Email Encryption & Signing

images

For Your Eyes Only

Whilst sojourning on a relaxing vacation one may be inclined to send a letter to a friend on the back of a picture post card with a quick “wish you were here”-esque message. However, in sending a cheque, a confidential lettre or in the paying of a bill one would be wise to seal the contents in a security envelope with hatched lines to obfuscate the contents; if the information is of critical importance one may even affix a personal wax seal as an extra measure of precaution.

Your Virtual Postcards

Why then are vast majority of internet users content to regularly send petabytes of personal and confidential data in a plain-text emails with no encryption or cryptographic signature, the digital equivalent of an open-faced postcard?

Wild Wild Web

Now more than ever, with the growing threat posed by cybercrime, evidenced by the skyrocketing number of high-profile data breaches, identity theft cases, and thefts of proprietary information, sensitive data sent in plain-text emails are more likely than ever to be intercepted, potentially leading to law-enforcement action, invasion of privacy, or identity theft.

Ends Justify Means

ACM researchers attribute the lack of plain-text email security controls to be a social problem, that of ignorance, usability and inconvenience. Yet the privacy implications of critical data sent in plain-text email remains a problem for businesses and individuals alike. Plain-text messages for non-sensitive data are fine, but when it comes to personal, financial, corporate, medical and legal data they present serious economic and privacy risks.

The Essential E-Mail Credential

Email encryption is based on the principles of public and private key infrastructure (PKI). A public key is analogous to the mail slot of a listed postage address, the information is publically available and anyone is free to send a message just as individuals are free to encrypt data with one’s public key.

The private key is the equivalent of the key used to access the personal mail slot, only the legitimate key holder can read the messages there deposited, as such when it comes to email only the individual in possession of the private key can read the messages encrypted with the corresponding public key. When the holder of the private key encrypts a message before it is sent out, affixes a digital signature, anyone can read the message after decrypting it with the public key, but, if in transit the message is altered or modified the digital signature is void, it is as if the wax seal of the message has been broken.

Keep Up

It is important to note that to for the system to function properly an individual must sign or encrypt all messages, not just the confidential or sensitive ones. If only those messages which contain sensitive data such as credit card information are encrypted while all trivial messages go out as plain text it is essentially alerting cyber criminals to the fact that this message is worth hacking.

The Proof in the Spoof

Obtaining and using a personal email certificate to digitally sign messages can help to stem the tide of spam and malware unduly distributed on behalf of an individual. If colleagues, friends and family are conditioned to know that one’s sent messages contain a personal digital signature then unsigned messages which “spoof” a user’s email address as the source can easily be recognized as illegitimate and safely deleted.

The Advanced Directions Advantage

Advanced Directions  provides a full range of PKI products with advanced cryptographic algorithms to ensure that your personal online communiques stay personal.

With a catalogue of PKI devices which comply with the most stringent international standards Feitian is a global companion from parties concerned with the integrity of their transactions.
As the paramount producer of PKI hardware in the PRC, Feitian exercises a tremendous manufacturing capacity to satisfy orders large and small with expedient, efficient, and cost effective results.