Email encryption
From Paperless Office
E-mail can be included in a secure manner. This means you can communicate between two individuals in a way that no one else can read–even if they happen to get a hold of the e-mail being passed back and forth. The chances of e-mail being intercepted are theoretically high. When you send a message it passes through a number of different systems on its way to the recipient. Any of those systems could read the e-mail message if desired. However with an encrypted e-mail simply reading the message will not yield anything valuable.
The way that e-mail encryption works involves complicated mathematics. For our purposes we are simply going to look at how it works in concept rather than getting into all the math behind it. To make it easier to understand we will look at how to send secure letters physically to show how e-mail can be secured.
Let's say you want to send a secure message using FedEx. I number people will touch the FedEx envelope and let's assume that any of them may open it up and look at its contents. We want to send a message in such a way that anyone who looks at its contents will not be able to read the message. So let's say were going to ship a box with our message back and forth. In this example we have Bob and Alice. Bob needs to send a message to Alice and wants to make sure that no one except for Alice can read the message. How can they publish this?
Let's say Alice has a bunch of secure, lockable briefcases. She has the keys to all these briefcases. So to get a secure message from Bob she can FedEx him an unlocked briefcase. Bob can then take his message put in the briefcase and lock it. Once it's locked Bob can't get to his message. The only person that can unlock that briefcase is Alice. Bob then send it to Alice using FedEx. Alice takes her key unlocks the briefcase and reads the message.
If the FedEx box is opened by anyone else along the way they can't read the message because it secured in a way that only Alice can open. They can't read the message, they can change the message.
E-mail encryption works in a similar way. However since we are dealing with digital items there is no need to continually send a “briefcase” to Bob every time he wants to send a message. Instead of briefcases and keys we use pairs of digital certificates. These digital certificates are referred to as a public key and a private key. They have a unique property. If you run a message through the public key the resulting document can only be decrypted using the private key. The opposite is true as well a document encrypted with the private key can only be decrypted with the public key. In fact the public key and private key could be interchangeable. There is no difference between them we simply label them as such in order to keep track of which one we need to use for each type of transaction.
So if Bob wants to send a message to Alice he only needs to make sure that he has her public key. Alice can send Bob a copy of her public key. In actual practice it Bob and Alice have been exchanging e-mails, their e-mail software will take care of this for them automatically. When Alice sends Bob a unencrypted message Bob gets a copy of Alice's public key. Then when Bob needs to send her an encrypted message the public key is already stored on his computer so he doesn't have to ask for it again.
So when Bob gets ready to send Alice the message he types his message and then encrypts it using Alice's public key before sending it. (In actual practice this means he marks the message as encrypted and the encryption step happens automatically when you click send.) The encrypted message travels through various servers and pieces of Internet hardware. If it is intercepted anywhere along the way he cannot be read because Alice is the only one who holds the key that can decrypt the message. When Alice receives the message or e-mail software decrypts it using her private key. Then she can read the message.
This system for exchanging cryptic message works extremely well and can scale to very large numbers. In fact it is theoretically possible to communicate to anyone in an encrypted manner as long as their public keys are widely distributed.
