| More

Email Security

An e-mail message is by law subject to confidentiality. Anyhow, an insecure e-mail message can be read by anyone who is able to listen to the network through which the message is transmitted.

E-mail messages can be encrypted before sending. E-mail messages can also be digitally signed to ensure the identity of the sender and the integrity of the message. Signatures based on certificates are a one secure way to ensure a person's identity.

Encryption of a message

In systems using a public key infrastructure the sender encrypts the message with the recipient's public key. Only that person who has the recipient’s private key can open the message. This means that even if a third party could intercept the sent e-mail message he or she cannot open it.

Signature of a message

By means of a digital signature it is possible to ensure the integrity of the message during transmission and the identity of the signatory. The sender signs the message with his or her private key and the recipient can verify the sender's identity with the sender's public key.

There are several commercial programs for encryption and signing of an e-mail message. One of the most commonly used programs is Pretty Good Privacy (PGP), which is based on the usage of an asymmetric encryption. As the name tells, protection of the PGP is rather good and usually sufficient. However, PGP cannot guarantee the connection between the sender and the sender's public key. Therefore, it is possible that the sender's public key, which is known to the recipient, does not belong to the sender but to a third party. One solution to this problem is a personal certificate used in the Public Key Infrastructure (PKI). A personal certificate binds the user and the user's public key together in a reliable way.

permalink [Permalink] - Updated: Tuesday, March 28, 2006

| More

(c) Capitalhead Pty Ltd
Contact Capitalhead About Us Articles & Publications Partners Solutions & Services Products Valid XHTML Valid CSS