I need a secure way to communicate with another person via email. From what I’ve heard, each of us needs to use “encryption.”
I know absolutely nothing about encryption. Can someone please give me a brief primer on this, i.e. Do I need to buy or download special software? Or does Microsoft Outlook have it built in? If I need to buy or download software, are there competing packages? Which should I choose? Are they free?
Thanks
http://web.mit.edu/network/pgp.html
PGP is freeware and integrates into Outlook/Outlook Express. It is pretty easy to use. Basically you will toggle a button to decide whether or not to encrypt the mail upon sending. The person on the other end will decode it, and can choose whether or not to save it decoded after reading, as well (the decoding need only be temporary).
To do this you’ll have to find each other’s public keys, but that’s a good place to start.
If you’re interested in all the math, read Applied Cryptography by Bruce Schneier.
If your brain doesn’t explode, you’ll be an expert cryptographer in no time.
Excellent book. You need some axiomatic structure background though.
When data encryption is made a crime, pomz dsjnimbmt xjmm fodszqu ebub.
I’ve found Practical Cryptography by Bruce Schneier easier going than the earlier Applied Cryptography. And The Code Book by Simon Signh is a good history of code making and breaking. As erislover mentioned, PGP is what you want. Or for a more roll-your-own alternative, there is GNU Privacy Guard
Here’s a brief explanation of how it works.
Say you want to send me an email that contains sensitive information (Cecil’s phone number for example). We could agree on a password (the key), and use that to encrypt the message, like you can put a password on a Zip file. This is called symmetrical key encryption. But how do we let each other know what the password is? Our phones could be tapped, emails monitored, houses bugged. Face it, there’s no such thing as too much effort to get a direct line to Cecil!
So what we should use is asymmetrical key encryption. The way this works is there are two parts: the public key which is available to anyone, and the private key which you’d keep secret from your own mother.
So to send me the email, you find out what my public key is. Since it’s my public key, I’ve put it on my business cards, my web site, and I hire a banner plane to fly around the city with it. You encrypt the message with my public key and email it to me. Even if the message is intecepted it doesn’t matter, since without my private key the Teeming Millions can’t read it. Trying to decrypt it with my public key won’t work.
Once I get your message I make sure Mom’s not looking over my shoulder, then I use my private key to decrypt the email so I can read it. I can now call Cecil without fear of a busy signal, since only you and I know his number.
If I wanted to send you an encrypted message back, I’d need to look up your Public key, and use it to protect the email.
This is obviously a simple example, and I’m by no means a cryptography expert. Hopefully though it gives you a broad idea about what programs like PGP (mentioned by erislover) are doing.
Okay, now that was funny.
I haven’t read those books, but I have read one simply titled Crypto. It tells a very interesting history of the people behind the it, as well as the basic technological factors. I felt much more informed after reading it.
Calling dibs on this as a sig! (If you don’t mind, that is.)