The Problem

Ever tried sending and encrypted email? What a palaver!

“Andy I’ve just got this email from you, can’t make head ‘n tail of it! What’s going on?”

“Well I’ve encrypted it.”

“You’ve done what?”

That’s a typical telephone conversation you may have after you have sent your first encrypted email. Of course that will be hours after you’ve managed to get the necessary software installed and worked out how to generate your key pairs etc. We have been longing for a user friendly encryption product for years, one that can be used by anyone and that will allow your recipient the ability to decrypt it without the need for them to buy the same software or even install something on their PC. Most people don’t understand encryption and have no wish to learn the finer points, they just want a method of exchanging potentially sensitive information securely.

The Answer

Finally smart technology is allowing the emergence of this type of software. Software that allows you not only to encrypt emails and their attachments but also much larger files for exchange via cloud servers, thumb drives, CD ROMs even DVDs. The clear front-runners in email encryption make use of identity-based encryption.

Why Identity-based Encryption?

There are three very good reasons why identity-based encryption is highly desirable:

  • With identity-based encryption you immediately ensure you link the private data to be shared with the intended recipient.
  • You can negate the need to create another password that has to be remembered.
  • You don’t have to burden the user with the need to understand “key pairs” along with the exchange of their public key.

Think about it, the one thing that will be unique when emailing someone is his or her email address! A system where a user’s email address is bonded in this way can generate key pairs associated with the address. These keys will be used to encrypt and decrypt any emails the user requires protecting.

No Limits

But why limit it to just emails? Some software products of this type allow the same simple system to be used for; files, disks, thumb-drives, CD-ROMs pretty much anything you require to be encrypted.

How Does It Work

Let me try to explain in simple terms how this all works. Every email or data file you want to encrypt and subsequently share with someone else has to be encrypted using that persons “public key”.  Their “public key” will have a twin known as a “private key”. Together they are known as a “key pair”. The “private key” of an individual is used to decrypt something that has been encrypted with it’s twin or “public key”.

OK, so now we need a method of exchanging “public keys”. By generating and then associating the “key pair” with someone’s email address you have automatically produced a unique “key pair”. The system will know if you are sending an encrypted message to Fred it must generate a “key pair” for Fred. Using Fred’s “public key” it will then encrypt the message. When Fred receives his encrypted email he will be asked to retrieve his private key by logging onto the system using his email address, which will be used to authenticate him and then automatically decrypt his message.

These matching key pairs can be one-time pairs that will only apply to each email or data exchange further improving the security. Since each key pairing is only good for one exchange if they were to be compromised it does not result in and future or past exchange being put at risk, clever!

What to Look For

Considerations to bear in mind when selecting this type of product are;

  • How good is the algorithm being used?
  • Has the algorithm been implemented correctly?
  • Has sufficient entropy been collected to utilise the full force of the algorithm?

Say what? I know! This is where it gets quite technical. However there are some products out there that have been independently certified by experts in the field so that you can take assurance that the product offers robust protection. One such system I have had experience of is Egress’s Switch. It offers all of the above and then some.