Subscribe to Windows IT Pro
September 01, 1996 12:00 AM

Digital Envelopes and Signatures

Lawrence E. Hughes
Windows IT Pro
InstantDoc ID #2698
Rating: (1)

Digital envelopes and digital signatures are two specific applications of computer security technology that can enhance the functionality of electronic mail. A digital envelope (encryption) is the electronic equivalent of putting your message into a sealed envelope to provide privacy and resistance to tampering. A digital signature is the electronic equivalent of a signet ring and sealing wax: You seal the message so that the receiver has a high degree of confidence that the message really came from the purported sender and that no one has altered it. (For more information on the role of encryption in computer security, see Lawrence E. Hughes, "Secure Enterprise Email," Windows NT Magazine, May 1996.)

These two security functions are mutually independent, and you can apply neither, either, or both to a message. Only the sender's private key (a binary value 40-bits or more long) is required to create a signature. A secure mail client will apply digital signatures by default, without affecting a person's ability to read the message through a mail reader without a secure mail client. In contrast, digital envelopes make the entire message gibberish to a recipient without an appropriate reader and the correct decryption key. Therefore, a digital envelope is never a default. However, a well-designed mail client can remember (or determine from a directory service) what recipients to use digital envelopes with, what type of digital envelope to use (many standards are available), and the particular key to use for each recipient.

Digital Envelopes (Encryption)
Encryption, or secret writing, has been around in one form or another since ancient times. Recently, encryption has become more complex with the availability of computers to escalate the game of lock builder vs. lock picker.

Encryption provides privacy. You scramble information so that only the intended recipient can unscramble it. Encryption does not prevent third parties from intercepting the message, but they intercept pure gibberish; the intercepted message is useless without the decryption software and appropriate key. Most contemporary encryption schemes use a fixed, standard algorithm (e.g., the Data Encryption Standard--DES), which produces a unique ciphertext (scrambled form) for each possible key (pattern of bits that modify the way the algorithm does the scrambling). The more bits in the key, the more keys are possible. For example, DES has 56 bits in each key, hence a total of 256 or roughly 72 quadrillion distinct keys.

Two primary kinds of encryption are symmetric key and asymmetric key. Symmetric key encryption uses the same key to encrypt and to decrypt. Asymmetric key encryption creates the key in two complementary pieces, like the two pieces of a raggedly torn dollar bill. One piece is the public key, because no security is lost by publishing it for anyone to know, and the other is the private key, because you must guard it from discovery. If you encrypt with a given public key, someone can decrypt only with the corresponding private key; no other key, including the public key used to encrypt the information, can successfully decrypt it. That simple difference in key use is the most significant breakthrough in security technology in 2000 years.

Unfortunately, asymmetric key algorithms are hundreds or thousands of times slower than symmetric key algorithms and are suitable only for processing small pieces of information (e.g., a 56-bit symmetric key). So, most digital envelope schemes use an asymmetric key algorithm (e.g., Rivest-Shamir-Adleman--RSA--or Diffie-Hellman) to securely exchange a session key (a randomly generated symmetric key just for this one message or session; then you discard it) and then use a symmetric key algorithm (e.g., DES or International Data Encryption Algorithm--IDEA) to encrypt the text by means of the session key.

The person sending a message in a digital envelope must randomly select a symmetric algorithm session key and then encrypt that session key by using the recipient's public key and an asymmetric algorithm. The sender encrypts the message body (the plaintext) with the original (unencrypted) symmetric session key, and then sends the encrypted session key and encrypted message body (the ciphertext) to the recipient.

The recipients of that message must decrypt the session key (using their own private key) and then decrypt the rest of the message using the recovered session key to obtain the original message body (the plaintext). Only the holder of the recipient's private key (hopefully, only the recipient) can recover the session key and the original message.

Digital Signatures
Digital signatures are a more recent concept than encryption and address issues of authentication (proof of identity of the sender) and message integrity (detection of changes to the message). You can also use digital signatures for non-repudiation: proving that a particular individual really sent a particular message.

Most digital signature schemes depend heavily on asymmetric key technology but need a trick to keep the amount of data processed with it to a minimum. In this case, you create a message digest with one of the many standards, such as the Secure Hash Algorithm (SHA) or Message Digest Algorithm 5 (MD5). You feed the entire contents of the message through an algorithm that is a function of the entire content, including the order of all the characters. This algorithm creates a residue (typically, 64 bits' worth, regardless of the size of the original message--even more condensed than a Reader's Digest condensation of a book!). If someone alters the message and you run the result through the algorithm again, the result is a different residue. The probability of getting the same residue from two different messages is one in 264 power, which is millions of times less likely than your chances of winning a lottery. This residue, or more accurately the cryptographic checksum, is what asymmetric key technology encrypts and then appends to the message to create the digital signature.

For a recipient to verify a digital signature, the receiving mail client program must use the sender's public key to extract and decrypt the transmitted message digest. The receiver must obtain the public key, recalculate the message digest by passing the rest of the message through the message digest algorithm, and compare the transmitted residue with the newly calculated one. If the residues match, no tampering with the message has occurred, and only the holder of the sender's private key can have created the digital signature (note that anyone can verify a signature, as only the sender's public key is required).

If the residues don't match, either someone altered the message in some way (possibly the mail transport system innocently altered it by wrapping long lines), or someone other than the purported sender created the digital signature with some key other than the sender's private key, or both. Many digital signature schemes let you encode the message content to prevent the mail transport system's innocent mauling from affecting the message digest, but these schemes have the unfortunate side effect of making the message text unreadable without an appropriately equipped mail client program (you use digital signatures with this feature only when sending mail to recipients that have the appropriate capability).

Sometimes privacy and message integrity are essential, but who sent the message is not important or is obvious from content. In this case, a digital envelope is necessary and sufficient. The interceptor first has to decrypt the message to change it and then re-encrypt it using the same key originally used to encrypt the message, so encryption prevents tampering. However, encryption alone does not provide any authentication.

At other times, who sees the information is not important, but the critical concern is that it really came from the person who claims to have sent it, and that no one has tampered with it in any way. In this case, you can send the message in plaintext (no digital envelope) with a digital signature. Also, you cannot legally use encryption in certain situations, such as crossing most international borders even if digital signatures are perfectly legal inside those borders. When sending mail internationally or even within the borders of many foreign countries, find out what security technology is allowed and what algorithms and key lengths are permitted. Penalties can be severe if authorities catch you--assume that the National Security Agency monitors most digital traffic that enters or leaves the US.

Digital envelopes and digital signatures do not interact, and people often first digitally sign and then encrypt a message before sending it, taking advantage of both privacy and authentication. Also, the digital envelope protects the digital signature. Finally, keeping the original digital signature as part of an archived message is useful. For example, you can detect alterations while it is in storage or verify the identity of the sender again at any time.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
    There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.