Why email sucks (and why encryption is key)

In the light of the Heartbleed scandal, passwords, encryption and web security are back in the headlines. But once the updates roll out, and we change all our passwords like good Internet users, we’ll all feel secure again and everyone will probably stop worrying. But we shouldn’t stop worrying. We should worry, because there is one flaw in the way we use the net, a huge flaw, way bigger than Heartbleed. A flaw that is putting millions of users social security numbers, birth certificates, bank details, business information, love letters, and a thousand other bits of sensitive information out onto the web in the clear.

That flaw is Email.

Patching heartbleed may mean that the connection between your browser and Gmail is secure once more, but as soon as you hit send, that email is sent out unencrypted and in the clear. How many times have you received a pay stub by email? Or sent your social security number? Or received a bank statement? Not the mention the fact that spoofing your ‘from:’ email address is trivially easy, so anyone can pretend to be you and send emails to your bank, to your solicitor, to your doctor… to your boss…

encryption

Where encryption can help

The solution to these problems has existed for a long time. PGP encryption (or public-key encryption) allows us to not only encrypt the connection to Gmail but to encrypt the actual message which is sent.

Without going into the details of public-key cryptography the basic idea is that everyone has a unique public key and a unique private key. The public key is shared with anyone and everyone, and the private key is just that: private. These keys are actually fairly clever mathematical equations, and are reciprocal – in other words if you encrypt something with one, you can decrypt it with the other and vice-versa. Anything encrypted with one key of the pair can only be decrypted by the other key in the pair.

Imagine I send an email to my boss. I encrypt it with my private key (we call this ‘signing’). My boss can then use my public key (public means public – everyone can have this) to decrypt this message, and if the message decrypts he knows that it must have been sent by me!

This is great for identifying the sender, but useless for encrypting (public keys are public so anyone can decrypt the message – they just need my public key and to know that I sent the message).

So, assuming I want to send sensitive information to my boss, I encrypt it with their public key. This means that they can decrypt it but no-one else can, because they have to use their private key to decrypt it, and no-one else has this private key.

What about, then, if I want to send sensitive information, to someone specific, and also prove that it came from me?

In that case – this is the clever bit – I encrypt the email to my boss with my private key (to prove it came from me) and then I encrypt it again with my boss’s public key, so that only he can decrypt it!

The boss receives my email runs it through his private key decryption, and then through my public key decryption and hey presto!

For a great and more detailed explanation there is a great and simple explanation using paint as an analogy on Youtube.

Where Keybase comes in

Where do we store our public keys so everyone can see them? And how do I know that the key really belongs to the person who claims they own it?

The problem is that in practice, most people don’t wander around with business cards handing out their PGP public key. This is where the free web service Keybase comes in (still in private beta for the moment).

Keybase allows you to generate a private and public key, and add yourself to the database with a public profile. Crucially, it allows you to ‘prove’ your identity by authenticating you via twitter, GitHub and allowing you to prove your ownership of websites and domain names. In this way you can be reasonably sure that the profile is genuine and therefore that the key can be trusted.

Using keybase to encrypt email

Keybase offers encryption and decryption via the command line but also via the browser – simply copy and paste your sensitive email text into the ‘encrypt’ window, choose the recipient and Keybase encrypts the information. Then paste this information into gmail or whatever, and send! The recipient just needs your public key (on your Keybase profile) to decrypt the information with Keybase or any other tool, and hey presto!

Obviously the technology still has a long way to go before it becomes standard, but browser extensions already exist to automate the process. Will keybase make everyone adopt encryption overnight for email? Maybe not, but maybe it will make you think the next time you put your social security and bank details in an email – there is a better way…

Keybase is still in semi-private beta. Sign up for an invite on their website : http://keybase.io

Photo credit : xmodulo. Licence Creative Commons “By” 2.0

Leave a Reply

Your email address will not be published. Required fields are marked *