Protecting Your Sensitive Information with Encryption

Document Sample
Protecting  Your Sensitive  Information with  Encryption Powered By Docstoc
Your Sensitive
Information with


       an              Security eBook
             Protecting Your Sensitive Information with Encryption

                              This content was adapted from’s Enterprise IT Planet and Enterprise
                              Networking Planet Web sites. Contributors: Drew Robb and Paul Rubens.

                               2           E-Mail Encryption: Lots of Choices, Plenty of Tradeoffs

                               4           Public Key Crypto for Enterprise Users

4       6
                               7           Understanding Public Key Infrastructure

                               9           PGP’s Universal Server Provides Unobtrusive Encryption

8       10
                               11          Encrypt Your E-Mail with GPG and Thunderbird

    1                         Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,
                                 Protecting Your Sensitive Information with Encryption

            E-Mail Encryption: Lots of
           Choices, Plenty of Tradeoffs
                                                         By Drew Robb

           orporate espionage is big business these days.               on the endpoint that integrates with the client e-mail reader
           So it makes sense to deploy some kind of encryp-             software.
           tion system to ensure that prying eyes can’t deci-
           pher anything garnered from intercepted messag-              Gateway-to-Endpoint is one way to simplify things. It pro-
es or from stolen computers. Whether it is customer data,               vides full encryption from a gateway system within the
employee data, intellectual property, or confidential financial         sender’s network to the recipient’s endpoint. In this scenario,
information, losing anything can be seriously detrimental.              the message leaves the sender’s desktop in plaintext and is
                                                                        encrypted by a gateway located within relative proximity to
“Lost or stolen data can cripple a                                                                 the e-mail server. This mode elimi-
business’s reputation and financial                                                                nates the need for any encryption
standing,” says Than Tran, product                                                                 software or user interaction on the
marketing manager at PGP Corp.                                                                     sender’s side.
of Palo Alto, Calif. “A business
must ensure e-mails containing                                                                                “Another variation on this is
sensitive information are kept                                                                                Gateway-to-Gateway,” says Tran.
secure and that they comply with                                                                              “It is like Gateway-to-Endpoint, but
privacy laws to assure safe trans-                                                                            adds an encryption gateway on the
actions for their customers and the                                                                           recipient’s side, thus eliminating
privacy of their employees.”                                                                                  desktop software and administra-
                                                                                                              tive costs on that end as well.”
Encryption Systems
Tran explains that there are several                                                               Finally, there is Gateway-to-Web,
different methods of e-mail en-                                                                    which provides access to sensitive
cryption. Endpoint-to-Endpoint                                                                     data via a Web server, possibly
represents full encryption from the                                                                co-located on the gateway itself.
originating device to the recipient                                                                The data is typically protected via
device. This method provides the                                                                   transport layer encryption, such as
highest level of security by allow-                                                                Secure Sockets Layer (SSL). This
ing no intervening points at which plaintext data can be read           allows secure communication to occur with any recipient,
by anyone but the intended parties. The drawback is that                regardless of its architecture or level of sophistication.
this mode also creates the greatest amount of complexity
from an implementation, administration, and management                  “In this scenario, a standard message is sent to the recipi-
perspective. This complexity mainly results from the fact               ent, advising that a secure message is waiting at the gate-
that encryption software must be installed and maintained               way,” says Tran. “The recipient retrieves this message via a

               Whether it is customer data, employee data,

“       intellectual property, or confidential financial information,
               losing anything can be seriously detrimental.                                                                                                  ”
       2                                               Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,
                                  Protecting Your Sensitive Information with Encryption

secure connection, which may also require authentication                then upgrade to PGP Universal Series, a robust and scal-
with credentials delivered by an out-of-band mechanism.”                able e-mail encryption platform.”

PGP Encryption                                                          A perpetual license for PGP Desktop Email costs $164.
PGP offers several solutions to ensure

secure and simple e-mail encryp-                                                                          Choose Wisely
tion. PGP Universal Server enables                                                                        Tran offers some advice for business-
organizations to control deployment,                                                                      es with regard to e-mail encryption.
automate user and key manage-                   The challenge for
ment, enforce policy, and centralize
reporting for one or more encryption
                                             e-mail encryption is to                                      “The challenge for e-mail encryption
                                                                                                          is to select a solution that will sup-
applications. The company can start           select a solution that                                      port the growth and changes within
with a single encryption applica-                                                                         the business’s e-mail architecture
tion, growing a deployment across            will support the growth                                      and will also be leveraged by non-e-
the enterprise and out to customers
and partners. The application scales
                                               and changes within                                         mail applications requiring encryption
                                                                                                          services,” he says. “It is absolutely
well as new systems are added                 the business’s e-mail                                       vital for a company to encrypt not
and integrates easily with the exist-                                                                     just e-mails but also files that contain
ing infrastructure. PGP Universal              architecture and will                                      sensitive information with the highest
Server automates the creation of
user accounts, management of user
                                              also be leveraged by                                        level of protection. It can be a costly
                                                                                                          and devastating set back to a busi-
keys, delivery of policy updates to          non-e-mail applications                                      ness, if sensitive data is exposed to
applications, installation of software                                                                    unintended personnel.”
updates, and also does logging and             requiring encryption
monitoring.                                          services                                            Reason? According to Gartner, 84
                                                                                                         percent of high-cost security inci-

It is supplemented at the desktop                                                                        dents occur when insiders send con-
level by PGP Desktop Email, which is                                                                     fidential data outside the company
managed by PGP Universal, to secure                                                                   without properly securing the data.
e-mail, data stored on disk, and AIM traffic. It also provides
digital signature capability.                                           “Different companies have different needs and should as-
                                                                        sess its own risk before deciding to implement a security
“PGP Whole Disk Encryption technology is used for full                  solution,” says Tran. “Furthermore, it is critical that a busi-
disk encryption, securing all date including often overlooked           ness conducts frequent audit of its security procedures,
temporary, swap, and hibernation files that include copies of           processes and technologies in order to comply with ever
sensitive data, files and e-mails,” says Tran. “As a business           changing regulations.”. n
grows and requires more bandwidth/security it is best to

        3                                              Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,
                                  Protecting Your Sensitive Information with Encryption

                           Public Key Crypto
                          for Enterprise Users
                                                         By Paul Rubens

         ublic key cryptography is one of the fundamental                doesn’t rely on the cipher itself being secret. The only thing
         technologies used for exchanging information on                 that needs to be kept secret is the key. (In fact you could
         the Internet securely. It’s used by Web browsers                argue that the more widely known and understood a cipher
         to create secure connections to Web sites, and by               is, the more you can trust it to be effective—proprietary algo-
e-mail security gateways and applications to encrypt mes-                rithms that aren’t open to public inspection by independent
sages. Its strength lies in the fact that it can be used to ex-          experts could have secret “backdoors” built in that allow
change encrypted information between two parties that have               anyone in the know to decrypt messages without the key.)
never communicated together before and have therefore
never agreed on a secure way of exchanging messages.                     One problem with symmetric systems is that to send some-
                                                                                                     one a message securely you
To understand how public key                                                                         have to be able to give them the
cryptography works, let’s con-                                                                       secret key first without anyone
sider secure communications in                                                                       else seeing it. Why is that a
general. One way to send a confi-                                                                    problem? Imagine a situation in
dential message to someone is to                                                                     which you were traveling abroad
agree on an obfuscation system                                                                       and had to e-mail some valuable
in advance—like substituting each                                                                    corporate information back to a
letter in the message with the                                                                       colleague without the authorities
next one in the alphabet.                                                                            in the country you are in getting
                                                                                                     their hands on it. If you hadn’t
A more sophisticated method                                                                          already agreed on a key before
would be to use encryption soft-                                                                     you went traveling then you’d
ware, which uses an encryption                                                                       be stuck: you couldn’t send an
algorithm known as a cipher. The                                                                     encrypted message without
message (known as plaintext)                                                                         first supplying a key, and you’d
is entered and passed to the                                                                         have no way of e-mailing a key
algorithm along with a key—a string of characters that you               securely. Of course you could make a phone call to tell your
supply—comes out in encrypted form (known as ciphertext).                colleague the key you intend to use, but what if the conversa-
This unintelligible jumble of characters can only be con-                tion is overheard or the phone line is tapped?
verted back to the original plaintext by passing the message
through the same cipher and supplying the same key. This is              How Public Key Cryptography Works
known as a symmetric encryption system.                                  The solution is to use an ingenious cryptographic system
                                                                         called public key cryptography (PKC). The fundamental part
An interesting thing about this system is that its security              of PKC is that the encryption key is split into two separate

         One problem with symmetric systems is that to send

“      someone a message securely you have to be able to give
        them the secret key first without anyone else seeing it.                                                                                               ”
        4                                               Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,
                                 Protecting Your Sensitive Information with Encryption

keys—let’s call them key A and key B. If you encrypt some               key, so it must have been written by John.
plaintext with key A, you can’t decrypt the resulting cipher-
text with key A to get back to your original plaintext. To de-          Using double encryption, it’s possible to send an encrypted,
crypt ciphertext produced using key A, you need to use key              digitally signed message to anyone who has made their pub-
B. In fact—and this turns out to be very useful—the reverse is          lic key available. Here’s how:
also true: if you encrypt some plaintext with key B, you can’t
decrypt it again with that key. You can only decrypt it with            Imagine you want to send a message to your colleague Bob
key A. If you encrypt a message with one key in the key pair,           at head office. First you write your message (the plaintext)
you can only decrypt it with the other one.                             and encrypt it with your private key to produce the cipher-
                                                                        text—a message that is effectively digitally signed as coming
If you want to be able to receive encrypted messages from               from you and no one else. You then encrypt this ciphertext
anyone who wants to contact you, you first need to generate             a second time using Bob’s public key. Finally, you e-mail the
a key pair (using suitable PKC software.) One of these you              resulting gobbledegook to Bob.

designate your private key, which you
keep secret. But here’s the clever bit:                                                                     When Bob receives this message
the other key you designate as your                                                                         he decrypts it using his private key
public key, and this doesn’t have to be
kept secret. In fact the reverse is true:
                                              If you want to be                                             to get the ciphertext message that
                                                                                                            you encrypted with your private
it should be distributed as widely as           able to receive                                             key. Bob then decrypts this using
possible so that anyone who wants it
can easily get it.
                                            encrypted messages                                              your public key. If he gets a mes-
                                                                                                            sage (rather than gobbledegook) he

To send that message to a colleague
                                              from anyone who                                               knows that the message definitely
                                                                                                            came from you (because otherwise
now, all you need is their public key.      wants to contact you,                                           he couldn’t have decrypted it with
There are a number of ways that you
might get might get hold it, which we
                                               you first need to                                            your public key) and he knows that
                                                                                                            no one else could have read the
will look at later. The important thing
is that this public key doesn’t have to
                                             generate a key pair                                            message, because no one else has
                                                                                                            his private key.
be kept secret, so even if you called       (using suitable PKC
your colleague and the phone line
was being tapped it wouldn’t matter.
                                                  software.)                                                PKE Has Its Limits
                                                                                                           Are there any limitations to the PKE

Anyone overhearing the conversa-                                                                           approach? The answer to this ques-
tion and writing down the public key                                                                       tion is yes.
couldn’t use it to decrypt the message
that you encrypt with it.                                               First, any encrypted message is only as strong as the cipher
                                                                        that is used to encrypt it. If a weakness is discovered in the
Now remember how we mentioned earlier that your pri-                    cipher such that you no longer need a key to decrypt the
vate key can also be used to encrypt a message that can                 message or it becomes possible to work out the key (directly
only be decrypted using your public key. You may well ask               or indirectly) from the contents of the ciphertext then clearly
what would be the point of encrypting a message if the key              the system is not secure.
needed to decrypt it is publicly available.
                                                                        Another caveat is that any key-based encryption system is
The answer is quite surprising. Let’s imagine you receive               susceptible to a brute force attack—methodically trying every
a message from your colleague, and you believe that it is               possible key until the correct one is found. Modern encryp-
encrypted with his private key. If you use their public key to          tion techniques rely on the fact that if there is a sufficiently
decrypt the message successfully then that means that the               large keyspace (meaning there are a sufficiently large num-
message must indeed have been encrypted using your col-                 ber of possible keys) it is likely to take hundreds of millions
league’s private key (which only your colleague has access              of years to find a key by brute force using the computers that
to). No other key could have been used to encrypt the mes-              are currently available. But as computers become more pow-
sage. So encrypting a message with a private key acts as a              erful, the length of the keys typically used may need to be
digital signature: If you can decrypt a message with John’s             increased to ensure that the chances of successfully brute
public key, it must have been encrypted using John’s private            forcing a key remain tiny.

       5                                               Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,
                                  Protecting Your Sensitive Information with Encryption

It’s important to remember that any encrypted message is                able to read it. More worryingly, if Carol manages to get
never completely safe from a brute force attack: someone                her hands on the message she will be able to read it, even
might guess the correct key with their very first guess. It’s           though you intended it for Bob’s eyes only.
just that with a strong cipher and a long key the probability of
that happening—or that they hit upon the correct key within a           Despite these potential problems, it’s fair to say that PKE
thousand years—is vanishingly small.                                    has revolutionized the way that secure communications are
                                                                        carried out. In the next piece, we’ll be looking at key manage-
The final problem that’s worth mentioning is the problem of             ment and how PKE is used in the real world to provide com-
key management: how do you get hold of someone’s public                 mercial and open-source secure e-mail systems. n
keys, and how can you be sure that it is the public key be-
longing to the person you think it belongs to? If you send a
message to Bob using the public key that you think belongs
to Bob but actually belongs to Carol, then Bob won’t be

       6                                               Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,
                                   Protecting Your Sensitive Information with Encryption

                       Understanding Public
                        Key Infrastructure
                                                         By Paul Rubens

    n the last piece we took a look at how public key encryp-           Of course you would realize something was up when you
    tion systems work, and how anyone can send you an en-               discovered that using your private key you couldn’t decrypt
    crypted message—which only you can read—if they have                and read the messages you received (because they have
    access to your public key. It turns out that the process            been encrypted with Mallory’s public key, not your public
of getting your public key to people who need to use it is a            key). But if Mallory were smart he would re-encrypt the mes-
complex task that involves a combination of trust, third par-           sages intended for you after he had read them with your real
ties, and various other factors which together are known as             public key and send them on. In that case you wouldn’t know
public key infrastructure.                                              that anything was amiss. Mallory would have carried out a
                                                                        “man in the middle” attack.
On the face of it, giving people
access to your public key                                                                                           So how can this problem
shouldn’t be much of a prob-                                                                                        be overcome? How can you
lem. You could make it available                                                                                    distribute your public key to
for download on your Web                                                                                            someone in such a way that
site, you could distribute it on                                                                                    anyone who receives it can be
a memory stick, or you could                                                                                        sure that it really is your key,
simply e-mail it to people.                                                                                         and not, for example, Mal-
                                                                                                                    lory’s? And how can you be
But in practice there is a big                                                                                      sure that any public keys you
problem with that: if someone                                                                                       get hold of really do belong to
wants to send a message that                                                                                        the people that you think that
only you can read, they need to                                                                                     they do? The answer is to get
use your public key to encrypt                                                                                      any public key vouched for by
their message. But if they use                                                                                      a trusted third party, and that’s
a key that they think belongs to                                                                                    where PKI comes in.
you but actually belongs to someone else (call them Mallory)
then you won’t be able to read the message, and Mallory will.           Imagine that there’s someone in the community—call him
So if Mallory wants to read confidential messages intended              Solomon—that everyone trusts as an upstanding and trust-
for you, all he has to do is replace your public key with his on        worthy citizen. You take your public key in person to Solo-
your Web site, or on a memory stick you’ve distributed, or in           mon, who checks who you say you are (perhaps by checking
e-mails that he sends out purporting to come from you, and if           your drivers’ license or passport). He then signs a certificate
he can then intercept any messages bound for your encrypt-              that he attaches to the key that says that he, Solomon, can
ed with this bogus key he will be able to read them.                    personally vouch for the fact that the attached key belongs
                                                                        to you.

       It turns out that the process of getting your public key to people who need

“   to use it is a complex task that involves a combination of trust, third parties, and
      various other factors which together are known as public key infrastructure.                                                                            ”
       7                                               Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,
                                  Protecting Your Sensitive Information with Encryption

In the digital world Solomon would effectively encrypt your             trust beyond the fact that they sound vaguely official—which
public key along with a certificate saying “I certify that this         is a tenuous reason to trust any organization). Ultimately it’s
public key belongs to X” using his private key. Anyone receiv-          up to you which software makers and CAs you chose to trust
ing this could only decrypt it using Solomon’s public key, and          and which you don’t.
what they would find is your key, plus the message saying
that it is indeed your key. Since only Solomon could have               There’s another way that you can get reassurance that a
created the message, and since the message and the key                  public key you get hold of is genuine without having to place
could not have been altered in any way (because they were               your trust in certificate authorities and root certificates, and

both encrypted and thus tamper-                                                                   that’s known as a web of trust. In this
proof) then the they could be sure                                                                 model, you meet face to face with
that the key was indeed your key                                                                   people you know, and get them to
– as long as they trusted Solomon
to tell the truth, and as long as they
                                            If the root certificate                                sign your public key with their private
                                                                                                   key confirming that your public key
could be sure that the key that they        was included with a                                    is really yours. The more people you
believe to be Solomon’s public
key is in fact his. (In practice the          software package,                                    can get to sign your key the better,
                                                                                                   so this is often done at a “signing
procedure is slightly different in that
it uses something called a hashing
                                               then you have to                                    party” where a number of people
                                                                                                   meet face to face.
function, but the principal is exactly      decide whether you
the same.)
                                           trust the maker of the                                 The principle then is this: imagine
                                                                                                  that you get a public key that you
But surely this just pushes the prob-
lem back one stage? The person
                                               software to have                                   think belongs to Carol, but you can’t
                                                                                                  be sure because you didn’t get it di-
receiving your key can be sure that          included a genuine                                   rectly from her. When you get it, you
it is genuinely yours only if they can
be sure that the copy of Solomon’s         root certificate or not.                               might see that it has been signed as
                                                                                                  genuine by Bill. If you know Bill and

public key that they have is genuine.                                                             have a copy of his public key that you
But how can they know that it is?                                                                 got from him when you met him face
                                                                                                to face, you can easily decide that the
One answer in the real world is to have a limited number of             key does belong to Carol, because Bill says so and you trust
trusted third parties (or Solomons), known as certification             him. Of course the filament of trust could be longer: Carol’s
authorities or “CAs,” who issue certificates, and for the pub-          key could have been signed by Ben, who you don’t know,
lic keys for these CAs, known as root certificates, to be pre-          but Ben’s key could have been confirmed by Bill, who you do
installed in software packages (such as Microsoft’s Internet            know. The more people you trust who confirm that the key
Explorer.) This means that as long as a public key that you             is genuine, either directly or indirectly, the better. Webs of
receive is signed by a CA that you have a root certificate for,         trust are good for small networks of people who mostly know
then you can be sure that the public key belongs to the per-            each other, but aren’t suitable for very large groups with a
son it says that it does—if you are sure that the pre-installed         high proportion of people you don’t know.
root certificate you have is genuine and you deem the CA to
be trustworthy.                                                         The important point to remember in the end is that although
                                                                        public key ciphers are extremely secure —as far as we know—
If the root certificate was included with a software package,           public key infrastructure relies on an element of trust: You
then you have to decide whether you trust the maker of the              can only use a public key belonging to someone you don’t
software to have included a genuine root certificate or not.            know if you can trust that it belongs to the person that you
Likewise, you can look at the details of any CA and decide              think it does. This means thinking carefully about the CAs or
whether you trust them. Microsoft includes root certificates            web of trust members that you deal with, and seeking n
for CAs as diverse as commercial U.S. entities such as
Visa and RSA (which you may well know and trust), as well
as more obscure overseas ones such as the Uruguayan
Administracion National de Correos and the Government of
Slovenia’s General Certification Authority (which you may
well know nothing about and therefore have no reason to

       8                                               Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,
                                 Protecting Your Sensitive Information with Encryption

PGP’s Universal Server Provides
   Unobtrusive Encryption
                                                      By Paul Rubens

       t this point, we’ve looked at the theory behind pub-           server called PGP Universal Server that oversees them all.
       lic key encryption and public key infrastructure. But
       how is all of this pulled together into a product that         PGP’s Universal Gateway E-Mail
       enables you to send or receive encrypted e-mail                PGP’s Universal Gateway Email is the company’s gateway
messages?                                                             encryption (and decryption) application. To build a transpar-
                                                                                         ent secure e-mail system an organiza-
If you need encryption in an enterprise                                                  tion runs a virtual appliance made up
environment then the ideal solution is as                                                of PGP Universal Server and Universal
transparent to those using it as possible.                                               Gateway Email. This can run on a hard-
That’s because any specific steps that                                                   ened version of Linux on one of several
users have to take to encrypt their mes-                                                 specific server hardware configurations
sages are likely to be forgotten, ignored,                                               from vendors including Dell, HP, and
or carried our incorrectly.                                                              IBM, or it can take the form of a virtual
                                                                                         machine running on VMware ESX.
For that reason, many organizations
choose to install an encryption gate-                                                      The appliance is connected between
way appliance that encrypts messages                                                       the corporate mail server and the
after they have been sent by users from                                                    corporate firewall, and when it receives
standard e-mail clients like Microsoft                                                     outgoing e-mail messages from the
Outlook, and which decrypts incoming                                                       mail server it kicks into action. The first
messages before passing them on to                                                         things the encryption application has to
their destinations.                                                                        do is decide which messages to encrypt
                                                                                           and find the public keys belonging to the
One of the earliest public key encryp-                                                     recipients of those messages that need
tion applications was called Pretty Good                                                   to be encrypted. This information is
Privacy (PGP), written in 1991 by Phil                                                     provided by the PGP Universal Server.
Zimmermann. PGP, Inc. was bought by                                                        Its role is to manage and apply rules and
Network Associates in 1997, but fol-                                                       policies for encryption, based on factors
lowing a management buyout in 2002 PGP morphed into                   including the destination, the sender, or even the contents
PGP Corp., which today is one of the best known vendors of            of the message. Account creation, group management, and
corporate encryption solutions. The company’s offerings are           policy enforcement can be automated by integrating Active
based around a set of encryption applications—for e-mail and          Directory, Lotus Notes/Domino directories, or other LDAP
other targets such as mobile devices or storage disks ––              directories with the Universal Server.
that use a common encryption platform, plus a management

                   If you need encryption in an enterprise

“           environment then the ideal solution is as transparent
                         to those using it as possible.                                                                                                     ”
       9                                             Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,
                                  Protecting Your Sensitive Information with Encryption

Let’s imagine that you want to send an e-mail to someone at
another organization, and the Universal Server determines,              When Does Gateway Encryption Fail?
by looking at the rules and policies that it has to apply, that         A gateway encryption product may make e-mail encryp-
your message should be encrypted—perhaps because you                    tion totally transparent to users, but there are a number of
are working in a confidential new product group. To encrypt             reasons why it may not be suitable in all cases. For example,
the message the encryption software first needs the intend-             an e-mail must be digitally signed (using a private key) at
ed recipient’s public key. So how does it get that?                     the point it was created to provide non-repudiation for some
                                                                        legal purposes—otherwise the sender could disown the
Universal Server Key Management                                         message on the grounds that it could have been tampered
Key management is a key role (if you’ll pardon the pun) that            with after it left their computer but before it was encrypted
the Universal Server carries out for the encryption software.           at a gateway, or even that they did not originate it in the first
One place it can look for a key is PGP’s Global Directory.              place. A gateway encryption product may also not be practi-
(Whenever PGP products generate keys anywhere in the                    cal when mobile users need to send e-mail from outside the
word, the public keys are sent automatically to this Global             corporate network.

Directory. Key owners are e-mailed
every six months to confirm that the                                                            To cater to these and other circum-
keys should remain in the directory,
which may not be the case if, for                  A gateway                                    stances PGP also offers its Desktop
                                                                                                e-mail application. This runs as a local
example, the matching private key has
been lost or compromised.) It can
                                              encryption product                                desktop mail proxy service that works
                                                                                                with all e-mail clients (not as a plug-
also search for a key by looking for            may make e-mail                                 in for specific e-mail applications.)
a corporate keyserver at the mes-
sage’s destination domain, or it could         encryption totally                               Key and policy management can be
                                                                                                carried out by the application, or by
have already received it “out of band”
– perhaps manually delivered on a
                                             transparent to users,                              the corporate Universal Server. The
                                                                                                machine’s private key can be stored
memory stick.                                    but there are a                                on the machine itself – protected by

What happens if policy dictates that a        number of reasons                                 a passphrase and, optionally, some
                                                                                                second factor authentication system
message you want to send should be
encrypted, but no public key for the
                                               why it may not be                                such as a GemPlus, Alladin, or Axalto
                                                                                                (Schlumberger) smart card. It can
recipient can be found, perhaps be-          suitable in all cases.                             also be stored within the Trusted
cause the intended recipient or their                                                           Platform Module (TPM) of suitably

organization doesn’t use encryption                                                             equipped laptops – or on a Universal
software and therefore has no key?                                                            Server, or synchronized between the
                                                                        two. When the software is managed by a Universal Server
In this situation you can’t use public key encryption, but you          separate policies can be enforced on the computer when
can use a compromise. Universal Gateway Email provides                  the Universal Server is unreachable.
two alternatives: PGP Universal Web Messenger and PDF
Messenger. The first of these sends an unencrypted e-mail               For smaller organizations or individuals, a full blown encryp-
to your intended recipient informing them that they have                tion platform such as this may seem like overkill, and in many
been sent a message, and that they can view it by visiting              ways it probably is. In the next piece I’ll be taking a look at
a secure Web site and entering a password that could be                 low-cost or free open source encryption solutions that use
delivered separately—perhaps by SMS. The second encrypts                the same public key encryption technology. n
the message as a PDF, which is sent to the recipient, who
can then decrypt and view it using standard Adobe Acrobat
Reader software once they have the password.

       10                                              Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,
                                   Protecting Your Sensitive Information with Encryption

                Encrypt Your E-Mail with
                 GPG and Thunderbird
                                                       By Paul Rubens

       ublic key encryption isn’t just the preserve of large          features, but GPG offers solid public key encryption and key
       organizations. That’s because there are open                   management features as an alternative to a system such as
       source PKE solutions that enable smaller compa-                that offered by PGP Corp., on a number of platforms includ-
       nies and individuals to use the technology at no               ing Windows, Linux, UNIX, and OS X.
cost—most commonly to encrypt and digitally sign e-mail
messages.                                                             To illustrate GPG’s use I’ll concentrate on the Windows plat-
                                                                      form for the simple reason that 90 percent of all desktops
Earlier we looked at PGP                                                                             and laptops run Windows — if
Corp.’s public key encryption                                                                        you use another platform then
platform, and what’s interesting                                                                     the general information will still
about this commercial plat-                                                                          apply even of the details are
form is that it adheres to the                                                                       slightly different.
OpenPGP standard – an e-mail
encryption standard defined by                                                                                   GPG is actually a command
the OpenPGP Working Group                                                                                        line tool, but thanks to some
of the Internet Engineering                                                                                      handy plug-ins to popular e-
Task Force (IETF) Proposed                                                                                       mail clients you shouldn’t ever
Standard RFC 4880. Open-                                                                                         have to learn any of the com-
PGP was actually derived from                                                                                    mands. (But like most com-
PGP, the pioneering public key                                                                                   mand line tools, if you do take
encryption program created by                                                                                    the time to master the com-
Phil Zimmerman back in 1991,                                                                                     mands you’ll find GPG much
which is the basis for PGP                                                                                       easier to control directly than
Corp.’s platform.                                                                                                through a front end.)

The good news is that there’s                                                                 The first step to running GPG
a completely free, open-                                                                      is to run the Windows installer,
source implementation of the                                                                  which you can download from
OpenPGP standard called GNU Privacy Guard (or, more                   GPG’s Web site (
commonly, “GPG”). Since any OpenPGP compliant soft-
ware (should) work with any other, this means that GPG is             GPG for Thunderbird
compatible with PGP. Like any open-source alternative to              The next step is to find a GPG plug-in for the e-mail client
a commercial product there are differences between PGP                you intend to use. In this article we’ll use the open-source
Corp.’s platform and GPG in terms of support and additional           Thunderbird 2 e-mail client, although plug-ins of varying

      GPG is actually a command line tool, but thanks to some

“     handy plug-ins to popular e-mail clients you shouldn’t ever
                have to learn any of the commands.                                                                                                          ”
       11                                            Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,
                                  Protecting Your Sensitive Information with Encryption

quality are available for many more clients including Eudora             try and find it. Assuming you find the key you need, select
and Outlook Express on Windows, Thunderbird, KMail and                   it and download it to your key store, and send the message
Evolution on Linux, and Thunderbird and on OS X.                again.

The GPG plug-in for Thunderbird is called Enigmail, which                As you’ll recall, you can sign an e-mail with your private key
you can download from and then install into the e-mail client.           to prove that the e-mail really came from you. To do this, sim-
(Don’t skip the download stage and try to install it directly            ply choose the “Sign Message” option instead of “Encrypt
if you are running Firefox or your browser will try to install           Message.”
Enigmail into itself instead of Thunderbird.)
                                                                         If you want to make it easy for others to find your public key
Once Thunderbird has been restarted you’ll see an “Open-                 (especially if you don’t want to submit your key to a keyserv-

PGP” menu item, and clicking this                                                                er—perhaps to avoid the risk of spam)
will bring you to the OpenPGP Key                                                                 you can also send them an e-mail
Management window. It’s from here
that—by clicking the “Generate”                 One handy thing                                   after selecting the “Attach My Public
                                                                                                  Key” option in this menu. (Of course
option—you can create your own
public and private keys. These can
                                                about installing                                  they should be aware that although
                                                                                                  the e-mail might appear to come from
be associated with a particular e-mail          GPG is that it is                                 you, it might have come from some-
address, or you can choose to use
this key pair with two or more e-mail           available to any                                  one else.)

addresses you might use. You’ll also
be asked for an optional passphrase
                                                application that                                  One handy thing about installing
                                                                                                  GPG is that it is available to any
to protect your key. ( It’s a good idea        needs encryption                                   application that needs encryption ca-
to use this feature—otherwise anyone
with access to your computer will be             capabilities if a                                pabilities if a suitable plug-in for that
                                                                                                  application has been written. That
able to sign messages in your name
and decrypt confidential incoming
                                               suitable plug-in for                               means that as well as using GPG
                                                                                                  through your e-mail client, you can
messages.) There’s also a comment             that application has                                also use it through a Web browser.
box, where you can add a description
of yourself (such as “Managing Direc-             been written.                                   After installing the FireGPG Add-on
                                                                                                  into Firefox you can use Gmail to

tor of Rubens Inc.”), which makes it                                                              send and receive encrypted or signed
much easier for anyone searching a                                                                e-mails using the extra buttons that
key server for your public key to identify                                                     appear on the Gmail Web interface.
you correctly.                                                           (You can also encrypt, decrypt, sign, or verify the signature
                                                                         of text in any Web page by right clicking in Firefox or select-
Once you click “Generate Key” a key pair is created, after               ing FireGPG from the Tools menu.) The FirePGP Add-on is
which you’ll be asked if you want to create and save a revo-             far from perfect—looking up keys from a key server doesn’t
cation certificate that you can use to invalidate your key pair          seem to work properly, for example—but it’s certainly useful
at some future time if it becomes compromised. The final                 and will likely improve in future versions.
step—if you want your public key to be widely available—is
to upload it to a key server by choosing the “Upload Public              Compared to commercially available solutions GPG does
Keys option.”                                                            have drawbacks. Unlike gateway solutions offered by the
                                                                         likes of PGP Corp. GPG’s functionality isn’t transparent to
Sending Encrypted Messages                                               users, and can’t be relied to encrypt all messages as encryp-
So how do you go about sending an encrypted message?                     tion can easily be switched off by the user. Key management
Simply write an e-mail message using the e-mail client in                is also much more rudimentary, and if a user forgets their
the normal way, and then click on “Encrypt Message” in the               private key passphrase then the key pair becomes unusable
message’s OpenPGP menu. When you send the message,                       as there is no way to retrieve it. But overall GPG is a useful
the OpenPGP Key Selection window will pop up, allowing                   (and—let’s not forget—free) implementation of OpenPGP, and
you to select the recipient’s public key from your store of              it can be a very effective solution for individuals and small
keys. If you don’t have the recipient’s key you can click on             businesses. n
“Download missing keys” to carry out a keyserver search to

       12                                               Protecting Your Sensitive Information with Encryption, an Security eBook. © 2009,