I get email from some folks that have a line at the beginning:
BEGIN PGP SIGNED MESSAGE
And then near the end of their message there’s:
BEGIN PGP SIGNATURE
followed by some gobbledygook. Now I see that same stuff in some of your
responses to comments on your site. What’s it all about?
What you’re seeing is called a “signature”. It’s digital data that
accompanies a message, and is somewhat similar to a hand-written signature,
except for two important facts:
-
It can be used to validate that the message came from who it claims to come
from. -
It can be used to prove that the message wasn’t tampered with.
These days both of those can be pretty important.
Let’s look at how, at a high level, this type of signing works.
Become a Patron of Ask Leo! and go ad-free!
I’ve actually discussed this technology before, in the context of sending encrypted email. That’s
because signing and encryption are tightly coupled, and the same tools and
“keys” can be used for both.
We need to start with a concept: public key encryption. With this type of
encryption, you generate a key pair. Call them “A” and “B”. Something
encrypted using key “A” can only be decrypted with key “B”, and something
encrypted with key “B” can only be decrypted with key “A”.
Now, if I create a pair of those keys, I can make one public and keep the other one a closely
guarded private/secret key. That means a few interesting things can happen:
-
Someone can take my public key and
use it to encrypt something. Once encrypted only I can decrypt it
using my matching private key. Even the person who encrypted it cannot decrypt
it. It’s a secure way to encrypt data such that it can be seen only by the
intended recipient. -
I can encrypt something with my private key, that then anyone can
decrypt with my public key. Now, that seems kinda silly, if anyone can decrypt
it. Except that if it can be decrypted using my public key, then only I
could have encrypted it using my private key. It validates that the
encryption could only have been performed by me.
That last point forms the basis for message signing.
•
I can hear you saying “But … the message isn’t encrypted! I can still read
it!”
That’s correct, but something is, and that’s an important second half of the
signing process.
And it’s time for another concept: the hash. A hash is nothing more than a
complex mathematical function. It takes all the characters in a message,
number-crunches the heck out of them, and produces a number. The hash function
most commonly used today is called “SHA1”. In fact, underneath that “BEGIN PGP
SIGNED MESSAGE” line, you’ll probably see a line that says “Hash: SHA1”. That
means that as part of the signing process the SHA1 hash function was used on
the message to calculate the hash value … the number.
The SHA1 hash function has some very important characteristics:
-
If anything within the message changes by even the slightest
amount, the number calculated by the hash function will change fairly
dramatically. -
The chances of any two messages generating exactly the same hash
value is statistically insignificant. It’s almost guaranteed that the hash will
always be different for different messages, no matter what. -
It’s impossible to alter a message in order to have it generate a specific,
desired hash value. -
Given a hash value, you can tell nothing about the message that
produced it.
•
So now we put it all together to “sign” a message.
First, we calculate the hash value of the message. In the messages you’ve
seen, the message is the part between “BEGIN PGP SIGNED MESSAGE” and “BEGIN PGP
SIGNATURE”.
Next, we encrypt that hash value with someone’s private key. For example
when I sign something, I use my private key to do so.
must have come from the person who holds the matching private key.”
Finally, a text version of that encrypted hash value is placed at the end of
the message, between the “BEGIN PGP SIGNATURE” and “END PGP SIGNATURE”.
OK, now what?
Two things:
-
If the signature can be decrypted using the appropriate public key, it
must have come from the person who holds the matching private key. If
using my public key you can decrypt the signature of a message I sign, then it
must have come from me. -
If you calculate the hash value of the message, and it matches the hash
value that you just decrypted, then you know that the message was not altered
in any way after it was signed.
Both of those are pretty powerful statements to be able to make.
•
Now, we tend to think of signing with respect to email. Email messages travel
over an untrusted network and we might want to be able to confirm they haven’t been
changed, and came from whom they claim to have come from.
So why have I started occasionally using it when I post a comment on this
site?
Because anyone can claim to be me. There’s no validation of the user name or
email address when someone posts a comment. While I do try to remove imposters,
some may slip through. By signing my comments using this technique, anyone can
independently verify that I was the author of the message by validating the
signature.
In fact, here’s that previous paragraph, signed:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Because anyone can claim to be me. There's no validation of the user name or email address when someone posts a comment. While I do try to remove imposters, some may slip through. By signing my comments using this technique, anyone can independently verify that I was the author of the message by validating the signature. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) iD8DBQFFxqRFCMEe9B/8oqERAqA2AJ91Tx4RziVzY4eR4Ms4MFsKAMqOoQCgg7y6 e5AJIRuLUIUikjNWQIW63QE= =aAhr -----END PGP SIGNATURE-----
Validate that against my public
key, and you’ll confirm that only I could have created that signature, and
thus only I could have signed that message. It further validates that the
message wasn’t altered after being signed.
Another thing to note: we keep talking about “messages”. In fact, any
digital data can be signed. I could sign a download, and after you download it
you could validate that download’s signature using my public key. If it
validates, you know that the download came from me, and was not altered.
In fact, the open source “GnuPG” tools
used for all this are, themselves, signed and verifiable exactly that way.
But… as you might expect, there’s a gotcha…
•
You pretty much have to be a geek to do it.
For email, there are plugins available for some email clients, but for
random other uses you need to get familiar with the tools, techniques and
terminology. If you take a look at How do I send encrypted email? you’ll
see some of the tools and how they’re used to send encrypted email. Those same
tools are used for signing as well.
Now, while I use the Enigmail plugin for Thunderbird that handles encryption
and signing transparently for email, I still have to do things by hand, using
those tools, for anything else. Like signing my comments.
I truly wish that public key encryption and signing were more accessible and
more widely adopted. Unfortunately complexity, as well as competing approaches
to email security specifically, are keeping that from happening.
But for now, if you have the need to perform this type of encryption and/or
validation, the tools are definitely out there.
wonderful article and very good website..
How do I decrypt the signature I receive on an email to verify against the public key?
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFI/qdKhnaHw2pg3ZIRAvKfAJ9TMfSFicph4Bxk/EA4sTaFvntnqACfa3VI
JovISTyAXc5cpcSqI8tKURc=
=cS+Z
—–END PGP SIGNATURE—–
@pablo,
There might be other ways, but the easiest way would be to install PGP software on your own computer. There is an OpenPGP plugin named “Enigmail” which can easily be added to the Mozilla Thunderbird mail client. Overall it works pretty well, but apparently does not handle the encryption of HTML message so well. So, it disables the sending of HTML emails.
Very Good Article…. It made my concepts clear…. Thanks.
Oh yea JD, I definitely read that XKCD comic and landed here after a googling.
But now I’m interested and I have two points of skepticism:
1. If key A and key B MUST be a pair to only themselves and no others, then there must be a public key out there for EVERY private key. So how do I know I have the right public key? Joe imposter claims to be Superman, he signs his messages and distributes a public key. What’s stopping someone from using JI’s public key to verify that the message remains authentic?
2. Leo’s comment that not even the sender can unencrypt their own message after it’s been encrypted. To my understanding, computers can’t even generate truly random numbers, everything follows a system. Key A must hold the key to unencrypting itself. I assume this is why thepiratebay remains so busy with microsoft “customers”. Can anyone counter this logically?
DarseyG, my understanding of point one is that if the public key is just distributed freely on the internet, essentially anonymously (because there’s no way to verify the name of the provider), Joe and Mr. Kent can both create a public key and tag it “superman”; however, the actual keys will be different.
One key will always be used by Joe, one by Clark.
So the encryption scheme doesn’t help you in figuring out which identity belongs who; that’s where the old-fashioned human detective work comes in. (If Mr. Kent gives you a sticky-note with a public key on it, that pretty much solves the case: that public key is the “real deal”)
@Darcey
1. Distribution of keys is the Achilles heel of key pair encryption. For example I can send you my public key. Someone intercepts that key and substitutes theirs and any thing you send encrypted to that key can be opened by that person. Any signed document from them appears as if it’s coming from me. The scenario seems to negate any reliability of public key encryption or signing. To get around this, there are websites such as Equifax and VeriSign where you can download digital certificates. This is done automatically by your browser using SSL when accessing a website with a digital certificate.
If you exchange keys with another individual, you can mail them an SSD card or USB stick with the key by snail mail. Or you could print out the key on paper and send that. They can then scan it and recreate the digital key with OCR.
2. I don’t understand the question.
Thanks to D Foltz and Mark J for some very good answers there. Mark my second point is fairly moot and its importance arguable. I’m just putting it up for the purpose of conversation.
What I’m suggesting is that I think someone with the right software and skills should be capable of decrypting either key, without the other. I’m assuming this would be similar as a keygen software people use for pirating software. Depending on the actual difficulty and commonplace of cracking keys like this, it makes me wonder whether the extra process costs are really saving us from major problems or just stopping those who don’t want to waste their time with a minor deterrent. These are a lot of assumptions from me though, I’m not an expert. It also appears that keygen software is not stopping Microsoft from using the same verification methods they have for years now. So maybe it’s still worth it.
@Darsey
A strong key would be next to impossible to crack. The level of encryption is close to military grade. Someone with the right software skills and hundreds of thousands of dollars worth of computer time could eventually crack these by brute force. So for all practical purposes, you’re probably not that interesting enough to exert the effort.
If you’re interested in how key pair encryption works, here’s a detailed handbook on the subject. It’s written in very easy to understand language. Intro To Crypto.pdf