022 Encryption - 022.3 Email Encryption (weight: 2)

Questions and Answers

What is meant by 'integrity' in the context of email security?

The email contains no malicious content.

The email content remains unchanged during transport. (correct)

The email can be tracked back to its original sender.

The email is accessible only to the authorized recipient.

Which of the following statements about end-to-end encryption is true?

It is implemented by all email servers without user intervention.

It eliminates the need for private and public keys.

It requires sender and recipient to take specific measures regarding email content. (correct)

It encrypts emails only during storage on the mail server.

What role do public keys play in email encryption standards like OpenPGP and S/MIME?

They are used to encrypt email content only.

They are only shared among administrators for security purposes.

They allow all participants to know and exchange private keys securely.

They help verify the authenticity of the email sender. (correct)

What is the purpose of a checksum in the email signing process?

To confirm that the email content has not been modified.

In the context of email security, what does 'non-repudiation' refer to?

The sender cannot plausibly deny sending the email.

What occurs when the recipient decrypts the checksum using the sender's public key?

The integrity of the email is confirmed.

What is a key feature of both OpenPGP and S/MIME encryption standards?

They integrate digital signatures for verification.

Which of the following is NOT a goal of email protection?

Accessibility

How is the content of an email encrypted before sending?

It is encrypted with a symmetrically chosen key by the sender.

What is a common method for key exchange in OpenPGP?

Exchanging keys via Keyserver.

What does a Revocation Certificate in OpenPGP serve to do?

Revoke the use of a public key if the private key is compromised.

What standard is S/MIME based on for identity verification?

X509 certificates.

Which of the following elements is NOT part of an OpenGPG key?

User credentials.

What must happen before an encrypted email can be sent using S/MIME?

The sender must obtain the recipient's public key.

What should be done to protect private keys in OpenPGP?

They should be secured with a strong passphrase.

How is a symmetric key sent to the recipient in an email encryption scenario?

It is encrypted with the recipient's public key and attached.

What does the Key Usage field in an S/MIME certificate indicate?

The intended use of the public key within the certificate.

Study Notes

Email Encryption Overview

• Emails traverse through multiple mail servers between sender and recipient, each retaining a complete copy of the email.
• Transmission between mail servers often lacks security measures, increasing vulnerability.
• Implementation of end-to-end encryption is essential to safeguard the content of exchanged emails.

Protection Objectives for Emails

• Integrity: Ensures the content remains unaltered during transmission.
• Authenticity: Confirms the email genuinely originates from the claimed sender.
• Confidentiality: Limits access to the email content exclusively to the intended recipient.
• Non-repudiation: The sender cannot deny having sent the email.

Common Email Encryption Methods

• OpenPGP and S/MIME are widely used standards for email encryption.
• Both utilize asymmetric cryptography, involving a pair of private and public keys for each participant.
• Many email clients, including Mozilla Thunderbird, support these encryption standards.

Email Signatures

• The sender generates a checksum representing the email's content, encrypted with their private key and attached to the email.
• The recipient uses the sender's public key to decrypt the checksum and verifies it against their own computed checksum.
• Matching checksums indicate the email is unaltered, and the recipient can trust the sender’s identity if the checksum is correctly decrypted.

Email Content Encryption

• The email content is encrypted with a randomly generated symmetric key by the sender.
• This symmetric key is then encrypted with the recipient’s public key and attached to the email.
• The recipient decrypts the symmetric key with their private key, allowing them to access the email content.

OpenPGP Details

• Pretty Good Privacy (PGP) has evolved into OpenPGP (RFC 4880), featuring no central authority or certification body.
• Key exchange occurs via key servers, facilitating decentralized management of public keys.
• OpenPGP keys comprise private keys, public keys, IDs, and fingerprints (40 hexadecimal characters for key identification).

Security of Private Keys

• Private keys require protection by a passphrase, which should follow good password practices.
• Implement expiration dates for keys to ensure timely updates.
• Backups are essential; consider encrypted external storage or physical copies securely stored.

Revocation Certificates

• Revocation certificates ensure a properly retired key can be invalidated; they should be stored securely.
• Users can search for and list their GPG keys on key servers, facilitating decentralized key management.
• Identity verification previously relied on mutual signature confirmations; now, email verification from the concerned address is required.

S/MIME Structure

• Utilizes X.509 certificates for identity verification through a Certification Authority (CA).
• A Certificate Signing Request (CSR) is generated and submitted to the CA along with the email address after identity validation.
• Recipients must trust the CA to validate the sender’s identity and encrypt emails properly.

S/MIME Certificate Components

• Certificates include the common name (identified by the sender’s name), email address, and purposes such as digital signature and email protection.
• Certificates are subject to checks for issuer trustworthiness, duration of validity, and usage alignment.

S/MIME Key Exchange Process

• To send encrypted emails, the sender must have access to the recipient's public key, typically shared through secure prior communication.
• The recipient may be requested to send a digital signature as proof of their key.
• Many email programs automatically gather and manage certificates from received signatures to streamline email encryption processes.

Description

This quiz covers the basics of email encryption, focusing on the journey of emails across multiple mail servers. It explains the lack of protection during transit and emphasizes the importance of end-to-end encryption for secure communication between sender and receiver.