How Email and Digital Signing Works

Print this post Email this post

Digital signing is used to confirm authenticity of the e-mail sender and encryption is used to secure the communication to prevent others from seeing the content.

For example, John and Jane works on a top secret project and wants to make sure that their e-mail correspondence is secure. Each of them has a personal certificate and send a digitally signed non-sensitive e-mail to each other. When John receives Jane’s email, his computer check the authenticity of Jane’s certificate through the Certificate Authority (CA).

Since a CA is used to confirm the authenticity of a certificate, a trusted CA is needed. If Jane’s certificate is created by a CA that’s not trusted by John’s computer, a good e-mail program should flag it as a signature from a non-trusted CA. Most computers are installed with a list of well-established trusted CA like Verisign, Thawte, etc. It is also advisable to use a well-established CA for security and confidence. A self-signed or non-well-established CA usually requires the recipient to download the CA root certificate and set it manually as trusted CA.

After confirming that Jane’s certificate is authentic, John can now send encrypted e-mail to Jane using Jane’s public key which is stored in the signature. An e-mail is encrypted using the recipient’s public key and can only be decrypted using the corresponding private key. When receiving a certificate from a CA, this certificate contains both public and private key. A certificate that contains private key must never be shared to others because it is THE only key that can be used to decrypt any e-mail encrypted with the corresponding public key. In this example, John uses Jane’s public key to encrypt the e-mail that he sent to Jane. If Jane shared her private key with Jack, then Jack would be able to view any encrypted communication destined to Jane.

For more info on how to sign and encrypt e-mail click here

To summarize the article:

  • Digital signature is used to confirm the identity of the sender by using certificate
  • The authenticity of this certificate is checked against the issuing Certificate Authority (CA)
  • Certificate received from a CA contains both public and private key
  • Certificate sent out as signature only contains the public key
  • Certificate that contains the private key MUST NOT be shared with anyone
  • If A sends to B a digital signature, B uses A’s public key to encrypt an e-mail sent to A
  • Only A’s private key can be used to decrypt anything that’s encrypted using A’s public key
  • Anyone that obtain’s A’s private key can decrypt anything that’s encrypted using A’s public key
Be Sociable, Share!

Tags: , , ,

Leave a Reply

You must be logged in to post a comment.