Signature and Encryption

From Enigmail Wiki
Jump to: navigation, search

You have generated your own key pair and have imported other people's public keys, so you are now able to exchange secure emails with them. But first, you must ensure that your account is correctly set up to use Enigmail capabilities.

Account settings

Launch Thunderbird and choose Tools → Account Settings..., then click on OpenPGP Security from the email account settings:

4-01.png

If you have multiple identities enabled, you can (and should) set these OpenPGP options for each identity. You will do this by selecting Manage Identities and then the identity you want to edit, which after the Enigmail installation will have a new OpenPGP Security tab with the same options as above.

When configuring the OpenPGP options for your email account, first make sure the option Enable OpenPGP support (Enigmail) for this identity is checked. This is necessary in order to send signed or encrypted email on behalf of this account, and to configure Enigmail. This does not disable signature verification and decryption, which is account-independent.

You need to let Enigmail know which key to use with this account. By choosing Use email address of this identity to identify OpenPGP key, Enigmail will automatically select the key pair which lists amongst its User IDs the email address associated with this account. Do not select this option if you have more than one key pair with the same User ID. The recommended and failsafe method is to explicitly specify a key pair by choosing Use specific OpenPGP key ID (0x1234ABCD), then enter in the field the ID (prepended by 0x) of the key pair you want to use, or simply click on Select Key... and select the desired key pair.

You can then set some default options when composing a message from this email account:

  • Encrypt messages by default: always tries to encrypt your messages.
  • Sign messages by default: always tries to signs your messages.
  • Use PGP/MIME by default: always tries to use the PGP/MIME format for your mails

Starting with these defaults, the Per-Recipient Rules will be processed. If you're a new user there will be no Per-Recipient Rules yet.

Finally, you can specify some settings to Enigmail that will take effect after application of default and rules:

  • Sign non-encrypted messages enables signing automatically if encryption is not active at the same time.
  • Sign encrypted messages enables signing automatically if encryption is active at the same time.

These will be the default options, unless modified manually. If you change the identity while composing a message, signing/encryption will be activated or deactivated according to the above options for the chosen identity, unless you have modified the signing or encryption status manually.

By default, Enigmail uses a standard called PGP/MIME to sign and/or encrypt messages; this is reflected in the checked option Use PGP/MIME by default. PGP/MIME offers additional features such as attachments encryption together with the message body, and support for encryption of messages that use HTML format and special character sets. Unfortunately PGP/MIME is not supported by all mailclients; those that currently are compatible with it are Enigmail, Apple Mail, Becky, Evolution, KMail, Mulberry, Claws Mail, The Bat!, Balsa, Gnus, Whiteout Mail and others. If you uncheck this option, Enigmail will instead use the Inline PGP standard.

You can click on the Advanced... button to set some advanced options.

The first two options add a new mail header to the message, containing OpenPGP information about your key:

  • Send OpenPGP key ID adds the mail header OpenPGP: id=0xABCDEF01 which mentions the key ID specified in Use specific OpenPGP key ID.
  • Send URL for key retrieval adds the mail header OpenPGP: url=http://www.example.com/yourkey.asc which mentions the URL from where your public key can be retrieved. If you enable this option, you must also specify the URL by typing it into the field. This header actually is not used for any purpose of key retrieval, which means that even if it is set Enigmail won't fetch automatically the public key at the specified URL.

Finally, Attach my public key to messages automatically attaches your public key to any message you send.

While you're in Account Settings, this is a good opportunity to talk about some problems with HTML formatted mail in conjunction with OpenPGP secured mails.

HTML messages are not handled properly by the Inline PGP format. The PGP/MIME format, however, can deal flawlessly with HTML messages. Unfortunately not every mailclient can interpret the PGP/MIME format. Therefore, if you are a beginner in the use of OpenPGP, the safest and recommended way to deal with this situation is to disable HTML format for outgoing messages. You can do this by selecting Composition & Addressing and make sure Compose messages in HTML format is unchecked.

However, if you are sure that your recipients can deal with the PGP/MIME format, you can leave HTML composition as default, but ensure that PGP/MIME is always activated for those messages.

Remember to disable HTML by hand every time you want to sign or encrypt the message you're writing in Inline PGP format. If you have HTML enabled by default, you can do this for the current message by holding down the Shift key when clicking on the Write or Reply button used for message composition.

Signature and verification

Signing a message

You are now ready to write your first digitally signed email message. From Thunderbird, click on the Write button as you normally would do. You will notice that the Write window now contains an additional toolbar, with the icons of a pen (for signing the message) and a lock (for encrypting the message).

2-27.png

You can select the same options from the Enigmail menu. As you already know by now, you can send a message signed, encrypted, or both encrypted and signed. The pen icon and/or the lock icon light up to signal that the relevant option is on.

If you're opening a fresh Write window, the icons reflect the defaults for your account. As soon as you enter the recipients, the icon state will be refreshed, as Enigmail processes the Per-Recipient Rules and checks key availability in the background, and finally displays the result in the icon state.

The icons can also be modified manually: you can click directly on the pen and the lock icons to respectively toggle signature and encryption. They will contain an exclamation mark to remind you that you changed the state manually.

The possible icon states are:

Signing:

4-03a.png Message will be signed, according to defaults and rules

4-03b.png Message will be signed, because signature has been manually activated

4-03c.png Message will not be signed, because OpenPGP is not enabled for this account

4-03d.png Message will not be signed, according to defaults and rules

4-03e.png Message will not be signed, because signature has been manually deactivated

Encryption:

4-03f.png Message will be encrypted, according to defaults and rules

4-03g.png Message will be encrypted, because encryption has been manually activated

4-03h.png Message will not be encrypted, because OpenPGP is not enabled for this account

4-03i.png Message will not be encrypted, according to defaults and rules

4-03j.png Message will not be encrypted, because encryption has been manually deactivated

You can move the mouse pointer over the icons to show a tooltip explaining the current icon states.

The following image shows the composition of a signed message:

4-04.png

Activate signing by either activating the pen icon in the Enigmail Toolbar or by selecting Enigmail → Signing. Instead of clicking on the pen or lock icons, you may also click on the label This message will be signed/encrypted; Enigmail will pop up a dialog where you can change the signature/encryption and format status:

4-05.png

Then, click Send. The message will be signed with the key specified in the Account Settings for the account you're currently using, and which is shown in the From: drop-down menu.

You will be asked for your passphrase, which is necessary for all operations concerning your private key such as signing messages, decrypting messages, and revoking or modifying properties of your key pair. It is also possible to cache your passphrase for a chosen amount of minutes so you won't have to type it every time: this can be set from Enigmail → Preferences → Basic → Passphrase settings.

Verifying a signed message

Now, if Thunderbird is set up so that a copy of outgoing emails is automatically saved in the Sent folder, it is possible to have a look at how the signed message looks like:

4-06.png

In this Message window, the Enigmail status bar shows up to indicate that the message is secured with OpenPGP. The status bar says that the message was correctly signed, and gives information about the sender's key i.e. the key that was used to sign. This information is the User ID (the identity of the signer i.e. his name and email address) and the Key ID. The status bar also reports the date and time of the signature. You can expand or shrink the status bar by clicking on the expand gadget on the top left.

The Enigmail status bar is green to indicate that the sender's key is valid. In fact, in this case the sender's key is my own key, which has ultimate validity in my own Enigmail environment. Accordingly, a picture of a pen is shown in the status line at the bottom and a sealed envelope is shown near the headers.

You can have more details about the signing key (in this case, the fingerprint of the signing key) by selecting Details → Enigmail Security Info... or simply by clicking on the picture of the sealed envelope. Details → Copy Enigmail Security Info copies the security information to the Clipboard instead.

Now let's have a look at a signed message I received from jrandomhacker@example.com, assuming I have his public key:

4-07.png

The Enigmail status bar tells that the signature is correct, although untrusted. Note that the color of the Enigmail status bar is now blue. Accordingly, a question mark is shown on the pen in the bottom right corner and on the sealed envelope in the header section.

This means that John Random Hacker's public key is not fully valid in my public keyring, which is the default for freshly imported keys.

The most important point here is that it is verified that the message has been correctly signed with the specified public key.

From the Details menu you can operate directly on the sender's key:

  • View Key properties shows all key details
  • View OpenPGP PhotoID allows you to see the PhotoID, if any
  • Sign Sender's Key... allows you to sign the sender's key
  • Set Owner Trust of Sender's Key... allows you to set the Owner Trust for a sender's key.

These are shortcuts; you can do the same operations from Key Management as well.

What if I haven't had John Random Hacker's public key? In this case, the message would appear as such:

4-08.png

The message is signed, but the signature cannot be verified. This is also how a recipient that does not use Enigmail, nor any other OpenPGP software, will see the message. As expected, the original text is still readable: signature ensures authentication of the sender and integrity of the message, not confidentiality of the message.

Note how OpenPGP modifies the mail body when signing. OpenPGP prepends the original message by a line -----BEGIN PGP SIGNED MESSAGE----- and then specifies which hash function has been used. Then there is the original message. Finally the digital signature, embedded within two lines -----BEGIN PGP SIGNATURE----- and -----END PGP SIGNATURE-----, is appended to the message. Within the signature there may be a line that specifies the version of GnuPG used. It is also possible to put an additional comment line after the version. The lines starting with ----- are called PGP headers.

Finally, you might receive a mail that Enigmail shows as such:

4-09.png

Note the purple status bar, the image of a red pen, and that the envelope icon is marked with a red X. This signature is invalid, which means that the message has been altered in transit. However, not all alterations are malicious i.e. done by an attacker; these alterations might concern invisible characters such as line breaks, spaces, or tabs, and happen during the sending process or by improperly working mail servers.

In case of an invalid signature, nothing can be said about the integrity of the mail text. It may be unchanged or not, and you are advised to take it with caution. A good practice would be to ask the sender - by encrypted mail - for a statement about the contents.

Retrieving the key that signed the message

A nice feature of Enigmail is that it can import automatically the public key needed to verify a message. If you receive a message for which you don't have the sender's public key, simply click on the Import Public Key button in the status bar, and Enigmail will offer to download from a keyserver the key that was used for signing :

4-10.png

Just click Ok and Enigmail will do that for you. The imported key will be added to your public keyring.

More often, you will receive someone's public key as an ASC file attached to the email message. In this case, importing the public key is just as easy: you only have to right-click on the attachment and choose Import OpenPGP Key.

Someone might also send you his public key embedded in the message text. In this case, copy the key (the part between PGP headers), go to Key Management, and select Edit → Import Keys from Clipboard.

Encryption and decryption

Now comes the interesting part: exchanging encrypted messages.

Encrypting a message

To encrypt a message, select the option Encrypt Message before sending, and make sure the lock icon in the Enigmail status bar is lit. It is common practice to also sign a message you're encrypting.

To send an encrypted message to someone, you need to have his public key. If you have it, the key is automatically selected: Enigmail searches your keyring and selects the public key that has a user ID that matches the recipient's address. (Note: If you have set Per-Recipient Rules, these will be looked up first.)

This is done for each recipient. Recipient addresses are all those specified in the mail headers To:, Cc:, and Bcc:.

Additionally, the message is also automatically encrypted with your own public key, to allow you to read (from the Sent folder) the messages you sent.

As you see, this is pretty straightforward. But what happens if Enigmail is unable to select a public key for a recipient, for instance because you don't have it? In this case, Enigmail pops up the Key Selection window to ask you to select the key(s) by hand:

4-11.png

In the figure, I was trying to send an encrypted email to cryptoguy@domain.org, which let's imagine is set as an alias and forwards all mails to jrandomhacker@example.com. In this case, I would select John Random Hacker's public key, as shown in the figure, and click Send. The message would then be sent to cryptoguy@domain.org encrypted with John Random Hacker's public key. If I had to send mail to cryptoguy@domain.org often, it would be worth creating a per-recipient rule that says "Encrypt all mail that is sent to the address cryptoguy@domain.org with the public key associated with address jrandomhacker@example.com". This can be done directly from the Key Selection window by clicking the Create per-recipient rule(s) button. Alternatively, if John Random Hacker intends to use his alias address often, he should add the user ID cryptoguy@domain.org to his public key, and redistribute the updated public key.

As you learnt, a message can be encrypted with more than one public key. In fact, it is usually encrypted with at least two public keys: the recipient's and yours, to let you be able to read a copy of the message. In fact, you are able to read the encrypted messages you send only because Enigmail, by default, encrypts any outgoing message with the sender's public key too. Shouldn't Enigmail do that, the message would look gibberish to you -– even if you are the creator of the message.

To be more precise, OpenPGP uses hybrid encryption. First it generates a random session key, and encrypts the message with the session key using a symmetric algorithm; then, for each intended recipient, it encrypts the session key with the recipient's public key and adds each encrypted session key to the encrypted message. It then internally builds an OpenPGP block, which includes a header containing the key IDs and user IDs of any public key the message has been encrypted with. Each recipient then receives the same OpenPGP block. As a consequence, it is not possible to send to multiple recipients a message that is encrypted for some recipients and unencrypted for others. The message is sent out either encrypted or unencrypted for the whole list of recipients.

That being stated, you should not send encrypted messages to Bcc: recipients, because from the OpenPGP block each recipient is able to tell the identities of the others – hence defeating the purpose of the Bcc: field. While Enigmail is able to do some workaround to hide the Bcc: recipients from the header, as a side effect this could block users of other products (e.g. PGP Corp.) from being able to decrypt the message.

Decrypting an encrypted message

This is a message that John Random Hacker sent encrypted to me:

4-12.png

The grey Enigmail status bar saying "Decrypted message", the lock in the headers bar, and the yellow key icon in the corner, all indicate that the message was correctly decrypted.

By default, the message is automatically decrypted as it is opened. If you ever want to change this setting, deselect the option Enigmail → Automatically Decrypt/Verify Messages. Then you can decrypt messages by hand by clicking the Decrypt button in the toolbar.

The previous message was encrypted but not signed. Here's how a message that is both signed and encrypted appears to you:

4-13.png

Note that the Enigmail status bar is blue and the text in it says: "Decrypted message: Untrusted good signature". This means that the signature verifies, but John Random Hacker's public key is not fully valid in my public keyring, which is the default for freshly imported keys.

Permanent decryption of messages

This feature was a long standing wish from users, but quite difficult to implement. Starting with version 1.8, Enigmail offers a way to permanently decrypt messages. It works when receiving messages from the mail server using the Thunderbird mail filter scheme.

To activate this feature, click on your account and then on Manage message filters. The following window will open:

4-20.png

Click on New to create a new message filter:

4-21.png

In Filter name you can freely chose a name so that you can distinguish it from other filters.

You can leave the Apply filter when: as it is set by default.

In the next section of the dialog you enter the conditions under when the filter shall trigger. Here you must enter only one condition: that "From, To, Cc or BCC" contains your email address. This will apply this filter on every mail you receive under that address.

Up to now, this is like setting up a Thunderbird standard message filter.

Enigmail provides for two action types, which can be selected using the drop-down menus under Perform these actions: Decrypt permanently (Enigmail) or Create decrypted Copy (Enigmail).

The first option decrypts the message and moves it in the folder selected using the drop-down menu on the right side. Clicking Ok, Enigmail shows a warning:

4-22.png

This is because if there is any failure during decryption (e.g. messages that are encrypted in odd ways such as S/MIME + PGP combined), the message will be lost or corrupted. It is therefore better to select Create decrypted Copy (Enigmail) and test the behaviour for some days or weeks. If anything goes wrong, you still have the original message and can decrypt it manually. If it works flawless, you can later change it to Decrypt permanently (Enigmail).

Encryption and mail headers

One important point concerns mail header security. Mail headers cannot be encrypted, nor included in the signature computation. This includes also the Subject mail header. Therefore, do not write any sensitive information in the Subject when sending an encrypted message.

Signature and encryption applies to the mail body only –- and also to attachments, if you chose so. That is, when you sign a message, no mail header (such as the Subject, Date, all Received headers, etc.) can be included in the signature. Also, when you encrypt a message, mail headers are not encrypted.

Most mail headers (e.g. the Date) are added by the Mail User Agent (mail client) only after that Enigmail processes the payload; other mail headers (e.g. the Received) are subsequently added by the Mail Transfer Agents on each hop of the way from sender to receiver; eventually, other mail headers are added by the Mail Delivery Agent at the endpoint. Even mail headers that are user-set at the time the message is composed (e.g. the Subject) may be legitimately modified by antispam or antivirus applications on the destination server.

This is to say that mail headers change in transit, and therefore they cannot be signed; mail headers also must be in cleartext in order for the mail message to be processed and delivered by intermediary routers, and therefore they cannot be encrypted.

This is not a limitation of Enigmail, neither of GnuPG. The OpenPGP standard currently does not describe a way to sign or encrypt the Subject or, for this purpose, any other mail header. This might change in the near future. Encryption of headers is actually a matter of discussion; the Memory Hole project aims to create a standard to include the headers inside the OpenPGP-protected payload. The implementation of this proposal is included in Enigmail but off by default, with no way to enable it.

Thus, please remember that at the current time mail headers aren't and cannot be secured, and they could be snooped and forged in transit like any cleartext mail message.

Note that, for the same reason, Enigmail will not sign and/or encrypt a blank message: the message body is empty, so there's nothing Enigmail can process.

Handling attachments

When sending an encrypted or signed email message that has attachments, you will be given the choice how to encrypt/sign the attachments:

4-14.png

There are three mutually exclusive options:

  • Just encrypt/sign the message text, but not the attachments. This is not recommended, as it will only protect the message text.
  • Encrypt/sign each attachment separately and send the message using Inline PGP. In this case, the signature for each attachment filename.ext will be stored in an additional attached file named filename.ext.sig. If the attachment must be encrypted, it will be renamed as filename.ext.pgp. This is the safest and most recommended method.
  • Encrypt/sign the message as a whole and send it using PGP/MIME. As said previously, the PGP/MIME standard is not supported by all mail clients, so the risk here is that the recipient could be unable to read the message.
  • Don't encrypt and sign the message at all. Choose this if you erroneously selected encryption/signing and would like to send the message in cleartext instead.

If you tick the option Use the selected method for all future attachments, Enigmail will remember your choice and won't ask you any more. To have Enigmail show you the options again, go to Enigmail → Preferences → Advanced and click on the Reset Warnings button.

When you receive an encrypted attachment, you can view it or save it simply by right-clicking on it and selecting, respectively, Decrypt and Open or Decrypt and Save As....

Practice with Adele, the friendly OpenPGP email robot

If you want to do some signature and encryption tests yourself, then you'll find a very patient correspondent in Adele, "The Friendly OpenPGP Email Robot". Adele can be contacted at adele-en@gnupp.de and is an automated program that is able to receive and understand OpenPGP messages, and replies to them accordingly, usually in a very short time. Hence it is perfect for your tests.

I sent a simple cleartext mail (unsigned, unencrypted) to Adele, and here's how she replied to it:

4-15-1.9.png

Here Adele complains that there was no public key attached to my message, so she doesn't know what to do with it. However, she provided me with her public key embedded in the message; note the OpenPGP key block in the mail body, and the yellow Enigmail status bar. Clicking on the Import Key button will import her public key into my public keyring:

4-16.png

Adele's public key is now in my public keyring.

I can use Adele's services to test that my messages are encrypted and decrypted correctly. As you remember, I have imported Adele's public key in my keyring, and I am therefore able to send her an encrypted message:

4-17.png

If I look in my Sent folder there is my message, automatically decrypted as I open it.

The next figure shows my own message, correctly decrypted:

4-18.png

A short time later, I receive Adele's reply:

4-19.png

Note that the Enigmail status bar warns that the mail body is only partly encrypted: Adele's message is, while the note at the bottom isn't. Enigmail marks the secured (i.e. signed and/or encrypted) part so that you can easily distinguish between them.