A digital envelope and a digital signature.

Last updated 12-5-97

Digital privacy

Probably a lot of people are not aware that the electronic mail they send (or keep stored at their provider) can be looked into. But not only their provider can look into it. Internet is a divided network, packets which are send to other destinations, can follow several different and unpredictable routes. These routes pass through multiple computers at different locations around the world. At all these locations the information can be accessed or stored. Using conventional physical mail with a closed envelope one can easily recognize a breach of privacy, by identifying the presence of physical signs of damage to the envelope. But unauthorized disclosure of digital data usually doesn't leave any evidence. Because electronic mail is stored digitally, it is very easy to execute automatic filter and search actions, and copies can be cheaply stored in a database for later retrieval. These possibilities make it very tempting for potential privacy violators.

A free software solution

Fortunately solutions are available. For personal use one can download PGP software (Pretty Good Privacy) for free. This software functions using the public key principle (in this case the RSA method).

With this software one is able to encrypt E-mail before sending it over the internet to other persons (the receiver however will also have to use the same kind of software to be able to decrypt this mail). And the encrypted information can be decoded by the intended receiver only without having to exchange a secret key beforehand. Because no secret key has to be exchanged, no secure channel is required.

Also it is possible to use this software to generate digital equivalent to a signature. One is able to generate a matching code (kind of numerical stamp) for any digital file (usually textual information). This code will then constitute a personal signature (also called certificate) for that file.

The public key method

Conventional encryption methods are based upon an exchange of a secret key between the encryption and decryption process. For exchange of this secret key a secure channel has to be available. This is a big disadvantage and potential entry point for a unauthorized disclosure of information. (a breach in security)

With a public key method (like the RSA algorithm) a set is created of a public key and a secret key. These two keys are complementary. A message encrypted with the public key can only be the decrypted with the accompanying secret key (or in the case of signatures or certificates, vice versa).

The public key is publicly known to the world. The accompanying secret key will only be known to the owner. Now everybody can encrypt a message and send it to the owner. Because only the owner will have the secret key, only he will be able to decrypt the message. The message cannot be decrypted with the public key but only with secret key, and the secret key cannot be deducted from the public key.

Even the person who originally encrypted the message cannot reverse the process and decrypt it!! If he has lost the original message, for whatever reason, he will require the help of the owner of the public key, to be able to get original message back. Because the owner is the only one who posseses the accompanying secret key, required for the decryption process.

The trick here is using a calculation which can be accomplished rather fast in one direction, but is requiring enormous computing time to be executed in the reverse direction. With the RSA method the reverse direction is blocked by the fact that factoring a product of two primes is very, very computing intensive. (At least for as long as no new mathematical way is discovered for doing it quickly, and for as long no real quantum computers can be build!)

The factoring of a product of two primes, which product has a length of, for example, 1024 bits, will take longer than the age of the universe, even when using the fastest supercomputers available today!

Read more about Public Key Encryption and PGP software using these links :

The International PGP Home Page For a little bit of privacy in these digital times.

The RSA FAQ Page Descriptions of several encryption methods.

Also read my idea for a digital improvement / replacement for the passport.


My own PGP public key :

Type Bits/KeyID Date User ID
pub 1024/36A92BDD 1997/02/13 Henri Kluytmans (see: www.dse.nl/~hkl)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzMCjmQAAAEEAOAPqCHm3GNLCqvWPxWBLk+kLHWK2IyDOPPMO6nv+pNUK3RD
OY4gzDQnRhRq7rPni719RdZKq9CkTiUJolVpYjGy1kArihrUE2T+PUHhaoCK5ive
23AT0ZSEJ8yR0R09qCW/n0JWmt2e5JImCu3zNjUSNVyphIzBRKo6spM2qSvdAAUR
tCdIZW5yaSBLbHV5dG1hbnMgPHNlZTogd3d3LmRzZS5ubC9+aGtsID6JAJUDBRAz
Ao5kqjqykzapK90BAcmXA/4jFTS3J2qMW10zAx8GxQgT5FMGToyU+Q3w0v1WxW9a
ShIUh0O4JLmHjxZAZML1GFoqLODXwe+a9J1sRZDGBqXe06X6AZWOyTLUrJkwblcl
bkWKiCNUTcCzojhGngvHG9yUVSs8/CyG/BWeKX0mn6hE9trf0avDvfEZ7ACHjThj
FA==
=qhYJ
-----END PGP PUBLIC KEY BLOCK-----
Store this textblock in an ASCII textfile (not in HTML format). This is required to filter out the hidden HTML markup codes.

Index | Nano | Cryo | Personal