These days using the Internet and E-mail is common, easy, and even a necessity for some of us. But have you ever wondered if that E-mail you just read was really from the person you thought is was from? It might have been from someone else who was using that persons account, or who set up their E-mail program to show a different name. It might even have been sent by a virus. Of course the same is true about messages others think were sent by you.
Did you know that the message you just sent could be read by anyone with the right access to a computer along the message's path? Thats right, that E-mail you just sent and thought no one but the recipient would see might have been read by some stranger or perhaps even someone you or the recipient knows. Their are four main locations where messages get intercepted: your computer (the sent/out box), your SMTP server where the message gets held until sent to the destination, the recipients mail server where the message is stored until deleted, and finally the recipients computer. There is a fifth location, any computer the message has to pass through on its from you to the recipient could intercept copy and even alter the message. Remember E-mail is sent as a plain text message readable by anyone.
Both of these problems can be solved using digital signatures and encryption. In fact your E-mail program probably already supports one of the two most popular forms. Microsoft products and Netscape directly support the S/MIME using digital certificates from companies like Verisign and Thawte. Mozilla will eventually support S/MIME. PGP was the original signature and encryption program. It has plug-ins to add PGP support in Eudora, Outlook, and Outlook Express. While it used to be popular on Linux and other *nix systems it has since been replaced on all platforms by GPG which is based on the Open-PGP standard.
Both systems require the use of digital certificates. S/MIME certificates are generally issued by a certificate authority (CA) such as Verisign or Thawte. Because the CA must verify your ID before issuing the certificate they usually charge money for them. The more capabilities the certificate has such as code signing or e-commerce, the more verification is needed, the higher the cost. This is a yearly fee since the certificates expire after one year. PGP/GPG certificates on the other hand are created by you. This means you can create as many as you want which is most useful when you have more than one E-mail account and don't want to use the same certificate for all of them. The owners ID is verified by checking the signatures on the certificate. More on this can be found at the GPG site.
My PGP/GPG key: lost-coder@zianet.com
Key ID: 0x06D4E7D1
Fingerprint: 1CC1 2471 0095 A595 944D 504A 0CCA EAE0 06D4 E7D1
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (MingW32)
mQGiBDy+RXERBACBSw4NRhT69cv3RRK0CZ8ACiDxeV4TCKIKnC9OvZlJiZyokzsv
Gf+Y25ehNJGm3ewMMB7jnrG2QoSCPJSEYyhkcLf1biRHrLL/gqTag0IdmAvslDZ+
e/GX6dx9GNorypEzRZaiDwWMd9Ah8Pk1NDcuWIsbd1NHlxp6FNHBBsQSnwCg0ahP
l+bHkv9OrXtrZx7XMQ1d5XsD/jwcqS/QOoapQls5Qhc9xiXi5izS7pzw41cTQfuZ
qwI41ct1wKQpY/eknvJHl6e9Z6eEv6qSwGOpZsLGYQWK9i9Q1OWcMpqISpGSTWgo
nFQlk6d8koU5cwk9WPCYoUc8vvyR08U32qzhwgafGceNqZKkWEIYTqjsFp3Wl+Hu
stO+A/0cPrj6E8QsOoU5pPaq8DoRd548kmqDhi4ObI0f2TvTh/H9XOXyA4E5enis
2Un2OXW1xE49vz7xsgfkL4SXPBFVYjtVPfB2+LloxM5sN+HFVKKCMv/7IZ50Z1Aa
noOR+5HvX20e+zR1+F46ifh2ReO4bct1x4sXeX+9ZFuZJF5s0rQlS2VubmV0aCBI
YWxleSA8bG9zdC1jb2RlckB6aWFuZXQuY29tPohfBBMRAgAXBQI8vkVxBQsHCgME
AxUDAgMWAgECF4AAEgkQDMrq4AbU59EHZUdQRwABATlZAKCyZdKF2aLZ8ARHm1+w
XjyZrIjjAACcDu8x3I12IdPrMAItjqcDVnys866IRgQQEQIABgUCPL5F/gAKCRAF
/bJOFYMdrwRPAKDPaWic/cxuB1gc3o3+aY5n7LmhJQCeMn2IT87EzBlZtQoViSbP
OVgoPua0LUtlbm5ldGggSGFsZXkgPGhhbGV5a2RAdXNlcnMuc291cmNlZm9yZ2Uu
bmV0PoheBBMRAgAeBQI/mLHSAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEAzK
6uAG1OfRvaUAn2eYNIiaLi2UI5Xk//clJdI5WbYRAKDBJ2NEGNZqsT9Tf+qz5zw8
V3yZObQkS2VubmV0aCBIYWxleSA8aGFsZXlrZEB1c2Vycy5zZi5uZXQ+iF4EExEC
AB4FAj+YsfUCGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQDMrq4AbU59HU+gCe
LppBwafD2MsIuLKb/1C9QvqtEzYAnilRn8bX64dunOEu02U3G8OdYOz+uQINBDy+
RYUQCADjicQj1u2qIiu3/6FtfXh6gdTHqHtq6JOOZKyhqdPIjLSdzguBekDML4Rw
QNDMv6R5wG4UFrhGFP7Og2h0R/yoLSIkbSNXiTEPemqomO9xQJly0l5gojbVmyZz
4a1qjvlcfcC7ieaUh58aAcjgLLwkM2pbvHOwtlSrrPVy6H3I69HJTI+ZcXbe4/eS
vzBaAE9PsnsOf8TAhzPmQc2oeuOYKzaHnOZmyRECNUl+Uqih0zsmLAZIoXCqcl7V
OjtMn1NV5BtHaYXs3asV5NQQzzDSlMzdYY+p/rC1s5e9nD0ShDneeqNwR+UyMsKJ
3N11F+OJn1zr7xL5gFj3oqAk5Q/jAAMGCADejw6m+ZzQ0OBvxfpLcbeoWSx7P+Kj
kXvmjZBLsup6SXdgeu7ESApuVgsVBZCsIVlXBAJVRMMygk+I7eEu+G/c9HV8RtTr
TF3lLid8o2Dy7QCQ2n22QRUG6k8CQVhPzFJ9dREpFQFOf8XIjujj0HGEylFxp+bm
Umkz4TXDMu6vLEbrVsIbNSwP685yowq6/w8/SWPzVIVgn6W9HNH7qMkg+22/YnAc
nhvFaBlZ7b7sFVG8IgYtHWtaA8AqIiZTEqGaz0a7gmPixMhL8msOESD2gBzy5GeY
K+r68T6cXnpnbmXG207UBhGgMfhN20isjVr87B0RryebthK64Wft5c+RiE4EGBEC
AAYFAjy+RYUAEgkQDMrq4AbU59EHZUdQRwABAVlhAJ0QkjKE8uV4Gct6zoRSPgNF
azxScwCdEIFwixe/pjbnQq/YE3HW97ZAIxs=
=ASg9
-----END PGP PUBLIC KEY BLOCK-----