WebFund 2013F Lecture 2

From Soma-notes

Video walkthroughs that were shown in lecture and class and associated notes are posted here.

This lecture should give an overview of the encryption of email, and what it means to apply a digital signature to an email message. There will be video demonstrations of how to setup both S/MIME and PGP on an Ubuntu machine with Thunderbird.

The RFCs that relate to the topics presented will include:

RFC 821 : SMTP - simple mail transfer protocol

RFC 5652: CMS

RFC 2440: OpenPGP Message Format

RFC 3851: S/MIME 3.1

Links for setting up your software:

Ubuntu GPG HowTo

GPG Main Website

Mozilla Thunderbird Enigmail Info


September 11

  • most email is sent in plaintext
  • SMTP is a store and forward protocol
  • Hops may use point-to-point encryption
  • Analog days: passing notes in class
  • End to End Encryption
    • PGP
      • pretty good privacy
      • encrypt or digitally sign mail
    • S/MIME
    • attacker doesn't know at which point to get to message
    • wouldn't know how to unencrypt unless they had key
  • point to point encryption: SSL/TLS
    • can attack at many points through mail transfer
  • asymmetric - a public key and a private key
    • two keys, one is public one is private
      • can use either to encrypt message

[[Sending message ]]|Hi Bob!| -> hash function (MD5) ->|0110110|->Encrypt ->Signature signature Private Key

Receiving Message |Hi Bob!|-sh>md5sum msg.txt->|0110110|->Decrypt -> Signature value Signature Public Key

  • if anything changed in transit, it would change hash function value and would let you know that the message integrity has failed
  • by not encrypting we cannot ensure integrity of communications
  • trace route a couple of your packets
  • IETF = ISO
    • RFC
      • SMTP
      • CMS
    • OpenPGP
      • GPG -> free license
      • PGP (Pretty good privacy)