Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Encrypted email- casual one-off usage?  (Read 1055 times)

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 7866
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Encrypted email- casual one-off usage?
« on: April 24, 2019, 05:06:05 PM »

Background: On the iPad, I tried to get S/MIME going and failed because it seems to be a nightmare getting the required slithy toves into the wabe in Apple Mail. When you order a digital cert from the provider I used - trying to remember who it was, one of the larger outfits iirc - they assume that you have a PC or Mac and you are supposed to gyre and gimble in a web browser on that desktop machine, get hold of something and then email it to yourself following which the iPad picks up that email and extracts a borogove out of it and then the digital cert is installed and you should be good for S/MIME. Tell you what, I havenít got a PC, so let iOS Safari and Apple Mail on the iPad just download the borogove and thatís the end of it, cutting out the need for all the other nonsense. But they just couldnít give a stuff about a user like me so I got absolutely nowhere but did get a refund. Thanks Apple.

PGP in iOS seems a nightmare because of horrible PGP iOS apps that you have to deal with given that Apple wonít do the work to write the code to get support going in Apple Mail itself.

I would indeed like to be able to use PGP, but without a lot of grief. One answer, as I may have said before, would be a mail server that understands PGP and which sits as a relay on your own LAN or inside your own machine and which speaks IMAP/POP/SMTP anyway decodes and forwards on PGP emails to Apple Mail plus a similar arrangement in the reverse direction.

* My question: is there a way of sending an encrypted email as a one-off, casual usage if you like, without a lot of hassle, if I canít manage to use PGP?

(The problems with using PGP being the horrible app situation and integration usability problems in iOS on the iPad.)
Logged

johnson

  • Reg Member
  • ***
  • Posts: 722
Re: Encrypted email- casual one-off usage?
« Reply #1 on: April 24, 2019, 09:39:39 PM »

Have you considered making a new account with ProtonMail?
Logged

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 7866
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: Encrypted email- casual one-off usage?
« Reply #2 on: April 24, 2019, 11:21:22 PM »

Thatís a great tip. Looking at their website now, serious people.
Logged

johnson

  • Reg Member
  • ***
  • Posts: 722
Re: Encrypted email- casual one-off usage?
« Reply #3 on: April 24, 2019, 11:57:04 PM »

Yup.

Those with an abundance of tin foil ready for hat crafting might say that proton is too high value a target to not have been compromised, but people scared of the kind of powers that could should be passing around 1 time pads in person and setting fire to their computers at regular intervals.

For me it just means not letting google or facebook read your emails. Or even your own government... feel like everyone has forgotten about the "Investigatory Powers Act":
https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016
Logged

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 7866
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: Encrypted email- casual one-off usage?
« Reply #4 on: April 25, 2019, 01:50:44 AM »

I used to use a very small company in Somerset as my mail service provider. Used them for 18 years or so and had real people to talk to and one contact. They were bought up by someone else, whom I didnít know and so didnít trust, so I jumped ship quickly, and ended up moving my email to AA. I have to trust them practically speaking as theyíre my ISP, and itís difficult to arrange for things to be such that you do not need to trust them anyway. So I was extremely happy to trust AA with my email etc especially given their publicised attitude regarding privacy and human rights.
Logged

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 7866
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: Encrypted email- casual one-off usage?
« Reply #5 on: August 18, 2019, 12:52:10 AM »

I looked at this thread as I had forgotten much. I realise that the protonmail suggestion isnít suitable for me because I canít email non-proton users with it or anyway not with encryption and identity validation.

My requirements are:
1. I need to be able to assert my identity by signing emails. Recipients need to be able to verify that an email really is from me.
2. I need to be able to email anyone, not just a closed group of users.
3. I donít necessarily require that all email is encrypted but I might want to be able to encrypt email to certain recipients regardless of whether or not they have certain email accounts, so closed systems are out.
4. Standard email apps are a must. I need to be able to compose, file, store, receive email in standard apps without being required to use one particular app. This implies a restriction to the email protocol capabilities that can be plugged into standard email apps, or else pre-/post-processing of in-/out-bound email by other software components.
5. In certain circumstances I will want to be able to verify the identity of recipients and in some circumstances automatically bin incoming email that is from imposters.
6. I  need to be able to receive email from anyone.
7. In certain circumstances I might need a facility so that senders can encrypt email and send it to me.

So that lot is no small list. S/MIME might fit the bill ? I donít know enough about PGP but implementing / integrating PGP seems a nightmare.

Is it possible to set up a mail server that would pre- and post-process my email to help with these requirements ? So I donít need enhanced software components in the UI-email-apps that I use, those apps that handle email and have a user interface.

I wonder if I could sign something and send it to Andrews and Arnold such that they could verify that it was from me ? And optionally encrypt the contents of it so that only say x at AA could read it? (Who is x ? )
Logged

CarlT

  • Kitizen
  • ****
  • Posts: 1186
  • Next generation network design and deployment
Re: Encrypted email- casual one-off usage?
« Reply #6 on: August 18, 2019, 10:38:56 AM »

Don't use email would be my first thought. You seem to want end to end encryption right to the endpoint user's client without any prior knowledge of them.

Need to at least exchange a public key to do non-realtime encryption.
Logged
-----
Deploying better networks, not just faster ones.

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 7866
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: Encrypted email- casual one-off usage?
« Reply #7 on: August 18, 2019, 08:40:24 PM »

>You seem to want end to end encryption right to the endpoint user's client without any prior knowledge of them.

Forgive me then Carl, I must have expressed myself poorly. It would be good to be able to encrypt email sometimes to particular Ďfriendsí where arrangements would have been made in advance, each would be well known to the other and I would need to be able to sign the email so my friend could verify that email was from me. Some emails to my isp, that might a case, where the two of us had prearranged things and expectations had been explained.

My ignorance of email in general, of s/mime and PGPís capabilities and implications, this ignorance is letting me down here, and I beg your indulgence.

Iím making a guess, based on nothing, because of my ignorance level, that s/mime or PGP might do what I need but only if the communicating partner can get set up conveniently as required at their end. Setting s/mime up on an iPad seems to be so difficult that itís impractical.

Things donít have to be truly end-to-end, because itís acceptable for the Ďendí near me to move a but further away from me. If email on the first hop from or to me were unencrypted or not signed then that would be fine in a setup where I have a trusted link to an inbound /outbound mail processing server which transforms mail for me adding capabilities that my own email apps do not have.
« Last Edit: August 18, 2019, 08:48:00 PM by Weaver »
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5933
Re: Encrypted email- casual one-off usage?
« Reply #8 on: August 19, 2019, 07:34:51 AM »

There is transport encryption, where by your connection to the smtp server is encrypted, and then you hope that your email server sends encrypted to the other smtp server and then hope again that the recipient connects encrypted to read the email.

This as you may guess flawed in the sense you can only control your connection to the smtp server and the rest is a hope for the best.  You can be reasonably confident someone like a gmail user will be encrypted as google push for encryption hard, then you got some isps who's email servers dont even support encryption which is something I dont have words for.

Then you have end to end encryption, where the sender signs the email and the recipient has the key to read it, you ensure its encrypted en route, but the recipient needs the key.  Hence Carl's post.
« Last Edit: August 19, 2019, 07:37:58 AM by Chrysalis »
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

CarlT

  • Kitizen
  • ****
  • Posts: 1186
  • Next generation network design and deployment
Re: Encrypted email- casual one-off usage?
« Reply #9 on: August 19, 2019, 07:53:09 AM »

You need to do some sort of key exchange with the recipient, in which case you both need to have your keys signed and stored with a Public Key Infrastructure. This is how PGP works - people register their keys with keychains that can be publicly searched and members of that keychain sign these keys for them, cryptographically, to indicate that they may be trusted.

If you check something like UKNOF you'll note there are key signing sessions scheduled - this is why: in-person verification of keys.

Your private key is signed by a certification authority and is kept secret, your public key is signed by other people's private keys to build up a web of trust.

Not sure how familiar you are with asymmetrical cryptography but it's an entire thing on its own.

If the people you are trying to reach have public keys signed and on public key chains you're good to go otherwise the best you can do is rely on transport level encryption which you can ensure on your side though not, as far as I know, on the other.

I hope this helps. Unfortunately I've work to do so can't go into asymmetrical / public key cryptography, key chains, PKIs, CAs, etc, etc, in more depth.

EDIT: NB in real-time communications, messaging applications, etc, where you can set up a direct session to the other device you can perform zero-knowledge key exchange. My friend the good Dr Mike Pound explains:



More on Diffie-Hellman:



And deeper into the maths:

« Last Edit: August 19, 2019, 07:57:54 AM by CarlT »
Logged
-----
Deploying better networks, not just faster ones.

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 7866
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: Encrypted email- casual one-off usage?
« Reply #10 on: August 21, 2019, 03:54:31 AM »

Some very generous valuable references there Carl - many thanks. I have some reading to do.

Is S/MIME the good thing that matches or nearly matches my needs? I donít know if I can get it going on iPad - tried before and failed.

My ISP has a facility already set up where they can handle PGP emails to/from me.
Logged