E-mail Signatures (GnuPG/PGP)

In God we trust--all others must submit an X.509 certificate.

— Charles Forsythe

If you've gotten an e-mail from me recently, you've likely noticed a strange attachment accompanying it. Perhaps you've even reached this page from my signature, wondering what that file is and what you're supposed to do with it. This page will serve to explain what these files are, and why they're a good idea.

I cryptographically sign my e-mails (well, most of them anyway). It is a way of providing proof that I am the author of a message, and a way to verify that you have received an authentic message from me. Further, I encourage everyone to sign their e-mails; I will also willingly accept encrypted e-mail. Information on obtaining my keys is provided at the end of this document.

Note: I may have some of the technical details incorrect in the following discussion, but the general principles are correct to the best of my knowledge.

The Problem

With plain, basic e-mail, there is no way to verify the authenticity of a message. Sure, the From line says that it's from Michael Ekstrand, but anyone can put anything they want in that line. In order to be certain that a message did actually come from the claimed author, and has not been modified in transit, it must have some kind of certificate of authorship that cannot be forged.

The Solution

Enter cryptographic signatures. I have a key, my private key, which can be used to generate encrypt data. There is a matching key, my public key, which can decrypt what my private key encrypts. Likewise, my private key can decrypt what my public key encrypts. I keep my private key to myself - no one else is allowed to look at that key. My public key I publish on the Internet.

What happens then, is that my e-mail program generates a signature of my message (some number calculated from the contents of the message), encrypting this with my private key. If you have PGP or GnuPG installed and your e-mail program is configured to use it, it will decrypt the signature with my public key and verify that the signature matches the message. If it matches, then you know that the message is from me - the only way to create a signature matching a message that can be verified with my public key is to use my private key, and I'm the only one who can do that.

Key Servers

Several sites on the Internet run servers that publish keys, called key servers. When you get a message signed or encrypted by someone who's key you do not have, your encryption program can download their public key from a keyserver. You can then verify their signature or decrypt their message.

The Web of Trust

There's one piece missing from the puzzle above. How do you know that key signing a message is actually my key? Someone else could create a key that claims to be mine and use it to sign a modified version of my message, saying something entirely different from what I want to say.

The way this problem can be solved is via a mechanism called the key signing. Basically, not only can you sign messages, but you can sign other people's keys. So if you and I meet, I can show you some verifying information about my key (called its fingerprint), and you can verify that I am who I say I am and record the key fingerprint. You can then sign my key (after checking that its fingerprint matches the one I gave you) with your private key, saying that you have verified that the key in question does, in fact, belong to me.

Now, you can't sign everybody's key. However, you can sign some people's keys, and publish your signatures of their keys to a keyserver. Further, when you download a key, you also get the signatures other people have made for it. And finally, you can tell your encryption program that you trust certain other people (whose keys you have verified) to sign other keys. So, if you've signed Bob's key, and trust Bob, and Bob has signed Alice's key, you may be able to take Bob's word that Alice's key is correct. The Web of Trust is the network of such relationships, and can be used to verify the authenticity of keys of people you've never met.

Note that you must be careful when signing keys - only sign keys of people whose identities you have verified! It is common to use a passport, driver's license, or other difficult-to-forge photo-ID to verify a person's identity, and then sign the key with the ID and signature they give you. More information on this process is available from the links in the following section. I strongly urge you to do more reading on the subject before signing keys and establishing trust. It is important for each person in the global web of trust to understand the implications of signing keys and of trust, or else the integrity of the system can be compromised.

More Information

More information about GnuPG (a free software impementation of PGP) is avaialable in the GnuPG documentation index. Also, Wikipedia's article on PGP has a number of useful links.

Philip Zimmermann, the original author of the PGP program, has an excellent essay on why encrypted e-mail is important.

I also maintain a list of my keys