked to it.

To use encryption and/or digital signature according to the OpenPGP standard, you must either create a pair of PGP keys and send your public key to correspondents (so that they can encrypt letters addressed to you), or import public PGP keys from other people (so that they can the ability to send them encrypted emails). Both operations can be done usingPGP Configuration Wizards in the Service menu . The wizard will guide you through the process of creating/importing a PGP key pair or importing public keys.

The first step of the wizard describes general principles PGP works.

The second step asks you to choose between creating a new public-private PGP key pair or importing an existing key.

Creating a new set of PGP keys

If you choose to create a new key pair, first of all the wizard prompts you to indicate for which Persona the key is being created.

You should also specify a password that will protect the key.

Settings button allows you to install Extra options key (you can leave the default values).

Key type - allows you to select an encryption and digital signature algorithm. There are two options available: RSA and Elgmal/DSS. When choosing RSA algorithm, it is used for both encryption and digital signing. In the case of Elgmal/DSS, Elgmal is used for encryption and DSS is used for signing.

Key size - allows you to select the key length. Longer wrench length provides more reliable protection. However, be aware that a long key may cause significant delays during encryption/decryption.

Expires - the key validity period is set here. Once the validity period expires, a new pair of keys will be required, the private key will no longer be able to decrypt messages, and the public key will no longer be able to encrypt.

The next step of the wizard suggests exporting the public key to a *.pgp file for subsequent distribution.

Import PGP keys

If you choose to import rather than create a key, then next step you will be prompted to import the key. To do this you need to press the button Review and select a file containing a pair of keys (public and private), or files of public keys from people with whom you plan to correspond.

Once imported public keys, it becomes possible to send encrypted messages to key owners. To encrypt the message you are creating, you need to go to the menu PGP and enable the optionEncrypt a letter. The email will be automatically encrypted when you press the button Send . All attachments will also be encrypted.

Having a personal PGP key allows you to add a digital signature to a letter. For the recipient, the signature will be a guarantee that the letter came specifically about you. To add a digital signature to an email message, go to the menu PGP activate parameterSign the letter.

When an encrypted message arrives, EssentialPIM attempts to decrypt it automatically when you try to read it. Encrypted messages can be easily identified by their padlock icon.

If your PGP key password protected, the program will ask you to enter a password when trying to read an encrypted letter.

Remember password for X minutes- this option allows certain time decrypt letters without an additional password request. The function is useful when you have to read several encrypted messages.

When the letter is successfully decrypted, EssentiaalPIM adds the corresponding inscription to the header part of the letter -Decrypted letter.

If the letter was signed digital signature and the signature has been confirmed, the following entry is added to the header part:

If decryption fails for any reason, be it wrong password or the absence of a corresponding key, the following message is added to the header:

Our solution will allow you not only to encrypt your emails, but also do it using clients for PC, Internet and smartphone.

To encrypt mail using the PGP method using a PC client, you will need Gpg4win, Kleopatra (part of the Gpg4win package) and Thunderbird programs. Before encryption can run, you will need a key pair. To do this, open the Kleopatra program installed with Gpg4win. Then start creating keys using the keyboard shortcut “Ctrl+N”, select “Create a personal OpenPGP key pair” and follow the instructions on the screen.

Once the keys have been created, open Thunderbird (and change your email address). Then, through the add-on manager, add the Enigmail add-on to Thunderbird. After Thunderbird reboots, you will be greeted by the Enigmail Setup Wizard. In it you will need to select standard configurations, and then mark the existing key.

Before sending an encrypted letter, you need to import the file with the recipient's public key (which is sent, for example, by email) into the Kleopatra program using the “Ctrl+I” combination. Subsequently, emails addressed to this recipient Thunderbird letters encrypts automatically.

Using PGP in a browser

To have access to encrypted emails via a mailbox interface, such as at work, you'll need the Mailvelope browser add-on (available for Firefox and Chrome). It can be installed from the official website. The Mailvelope add-on is already configured by default for all the most commonly used email services.
For Mailvelope encryption to work, you need to export your private key and your contacts' public keys from Kleopatra and import them into Mailvelope. In Kleopatra you will find your private key in the “My Certificates” tab. Click on it right click mouse and select "Export Secret Keys". Activate the “ASCII armor” option and save the key file.


Mailvelope works with all popular email services, including Gmail: messages there are encrypted in a separate editor

To import the key into Mailvelope, click on the Mailvelope icon in the upper right corner of the browser, and then on “Settings”. In the section “Key Management | Import keys" select the file with the key. Depending on the mail service, Mailvelope is built into the mail service interface in slightly different ways: either as a button in the “New Message” window (for Gmail), or as separate option"Write and encrypt" for some other email services. If Mailvelope doesn't have default settings for your email service, you'll need to log into it, then click on the Mailvelope icon and select "Add new site."

Encrypting emails on Android devices

By using free applications OpenKeycain and K-9 Mail, which you can download from Google Play Market, PGP encryption can also be used on Android smartphones (for iPhone and iPad there is paid application iPGMail). Install both applications, first launch K-9 Mail and configure a connection to your mailbox there.
Then copy your key files to your smartphone (for example, via a USB connection) and launch OpenKeycain. On the main screen, select “Import key from file”, find the file copied to your smartphone and mark the desired keys.

To ensure that K-9 Mail has access to keys stored in OpenKeycain, in incoming messages, hold your finger on the created account to open the pop-up menu and go to “Mail Settings | Cryptography". Click on the "OpenPGP Provider" entry and select OpenKeycain. When writing letters using the K-9 Mail application, you can now sign and encrypt outgoing messages.