On 04/20/2017 05:40 PM, Paul Wouters wrote:
On Thu, 20 Apr 2017, Rui Costa wrote:
I want to send you an encrypted email. I need your key. I can send a
plaintext email asking you for the key. I have to hope that it really
reached you and that it is you who gave me the key and that the key
was not modified in transport.
There are free email cert companies. This email is signed by one (unless
the list server strips them out like it used to). Your MUA now knows my
public key.
This is how it is done. I know it works with Thunderbird and Outlook.
To send a signed email, I only had to configure my MUA once. Thunderbird
and Outlook always S/MIME signs all of my email with the free cert I use.
You send me a signed (not encrypted) email from a *mutually trusted*
cert source. Your MUA signed it with your private key, because that's
how its done. Only your public key can verify it.
My MUA examines the email, extracts your public key that is included in
an S/MIME signed email, verifies it was signed by the mutually trusted
cert source. I now know the 'From' email address matches the signature,
the content, and the only way your MUA could have generated those
sequence of bits, is that it was signed by your matching private key.
I now have your public key. Verified by a email message signature that
could have only been signed by the matching private key, which validate
against the trusted cert source. Who cares if the world sees your public
key - that the point of a public key.
If someone were to modify the message in transit (only some of the
headers are used in the signature verification), the signature will fail
to validate. Then my MUA would tag it as bad signature and should be
un-trusted.
Thunderbird signifies a good signature with an image of a letter, with a
red seal.
When my MUA validates that the signature matches the email content, then
the recipient MUA knows nothing was altered, including the public key,
which it keeps.
Thunderbird and Outlook collect these certs by default. I do not have to
do anything. I can even export them to a file, and import them into
another MUA.
I can now send you an encrypted email, encrypted with my private key and
your public key. Only your MUA can open it with your private key and my
public key, and in that process, also validates it.
--
Doug Royer - (http://DougRoyer.US http://goo.gl/yrxJTu )
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135
smime.p7s
Description: S/MIME Cryptographic Signature