Stop reading my mail!               (c) Thomas Binder/Atari Computing 1998
==========================================================================
No part of this article may be reproduced, stored in any form of retrieval 
system or transmitted in any form by any means, mechanical, electronic or 
otherwise without the prior written permission of the copyright holders. 
All rights reserved, including translation into other languages.
--------------------------------------------------------------------------

Have you ever thought about how many people may be able to read your 
electronic mail? Thomas Binder takes a look at "Pretty Good Privacy", a 
tool which keeps your private mail private, and a lot more besides...

If you need to send confidential text or sensitive data via email, you 
should seriously consider encrypting your mail, so only the intended 
recipient can read it. Conventionally, you would agree on a key and use 
some cryptographic algorithm on the source material before you send it. 
The recipient uses the same key to decrypt the material.

There are a many such algorithms - called "symmetric ciphers" because they 
use the same key to encrypt and decrypt data. However there are some 
serious problems which make them less than ideal for exchanging email.

- The key has to be agreed in advance - which obviously can't be done by 
  email as it's likely to be compromised before it gets used!
- If there's more than one recipient and you don't want them to be able to 
  read each other's mail you have to agree on a different key with each of 
  them.

A solution to these problems are "asymmetric" or "public key" algorithms, 
which use different keys for encryption and decryption. Everyone involved 
has two keys, a public key which can be passed on to anyone, and a secret 
key which is never given to anyone else.

Now, when A wants to send private email to B, s/he uses B's public key to 
encrypt the text. Subsequently only B can decrypt the message, using 
his/her secret key. There's no longer a problem exchanging keys, because 
the public key is used to encrypt material and only the intended recipient 
has the secret key required to decrypt the material again.

Nothing is perfect and there are some minor disadvantages. There has to be 
some correlation between the public and secret key so the keys need to be 
much larger than those used for symmetric ciphers for the same level of 
security. The algorithms are considerably slower.

"Pretty Good Privacy" (PGP) combines the advantages of both cipher types. 
Email and other data is encrypted using the "International Data Encryption 
Algorithm" (IDEA) which was developed at the ETH in Zurich. IDEA is very 
secure using keys with a length of 128 bits (by comparison the alternative 
"Data Encryption Standard" (DES) uses 56 bits and is considered insecure 
these days). IDEA keys do not have to be exchanged; instead, PGP creates a 
truly random session key, encrypts the message using IDEA with this key, 
and then uses the public key scheme RSA (see boxout) to encrypt the 
session key. After that, the crypted message and the crypted key are put 
together and can be passed to the recipient.

For example, when A sends a message to B, PGP does the following:

- Creates a random 128-bit session key
- Packs the message using the ZIP algorithm (which makes it shorter and 
  less vulnerable to cryptoanalysis)
- IDEA-encrypts the message with the session key
- RSA-encrypts the session key with B's public key
- Concatenates both the crypted message and the crypted key into an output 
  file

When B receives the message, PGP performs the following steps to 
recover the data:

- Separates the crypted message and session key
- Restores the original session key using RSA with B's secret key
- Decrypts the message using the original session key
- Unpacks the message

If you have more than one intended recipient, PGP does not create multiple 
session keys, instead it puts RSA-encrypted "versions" of the session key 
for each recipient into the output file.
Thus, if you send the same message to ten people, the PGP output file 
would contain the IDEA-encrypted message once and ten session keys, each 
RSA-encrypted with the public key of the individual recipient.

PGP also enables messages to be "digitally signed" which makes it possible 
to be sure a message written by you has not been altered by anyone. To do 
this a "digest" is created which contains a sequence of numbers which 
exactly matches the message. No other message could have the same digest. 
This digest is then encrypted with the secret key of the writer, resulting 
in the signature. To check it, PGP simply uses the public key of the 
author to decrypt the digest, then compares it to the digest of the 
message which the signature belongs to. As only the owner of the secret 
key is able to create a correct signature, a match is proof that the 
message is unaltered and was written by him.

The nice thing about digital signatures is that PGP supports both plain 
text and binary data which means it's possible to digitally sign file 
archives so anybody with access to the author's public key can check 
whether their copy is an original!

Key management

If you want to exchange email with someone using PGP, you must first 
exchange your public keys. PGP offers lots of useful key management 
functions. It manages two keyrings, one contains your secret key/s and 
should never be accessible to others, the other contains all public keys, 
including the counterpart to your own secret key. You should maintain 
backups of both keyrings, because the loss of your own keys could be very 
embarrassing! The only thing worse than losing your secret keyring is if 
someone else gets hold of your private key so PGP insists this is password 
protected - make sure you don't choose an obvious one!

Unless you obtain a public key directly from the owner (which means s/he 
is physically present) how can you be sure it's not someone else's?
This may seems unlikely but public keys are vulnerable to 
"man-in-the-middle attacks". For example, if someone intercepted email en 
route to you and replaces the senders public key with his/her own they 
would be able to intercept and decrypt your reply! Even worse, after 
having read the contents s/he could encrypt the message again with the 
senders original public key and neither you nor the sender would be aware 
of the intrusion! Naturally such an attack requires a considerable 
technical effort, but is possible in most networks.

To try to prevent this intrusion PGP offers a couple of possibilities:

- Every key has a "fingerprint", which could be checked by phone.
- Keys could be digitally signed. When you're absolutely sure a key 
  belongs to the person you think it does, you can sign the key, using 
  your secret key, and send it back to the owner.

If you subsequently receive a new key, you can check if it has the 
signature of someone you trust (and naturally whose public keys you 
already have), before deciding whether the new key is likely to be 
genuine.

Risks

Even though PGP offers excellent security it still needs to be used 
responsibly:

- Don't trust public keys without at least checking their fingerprint, and 
  don't check them by email.
- Never ever sign a key unless you are absolutely sure it belongs to the 
  person you think it does because once you sign a key, you signal to 
  others the key is genuine.

Of course, it's also possible someone will try to crack PGP-encrypted 
messages but the effort needed to calculate the secret key to a public key 
or break the IDEA cipher is so high it would take years to do so, even 
using very powerful computer networks - they're more likely to get results 
using "conventional" extortion or violence.

Why use PGP?

Having read the last paragraph, you may wonder whether to bother using PGP 
at all, especially if you don't have any confidential stuff to send. 
You're not alone, some experts suggest sending encrypted data simply 
attracts the attention of hackers. On the other hand if more people use 
PGP (or other cryptographic tools) it wouldn't attract the same degree of 
attention, a typical chicken and egg scenario!

Another reason to use PGP is simply prevent casual intrusion. Think of PGP 
as envelope for your email. When you send a postcard you have to accept 
anyone can read the contents, email is analogous to a postcard the same.
Bear in mind your messages travel across the internet via lots of 
computers and it's possible someone, somewhere could be reading your mail 
and almost every tiny bit of private information can be abused in some 
form so it's a sensible precaution to pop it in a PGP "envelope".

PGP and Atari

PGP is a command line utility written with portability in mind which has 
the advantage that versions are available for most platforms, including 
ours. Unfortunately these are not very user friendly so but happily there 
are various GEM shells which provide a convenient graphical user interface 
to use PGP. One of the best known is Easy PGP, programmed by Manfred 
Ssykor, which is multitasking aware and offers access to nearly all PGP 
features.

Easy PGP can help you manage different keyrings, which is useful if you 
have both personal and professional email correspondence but don't wish to 
keep the keys together to avoid confusion.

Of course, it is still inconvenient when you receive an encrypted email, 
to have to call PGP (or shell) to read it and the same applies for sending 
PGP encrypted mail. However there are mail readers which offer built-in 
PGP support or allow the use of PGP as an external filter. This means, 
you can optionally encrypt/sign email before sending it, and incoming 
encrypted mail can be automatically decrypted when you want to read it.

For example Okami, an offline mail and newsreader, includes PGP support, 
as well as mutt, which is a mail program ported from the Unix world, 
primarily designed for online use.

Getting PGP

Almost every BBS or ftp server carrying Atari software will carry a copy 
of PGP. The URL below is an excellent jumping off point because it allows 
you to select your platform then displays a list of hosts in various 
countries:

URL: http://www.pgpi.com/download/#2.6.3i

The current version is 2.6.3. Be sure to get the international release if 
you live outside the US (usually denoted by the "i" suffix, for example, 
PGP 2.6.3i). After unpacking the archive do take the time to read the 
documentation. They are easy to read and provide the necessary knowledge 
to use and handle PGP correctly (and that does not only refer to technical 
usage). It's not a good idea to use PGP without reading them and be wary 
of any PGP version which came without documentation!

You should also make sure your copy has not been hacked, rendering the 
encryption useless (for example, by always using the same IDEA-key instead 
of generating a random one for each new message). A quick way to check 
this is to encrypt the same text twice for the same recipient (create some 
test keys) and if the resulting encrypted files are different your copy is 
probably OK (though this isn't an absolutely reliable test). The best way 
to check your copy of PGP is to check its signature, but this only 
possible if you're already using an older version of PGP, and have and 
trust the public key of the person who signed the archive.

Finally, here's the fingerprint of my public key, which you can verify 
when you get it. Naturally if you use this you're already assuming the 
editor, publisher and everyone else involved in the production process 
haven't tampered with the fingerprint!

92 6D 22 37 8F 8D 76 FC  2F FB DD 33 50 2C ED 21

If you'd like my public key my email address is:

gryf@hrzpub.tu-darmstadt.de


RSA
--------------------------------------------------------------------------
RSA is a public key cryptography scheme named by its developers Rivest, 
Shamir, and Adleman, uses prime numbers. Today, only one way is known to 
break a non-trivial RSA-key: the factorisation of the product of the two 
primes used to create the key. In other words: The product is known and 
you have to search for the two primes used to create it. The security of 
RSA is based on the fact that there's currently no easy, or more 
accurately, no fast, way to do this for large primes. Consequently the 
larger the primes, the more secure the resulting key.

Experts reckon it's safe to use keys with 768 bits and onwards bearing in 
mind the speed of today's computers and the known factorisation 
algorithms. That means, a key with 768 bits will be safe for years, 
provided no one comes up with much faster algorithm to factorise large 
numbers or an alternative strategy to break RSA.

I'd recommend anyone creating a new key to opt for at least 1024 bits but 
if you're currently using one with 768 bits you don't need to worry unless 
you need to protect data which has to remain secure in ten years.


PGP 5.0
--------------------------------------------------------------------------
Even though the article statest PGP 2.6.3 is the current version, PGP 5.0 
has been available for months. However the new version has not yet been 
ported to the Atari platform and is incompatible with the old one. This 
doesn't mean you can't exchange messages with the other version or that 
you have to create new keys, merely that PGP 5.0 offers completely 
different command line options, so shell programs designed to work with 
2.6.x will simply fail. So, unless you intend use PGP directly from the 
command line, use v2.6.3 or wait until the new version has been ported and 
the programs you want to use have been adapted.

PGP 5.0 also supports a new public key scheme in addition to RSA, which is 
incompatible. Thus, you can't exchange protected messages with someone who 
has such a new key, and vice versa.


Recognising PGP messages
--------------------------------------------------------------------------
As PGP encrypted text is no longer readable and can't be sent via email as 
it is, PGP offers "ASCII armour". This means the resulting ciphertext is 
converted so it consists of characters which can transmitted by email - 
similar to the uuencode process you may already be familiar with.

To inform the recipient (or mailing program used) the email contains a PGP 
message, it is surrounded by the following two lines:

-----BEGIN PGP MESSAGE-----
-----END PGP MESSAGE-----

In discussion forums such as UseNet you'll also often spot 
messages beginning with:

-----BEGIN PGP SIGNED MESSAGE-----

That means, the following text has been signed by its author, the 
signature is attached at the end of the text, in the section 
marked with:

-----BEGIN PGP SIGNATURE-----

Sometimes, people also send or post their public keys. These are 
surrounded by these two lines:

-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----

In all cases, you can simply drag the file containing the message 
on the PGP executable. PGP automatically detects the type of the 
message and takes the appropriate action.

--------------------------------------------------------------------------
End of article