Encryption in emails: Digital Signatures
Does encryption stop here?
You probably guessed it, since there's a post now. But I'll say it anyway - no, it doesn't. While you might blow the trumpets and hit the sack for now, you'll eventually come back to ask:
How does Alice know the mail's from Bob (realBob@xyzmail.com) and not from jealous Eve (trustmeIamBob@xyzmail.com)?
How does Alice know that Bob's message wasn't altered? Her public key is public, remember? Eve can't read Bob's message, but can't she replace it with another of his own?
How do Bob and Alice know each others' public keys?
Answers to 1 & 2 lie in a concept called digital signature. Not to be confused with pompous signature lines on emails.
Digital signatures use the concept of PKC again. But in reverse order to the previous section. Idea's simple, just remember
Anything encrypted with Bob's private key can be decrypted by Bob's public key only.
So any message that can be decrypted with Bob's public key must've been encrypted by Bob's private key.
Assuming only Bob has access to his private key, the message must have come from Bob.
So we simply re-encrypt the encrypted message (6ekd890optak1 above) with Bob's private key. Alice uses Bob's public key to confirm it's from Bob and everyone lives happily ever after!
As promised, what I've explained is in fact an oversimplified picture. The concept is the same, but modern day digital signatures work a bit differently. They convert the message into a hash, which can be compared later to ensure the message hasn't been altered. I'm going to skip that part because
Apparently the idea can work without hashing
I don't want you staying up late reading this
I need ideas for later posts
Great, now we know how it all works! If all you wanted was to know how encryption works in principle, you should stop here. If you want to know what happens in reality, read on.
Next, we move on to tying up some loose ends in the next post, starting with...