Learn how e-mail encryption guarantees privacy content

E-Mail has become an indispensable means of communication in modern society, but also as a necessary daily management communication tool for major companies, and employees are increasingly dependent on e-mail, but they ignore the security of e-mail messages, regardless of whether the content is important, will not take encryption measures. This gives some ulterior motives to the person left behind the door, light is lost personal privacy, heavy to let the company's important data stolen, so that the company and individuals have suffered huge losses.

So in the use of e-mail should try to encrypt, to ensure the security of data, the following describes several common encryption methods, let us carefully understand what is message encryption.

Encryption system: In several existing e-mail encryption methods, End-to-end encryption is the full encryption from the source device to the receiving device. This approach provides the highest level of security by prohibiting insertion points, because plaintext data can be read by anyone at these insertion points. The disadvantage is that this model is also the most complex in terms of implementation and management. This complexity stems primarily from the fact that cryptographic software must be installed on endpoints and maintained, and that endpoints must be integrated with the client's e-mail reading software. Gateway to endpoint encryption is a simplified encryption that provides full encryption from the gateway system within the sender network to the receiving endpoint. In this scenario, the message is sent as plain text from the sender's desktop and encrypted at the gateway close to the e-mail server. This mode cancels the need for any cryptographic software, or cancels the sender's intervention. The gateway to the Gateway encryption. This approach is like the gateway to the endpoint encryption, but it adds an encryption gateway to the recipient side, which eliminates the need for desktop software and management costs. Gateway to Web encryption, which provides access to sensitive data through a Web server. Data is usually protected through transport layer encryption, such as using the cryptographic Sockets Layer (Secure Sockets Layer (SSL)). This ensures that communication with any recipient is secure, regardless of its architectural or complex level. A standard message is sent to the receiving end and notifies that a security message is waiting at the gateway. The receiver finds the message through a secure connection, which needs to be authenticated by the confidential information provided by the Out-of-band mechanism.

The

Two uses symmetric encryption algorithms to encrypt messages: Symmetric encryption algorithm is an early encryption algorithm, the technology is mature. In the symmetric encryption algorithm, the data originator sends the plaintext (the original data) and the encryption key through a special encryption algorithm, which makes it become complex encrypted cipher text sent out. After receiving the ciphertext, if you want to interpret the original text, you need to use the encryption key and the same algorithm of the inverse algorithm to decrypt the ciphertext, in order to enable it to revert to readable plaintext. In the symmetric encryption algorithm, only one key is used, both the sender and the receiver use the key to encrypt and decrypt the data, which requires the decryption party to know the encryption key beforehand. Symmetric encryption algorithm is characterized by open algorithm, low computational load, fast encryption and high encryption efficiency. The disadvantage is that both sides of the transaction use the same key, security is not guaranteed. Using symmetric cipher algorithm to encrypt email, we need to solve the transmission of password, save and exchange. This way the Mail encryption system is currently rarely used.

Three uses the PKI/CA authentication encrypt the mail: the electronic mail encryption system at present most products are based on this kind of encryption method. The PKI (public Key Infrastructure) refers to the key infrastructure, and the CA (certificate authority) refers to the certification center. The PKI solves all kinds of obstacles in the network communication security, and the CA solves the network Trust problem from the aspects of operation, management, specification, law and personnel. Thus, people collectively referred to as "Pki/ca". From the overall framework, PKI/CA is mainly composed of end users, certification centers and registered institutions. PKI/CA works by issuing and maintaining digital certificates to establish a trust network, in the same trust network users through the application of digital certificates to complete identity authentication and security processing. Registration Center is responsible for verifying the authenticity of the applicant's identity, after the audit through, responsible for the user information through the network to the Certification center, the certification center responsible for the final processing of the certificate. The revocation and update of certificates also need to be submitted by the registration authority to the certification Center for processing. In general, the Certification center is for the registration center, and the registration center is for the end user, the registration organization is the user and Certification center of the intermediary channel. The management of public key certificates is a complex system. A typical, complete, effective CA system should have at least the following parts: Public key Password certificate management, blacklist release and management, key backup and recovery, automatic Update key, history Key management, support cross certification, etc. PKI/CA certification system is relatively mature but applied to e-mail encryption system, there is also a complex key management, the need to exchange the key to carry out encryption and decryption operations, the famous e-mail cryptographic system PGP is the use of this set of encryption process encryption. This encryption method is only applicable to enterprises, organizations and some high-end users, because CA certificates get trouble, Exchange cumbersome, so this e-mail encryption mode has been very difficult to popularize.

IV e-mail encryption using identity-based cryptography: To simplify key management of traditional public-key cryptography, 1984, an Israeli scientist, one of the inventors of the famous RSA system. Shamir put forward the idea of identity-based cryptography: To expose the user's identity information (such as e-mail address, IP address, name ..., etc.) as the user's public key, the user's private key is generated by a trusted center called the private key creator. In the following more than 20 years, the design of identity-based Cryptosystem has become a popular research field in cryptography. This approach is the most promising way to implement the size of e-mail encryption applications.

Read the above introduction believe that you have to encrypt the e-mail has a certain understanding of the future of e-mail protection will also have some help.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/