Although very convenient, email and the Internet
offer little guarantee as to the integrity of your communications
and the identity of your correspondents. It is very easy to send
emails in somebody else's name or to intercept them as they transit
through a number of unknown computers. Emails are not any safer
or confidential than typed postcards and should be treated as such.
Therefore, I offer the option of exchanging emails
and documents with electronic signature
and/or high-level encryption with S/MIME
or PGP, the two main solutions in secure
messaging. Some software such as Adobe
Acrobat include similar capabilities. Using S/MIME or
PGP allows you to:
• check the identity of your correspondent
• ensure messages and documents have not been altered after
• exchange encrypted messages and documents
S/MIME capabilities come
preinstalled on common email software such as Microsoft Outlook
(Express) or Netscape products and allow you to check S/MIMED signed
mail. One important point is that you will first need a certified
digital identification (digital ID) before signing or encrypting
Digital ID's must be obtained from a recognized Certification Authority
(CA). After checking your identity carefully,
the CA of your choice will deliver a certified digital ID. Your
correspondents may then check your identity as approved by your
A digital ID may be obtained for free from Thawte
after physical identification by several notaries of the Thawte
Web of Trust. Major CA's such as Verisign,
are compared on
WhichSSL.org and the PKI-page.org.
PGP/GPG allows exchanging
signed and encrypted messages with any PGP-compatible software.
PGP does not request a certificate from a recognized CA to function.
It does however support common X.509 certificates for checking the
identity of your correspondent. Not using CA certificates introduces
a security hazard at the original key exchange only, when you must
trust the identity of your correspondent. PGP additionally allows
you to sign and encrypt files, folders or partitions on your computer
for internal security.
PGP is available as GPG
free software. Consider using Mozilla
as your Internet browser and email client, as it offers the
GPG Enigmail module with GnuPG. Installation takes three steps but
the result is outstanding.
offers commercial software that integrates smoothly into common
messaging programs such as Outlook, Outlook Express, Eudora, Entourage
and Apple Mail.
S/MIME and PGP both make use of Public Key Encryption
(PKE). PKE encryption involves two complementary
components forming a key pair:
• a private key that you preciously keep and hide; and
• a public key that you widely show and distribute.
The private and public keys work together as two pieces of a puzzle.
Combining the output of both public and private keys is needed to
check a signature or decode a document.
You will find my PGP public encryption
More information is available here:
PGP FAQ by André Bacard
Phil Zimmermann's website (the creator of PGP)
Besides S/MIME and PGP, I will upon request also
make use of software specific encryption
such as available in Adobe