Abuse of Usenet: Tutorial on Signing messages

This is an attempt to explain, in concept, how PGP signed messages work, to describe how they might be used, and to show why they currently won't solve the problem, but could contribute to such a solution.

To do this, we must start with an extremely brief high level introduction to public key cryptography. I promise there will be no math here, and that other than jargon words which I will define, it will all be in standard English.

To a cryptographer, the message you are reading is plaintext. That is, text that hasn't been transformed by an encryption technique. Encryption is a process of transforming plaintext into cyphertext, the latter simply being text that has been encrypted.

The way most encryption systems work is that they involve an encryption algorithm, which is a set of rules by which the substitution from plaintext to cyphertext is made. They also involve a secret key. If you have the key, you can translate plaintext into cyphertext, which is hopefully unreadable by anyone who doesn't have the secret key, and you can tranlate the cyphertext back into plain text. As mentioned above, translating to cyphertext is called encryption, translating back is called decryption.

If I want to send you a secret message, then I encrypt it using a secret key we both know, send it to you, and you decrypt it with the same key. Anyone who doesn't have the key cannot read our message. (Unless they've broken the code, but that's an issue we won't discuss here.)

Public key systems are different. Rather than using the same key to translate the plaintext to cyphertext and cyphertext to plaintext, these systems use two keys, one to encrypt, the other to decrypt. The two keys are related, but in theory, knowing one key won't help you figure out the other.

This is a good thing because it allows something called signing to occur. Signing is the proposed method for preventing forgeries, and one way it works is:

I create a private key and a public key. I make my public key widely available. When I want to create a message and prove that it comes from me, I sign it by including at the end of my message an encrypted version of the message made by my private key.

Anyone can read the original message, because it is plain text. Only I could have encrypted the second copy, because it was done with my private key. Anyone who has my public key can verify that I wrote the message and that no one has changed its content. How? By decrypting the second copy using my public key and comparing it to the plain text message. This proves that it was encrypted by my private key and the decrypted copy of the message has the same text as the plaintext copy.

(Note: The above is a little white lie. Sending the entire text as both plaintext and cyphertext is bandwidth intensive. But I said I wanted to avoid math, so think that it is as if the entire message was sent.)

OK, if this is such a good thing, how come everyone isn't using it, and why do I claim it doesn't work very well now?

The reason everyone isn't using it now is that a common public key signing system isn't available with most newsreader/poster software or with most mail programs. Although it is possible to install a usable one, it requires a lot more work than many people are interested in.

It doesn't work for several reasons. First, because most people don't sign news messages, no one is surprised when they see a message from someone that isn't signed. A forger picks a newsgroup the person they want to harrass doesn't use, and suddenly an apparently new user shows up in a newsgroup ranting and raving. Nobody would think that such a message being unsigned indicated it was a forgery, and in fact, the lack of signature didn't indicate the forgery.

Second, as mentioned above, setting up and using the software takes more time than many people are willing to spend, so until it becomes easily available, signatures are not likely to happen.

There really isn't a way to address the first problem. The second is addressed by having public key repositories. These are places that independently hold copies of public keys. It can be proven that the person changed their key by showing that the old public key still decrypts the message.

I've also glossed over some technical details, since I said I wanted to avoid math. In particular, cryptosystems aren't perfect, and eventually they've all been broken. Although the current generation are very hard to break, the theory of how to break them exists, it just requires more computer power than is available.

If you are interested in signing your messages, the best available system is called PGP (Pretty Good Privacy.) It was written by Phil Zimmerman, who does know what he is about. To find out more about PGP, you can read Phil's book "The Official pgp User's Guide," MIT Press 0-262-74017, or you can go to the web and start reading:

PGP is available for most operating systems, and there are shell programs that allow you to access it from MS Windows and MAC OS.

Currently maintained by The HELP Fund

Return to Main Page

Page expanded from an original compiled and written by Marty Fouts