Tips for Proper Message Encryption When Using Asymmetric or Public Key Encryption

Public key message encryption is also known as public key cryptography or asymmetric encryption. It is a type of encryption which uses a pair of different keys known as public and private keys. A public key is used to encrypt messages and a private key is used to decrypt messages. A pair of public and private keys is specific for a particular individual. He or she distributes the public key so that anyone who wishes to send a message to him or her can encrypt the message using the public key. The private key remains known only to that individual and is used to decrypt received messages.
Note that encrypted messages can still be altered by an attacker if you use some types of encryption algorithm. Encrypted messages can also be decrypted by a dedicated attacker with unlimited computational power (such as the government of a country). Besides these, encryption can go wrong if not used properly. The following are tips that will help you avoid some of these pitfalls.
Do Not Selectively Encrypt Your Messages: It is best to encrypt all your messages if you use message encryption. Encrypting only the messages you consider important such as those that contain financial information sends a signal to anyone intercepting your messages that such mail contains important information.
Use a Digital Signature: Message encryption only protects the confidentiality of your message by preventing it from being read if it is intercepted before it reaches the intended recipient. The use of some types of encryption protocols may leave your mail vulnerable to alteration even if it cannot be deciphered. The use of a digital signature with message encryption provides for this situation. Digitally signing a message allows the recipient to tell whether it has been tampered with or not since the digital signature is invalidated once the message is altered. Digital signatures also allow the recipient to confirm that the message is from a particular sender.
Authenticate/Verify Your Public key: Since public keys are publicly available, the following scenario is possible: Person A publishes a public key which purports to belong to Person B. Any messages sent to Person B which have been encrypted by the false key can be decrypted and read by Person A before being passed on Person B. To avoid this, you should have your key published by a certificate authority (CA) or use a web of trust (WOT). These allow other people confirm that a public key really belongs to you.
Protect Your Private Key and Digital Signature Information: The information in your messages only remains secure as long as your private key has not been comprised. If an attacker infiltrates your computer and determines your private key, then he or she can decrypt and read your messages. Same goes for the digital ID which is used to sign your messages. If an attacker can get to this information, the information contained in your messages can be altered. The person can also use your digital signature to sign messages which are not from you. Therefore, you must protect your computer with security software such as firewalls. If you lose your private key, you will not be able to decrypt your messages.
Use Encryption Software with Non-malleable Algorithms: Certain encryption algorithms like RSA or ElGamal are known as malleable encryption i.e. the person intercepting your messages can still modify the messages even if he or she cannot read them. Non-malleable encryption algorithms such as the Cramer-Shoup system can prevent this from happening.
Make Use of Long Keys: Encryption is not invincible. People with enormous computational power may still be able to decrypt encrypted messages if they are determined to do so. Using very long keys makes it harder, longer and costlier to decode your messages.
Use Compatible Encryption Software or Protocols: Different encryption protocols use different algorithms. As an example, if the sender makes use of PGP encryption, the receiver should also use PGP so that he or she can properly decrypt the message. Your digital signature will also be affected if the encryption software is incompatible.
Use Compatible Email Clients: Different email clients support different encryption protocols and it is a good idea for both sender and receiver to use the same email software.

Comments

Post a Comment

Popular posts from this blog

Advantages and Disadvantages of Using Bitcoins

Image
Bitcoin logo Bitcoin has been in the news a lot recently for good and bad reasons. There have been stories like the one of the man who bought  $27 worth of Bitcoin in 2009 which are now worth almost $900,000 . How about the  shutdown of the infamous Silk Road website  which was an online black market where people sold and bought illegal drugs and weapons and even paid to have people killed using Bitcoins as currency? Even most recently, a company started installing  physical ATMs for Bitcoin transactions . Having had my interest in Bitcoin piqued high enough, I decided I wanted to own Bitcoins. However, I had to know what advantages and disadvantages using Bitcoin presented. I carried out a bit of research and this is what I found. What is Bitcoin? Bitcoin, according to Bitcoin.org is a new kind of money which uses peer-to-peer technology to conduct transactions. It is an open source, decentralized payment system which means that it has no central regulating authority and do
Read more

Advantages and Disadvantages of Symmetric and Asymmetric Key Encryption Methods

Image
Methods of encrypting messages include the: - Symmetric Key Encryption and - Asymmetric or Public Key Encryption methods. While each system has its proponents and opponents, both methods have pros and cons which are outlined below: Symmetric Key Encryption Symmetric key encryption is also known as shared-key, single-key, secret-key, and private-key or one-key encryption. In this type of message encryption, both sender and receiver share the same key which is used to both encrypt and decrypt messages. Sender and receiver only have to specify the shared key in the beginning and then they can begin to encrypt and decrypt messages between them using that key. Examples include AES (Advanced Encryption Standard) and TripleDES (Data Encryption Standard). Advantages -  Simple:  This type of encryption is easy to carry out. All users have to do is specify and share the secret key and then begin to encrypt and decrypt messages. -  Encrypt and decrypt your own files:  If you u
Read more

Advantages of Not Deleting Your Internet Browsing History

Image
All over the internet there are numerous websites and articles dedicated to tutorials on how to delete browsing history from your computer. There are even software products created specifically for deleting internet browsing history from computers. Only a few of these websites or articles bother to tell you why they advocate clearing your browsing record and virtually none of them tell what you may be losing when you delete your history. Browsing history is made up of the record of the following: - Websites visited - Files downloaded - Cookies and other site data - Saved passwords - Saved form data - Web cache - Search history - Authenticated web sessions Each and every one of the components of your history has benefits which is why internet browsers are programmed to store them. Benefits of Having a Browsing History Faster Loading Times: Whenever you visit a website, your web browser stores certain data from the site in its cache. Next time you visit the si
Read more