The following document contains basic information on crypto – short for cryptography – and a general introduction to Ciphire Mail. Both are intended for non-technical users. Advanced users may wish to read Niels Ferguson and Russ Housley’s Technical Review of Ciphire Mail.
Introduction to Public-Key Cryptography
Ciphire Mail uses what is known as “public key cryptography” to secure email communications. Whitfield Diffie and Martin Hellman invented public-key cryptography in 1976. For this reason, it is sometimes called Diffie-Hellman encryption. It is also called asymmetric encryption because it uses two keys instead of one key. The one key model is called symmetric encryption. But let’s get back to the two keys.
Ciphire Mail uses the public [two] key system. It has been thoroughly tested by the scientific and information security communities and has become an industry standard. As a Ciphire user, you own a key pair. Your private key is secret and is stored securely on your computer. Your public key, on the other hand, is made available to anyone who wants to communicate with you. It is accessible to all Ciphire users through a central directory – something like a very secure telephone book – managed by Ciphire Labs.
To guard your security, it is crucial that the central directory publishes only authentic and non-compromised public keys. Here’s the important bit. When someone wants to send you an encrypted message he uses your public key. You receive the jumbled message and decrypt it with your private key. Public key encrypts, private key decrypts. Simple. But what if you wanted to send a confidential message to someone and you were duped into using the wrong (or fake) public key? Your deceiver could then decrypt your encrypted message using his private key, read it, possibly change it, pass it along, and you would be none the wiser. This is why valid public keys are absolutely essential to secure communications.
Accordingly, your public key will go through a number of checks and verifications at Ciphire before being recognized as valid and published on the directory. This is why we use the term “certificate” to refer to the document containing your verified public key in the Ciphire Certificate Directory. So when your friend – who is also a Ciphire user – writes an encrypted email to you, her Ciphire Mail client will use your public key (available in the Ciphire Certificate Directory) to encrypt her message to you. When you receive the message, your Ciphire Mail client decrypts it with your private key. This all happens seamlessly in the background. Ciphire Mail does all the heavy lifting for you.
Note that anybody using Ciphire Mail can write an encrypted email to you, because all system users have access to your public key. But you are the only person able to read these emails because you are the only person who has the matching private key needed to decrypt them. So you can be certain that the email was exchanged in full privacy without anybody reading it along the way. When your correspondent digitally signs his message to you, his Ciphire Mail client uses his own private key to authenticate the email. When you receive the email, your Ciphire Mail client gets your correspondent’s certificate, containing his public key from the Ciphire Certificate Directory, and verifies his digital signature. Again, Ciphire Mail does all of this automatically without interrupting your normal email routines.
Since the person corresponding with you is the only person who has access to his private key, he is the only one who can digitally sign his email. Therefore, you can be sure of the identity of the sender as well as of the integrity of the message.
In the rest of the document, it will be assumed that you will run your Ciphire Mail client with the default settings.
Private users and non-profit organizations can download Ciphire Mail from www.ciphire.com free of charge. Simply choose the version corresponding to your operating system (Windows, Linux or Mac) and download the program.
Next, run the installer and follow the instructions. When the installation is completed (you will be notified), you need to restart your computer (Windows) or to relogin to your session (Linux and Mac OS X).
Doing this will start Ciphire Mail automatically. The next step is to initialize your software, which is also straightforward.
Make sure you are connected to the Internet to initialize Ciphire Mail.
You just need to type your email address that you want to secure, and choose a short passphrase. Make it memorable, because you’ll have to remember and enter this passphrase every time Ciphire Mail is started (typically, when you start your computer). The software then creates your keys and stores them encrypted on your computer. One last thing. Don’t write your passphrase down on a post-it note and stick in on your monitor or some other obvious place. You wouldn’t leave your house key with a big sign pointing to it on your front porch. This is pretty much the same thing.
Your Ciphire Mail client automatically starts the certification process. You won’t need to perform any manual action. The certification process is a series of verifications and identification exchanges between your Ciphire Mail client and the remote Ciphire Infrastructure. During this process, you will receive an email notifying you that your request is being processed. When all security checks have been successfully completed, your certificate is then declared valid. It is stored and shared in the central Ciphire Certificate Directory and it is ready for use. A second email will notify you of this.
Ciphire Mail has now secured your email address. You can send and receive encrypted and digitally signed emails. Cool, huh?
How your Ciphire Mail Client Works
Before installing Ciphire Mail on your computer, your email client (Outlook, Eudora, etc.) would directly connect to your email server (at your company, your private email provider, etc.) to send and receive emails.
Now, your Ciphire Mail program resides on your computer – between your mail client and your email server – to intercept all the email-related connections. This way, your Ciphire Mail client can manage all your incoming and outgoing messages: it encrypts, decrypts, signs, and verifies signatures as needed. You now have your very own email security servant.
However, nothing changes for you as an email user. All these cryptographic actions are performed transparently, meaning that you do not need to change your mailing routines. You can send and receive emails exactly as you did before, only now they will be secured.
Sending an Email
How you do it
You write an email as you normally would from the address you have secured with Ciphire. You do not need to learn any new steps or secret handshakes since your Ciphire Mail client handles all cryptographic actions automatically.
What happens in the background?
Instead of traveling to your mail server the message is redirected to your Ciphire Mail client. From that point, if the person you’re sending a message to is also using Ciphire Mail, the message will be encrypted and signed. If they are not on the system they will receive an unencrypted message with your digital signature to at least ensure the authenticity of the communication. Whatever the case, the email is then handed over to your mail server and sent normally.
Signing an email
By default, all your outgoing emails are digitally signed. To digitally sign your email the program uses your private key which in turn authenticates your original message. Digitally signing your email allows the recipient(s) to make sure that you were actually the sender of the email, and that the email is received in its original, non-tampered form.
Encrypting an email
The program examines the email addresses of the recipient(s) of your message. For each recipient, the program sends a request to the central Ciphire Certificate Directory for a valid certificate belonging to the recipient. At this point, there can be two answers from the Ciphire Certificate Directory:
No: the recipient does not have a valid Ciphire certificate in the central directory. In this case, the message is sent unencrypted to this recipient.
Yes: the recipient has a valid active certificate. In this case, your Ciphire Mail client retrieves and verifies it. The program then uses the certified public key of the recipient to encrypt the email to this recipient.
Receiving an Email
How you do it
Just as with sending emails, receiving emails with Ciphire Mail does not require any change in your mailing routines.
What happens in the background?
Instead of traveling directly from your mail server to your mail client, incoming messages are redirected to your Ciphire Mail client. The program decrypts incoming messages and verifies their signatures when needed. The processed emails are then displayed in your inbox normally.
Decrypting an email
When you receive an encrypted mail, your Ciphire Mail client detects it automatically. It uses the locally stored private key corresponding to your email address to decrypt the message. Once the decryption is done, Ciphire Mail checks whether the message carries a digital signature to verify.
When you receive an email that is not encrypted, Ciphire Mail directly looks for a digital signature to verify.
Verifying a digital signature
Senders need to have a valid Ciphire certificate in order to sign their messages. When your Ciphire Mail detects a digital signature, it retrieves the certificate of the sender from the central Ciphire Certificate Directory. With the public key contained in the certificate, Ciphire Mail can verify the signature, hence the identity of the sender and the authenticity of the message.
If no digital signature is detected, the email is directly handed to your email client.
Reports and Mail Tags
To inform you on the level of security of each email, your Ciphire Mail client automatically adds tags to your emails. By default, these tags are placed at the end of the subject line of each email. Possible tags are:
- [u]: the message was neither encrypted nor signed,
- [encrypted]: the message was encrypted but not signed,
- [signed]: the message was signed but not encrypted,
- [ciphired]: the message was encrypted and signed
You can see who has or does not have a Ciphire-enabled email address among the people with whom you communicate via email. Their name – in the sender’s field for example – will be followed by the tag [c] if they are active Ciphire users. If they are not, nothing will appear behind their name.
Your Ciphire Mail software offers a large variety of options and specific settings, accessible through the Ciphire Options window. For example, you can add more email addresses to secure; you can set particular encryption or signing preferences; you can choose to get more – or less – security reports, etc.
Whenever there is any action with a certificate, the fingerprint system verifies that the certificate is valid and has not been tampered with. In addition, it performs a chain check of previous certificates.