OpenPGP and Apple Mail

[Pixelmage]

I just installed OpenPGP. I have a few questions that I hope someone can answer.

1. If I send an encrypted email using OpenPGP, will the e-mail still be encrypted while it is travelling through the Internet, especially if the recipient does not have OpenPGP installed?

2. When I created the passphrase/key via OpenPGP, the key containing the passphrase for the e-mail address is uploaded to a user-defined public server. Aside from other OpenPGP users, does anyone else have access to the key? And if so, can it be misused in any way?

 

[MacUser2525]

I just installed OpenPGP. I have a few questions that I hope someone can answer.

1. If I send an encrypted email using OpenPGP, will the e-mail still be encrypted while it is travelling through the Internet, especially if the recipient does not have OpenPGP installed?

2. When I created the passphrase/key via OpenPGP, the key containing the passphrase for the e-mail address is uploaded to a user-defined public server. Aside from other OpenPGP users, does anyone else have access to the key? And if so, can it be misused in any way?

1. Yes although if the person you send to has no pgp installed they will never be able to read it as it will be your key you are using to send not their public key.

2. It only uploads the public key so others can encrypt messages to you that you will be able to decrypt using your pass phrase and private key.

 

[Lord Hamsa]

I just installed OpenPGP. I have a few questions that I hope someone can answer.

1. If I send an encrypted email using OpenPGP, will the e-mail still be encrypted while it is travelling through the Internet, especially if the recipient does not have OpenPGP installed?

2. When I created the passphrase/key via OpenPGP, the key containing the passphrase for the e-mail address is uploaded to a user-defined public server. Aside from other OpenPGP users, does anyone else have access to the key? And if so, can it be misused in any way?

Re: #2 - EVERYONE has access to the key. That's the point. PGP is based on a public/private key pair system. It only works when people have your public key - with it they can a) encrypt a message so that only you (with your private key) can decrypt it, and b) verify that a message "signed" by you (with your private key) is really from you. (Assuming they have reason to trust your public key is actually yours.)

So this answers #1 - an encrypted message sent via Mail will remain encrypted endpoint to endpoint, and can only be decrypted by someone with the proper private key.

The practical upshot of this is that both parties need to have some form of PGP installed (assuming the various flavors are interoperable) and they need to have exchanged public keys at some point for the system to really work. To some extent, I'm kind of surprised that, especially with the recent emphasis on security and surveillance, some form of this isn't being built into major email clients directly, at least as an opt-in approach.

That is, imagine this being built directly into OS X/iOS Mail applications. You could generate a public/private keypair, likely through a process tied to your Apple ID, which would then allow anyone to look up your public key (signed by Apple) by your registered email address(es) and ensure end-to-end encryption automatically. Hopefully, you would also be able to upload public keys to contacts without Apple IDs, and then whenever you compose a Mail message, encryption would automatically kick in if the contact(s) on the email have associated public keys, with the message automatically signed with your private key.

 

[MacUser2525]

That is, imagine this being built directly into OS X/iOS Mail applications. You could generate a public/private keypair, likely through a process tied to your Apple ID, which would then allow anyone to look up your public key (signed by Apple) by your registered email address(es) and ensure end-to-end encryption automatically. Hopefully, you would also be able to upload public keys to contacts without Apple IDs, and then whenever you compose a Mail message, encryption would automatically kick in if the contact(s) on the email have associated public keys, with the message automatically signed with your private key.

That already exists no need for any company to re-invert the wheel. There are many key servers spread across this planet for GPG all freely available. With an email program that actually cares about user security like Thunderbird all you describe is already possible. Oh and a signed message does nothing for you but confirm you sent it with your key it needs to be encrypted for no snooping, I would think that is what you meant there.

 

[old-wiz]

So this answers #1 - an encrypted message sent via Mail will remain encrypted endpoint to endpoint, and can only be decrypted by someone with the proper private key.
.

Wonder if the NSA can break it?

 

[MacUser2525]

Wonder if the NSA can break it?

Won't have to as an American company they can force Apple to put back door right in the program.

 

[Lord Hamsa]

That already exists no need for any company to re-invert the wheel. There are many key servers spread across this planet for GPG all freely available. With an email program that actually cares about user security like Thunderbird all you describe is already possible.

I just don't see why it isn't a stock part of the "standard" mail apps like OS X/iOS Mail, Outlook, etc. - with the current scrutiny of privacy and security, you'd think big companies like Apple, Microsoft, and Google would at least announce the features would be forthcoming in an effort to placate users. Apple, for example, could fairly easily incorporate something like this into their Mail clients, possibly even as part of the the whole iCloud sign-up process, making it easy to setup up a keypair and uploading to/reading from the public key servers.

That type of easy access from the mainline computer and smartphone operating systems would lead to the critical mass of adopters needed to make encryption and digitally signing so commonplace that it becomes the default way of exchanging data. Something I've frankly been advocating for roughly 20 years, but I've honestly stopped using PGP/GPG in the last decade or so because my contacts, as a whole, don't use it, so it's just extra overhead for no benefit. (And so we get back to the "critical mass" point.)

Oh and a signed message does nothing for you but confirm you sent it with your key it needs to be encrypted for no snooping, I would think that is what you meant there.

A signed message confirms (to someone with your public key) that the message is from you. It offers no encryption of the message contents. A typical PGP (or GPG) message is both encrypted with the recipient's public key and signed with the sender's private key to ensure that the message contents are protected, accurate, and originated with the sender.

Won't have to as an American company they can force Apple to put back door right in the program.

How would the NSA force Apple to put a backdoor in OpenPGP?

 

[mpantone]

I just don't see why it isn't a stock part of the "standard" mail apps like OS X/iOS Mail, Outlook, etc. - with the current scrutiny of privacy and security, you'd think big companies like Apple, Microsoft, and Google would at least announce the features would be forthcoming in an effort to placate users. Apple, for example, could fairly easily incorporate something like this into their Mail clients, possibly even as part of the the whole iCloud sign-up process, making it easy to setup up a keypair and uploading to/reading from the public key servers.

That type of easy access from the mainline computer and smartphone operating systems would lead to the critical mass of adopters needed to make encryption and digitally signing so commonplace that it becomes the default way of exchanging data. Something I've frankly been advocating for roughly 20 years, but I've honestly stopped using PGP/GPG in the last decade or so because my contacts, as a whole, don't use it, so it's just extra overhead for no benefit. (And so we get back to the "critical mass" point.)

Apple Mail (OS X) and the iOS Mail app have both long supported S/MIME certificates. Of course, no one uses it, and S/MIME is arguably easier to use than OpenPGP.

Basically Joe Consumer don't care about encrypting his e-mail.

 

[old-wiz]

Apple Mail (OS X) and the iOS Mail app have both long supported S/MIME certificates. Of course, no one uses it, and S/MIME is arguably easier to use than OpenPGP.

Basically Joe Consumer don't care about encrypting his e-mail.

And the criminal types probably have their own e-mail encryption techniques.

 

[mpantone]

Maybe, maybe not.

It's possible that many serious criminal types don't use e-mail, regardless of encryption. They might be using something like a secure connection-based method like a chat room, rather than a connectionless method like e-mail. There's always the chance of the time-honored dead drop.

E-mail is much less reliable than many other online communication methods, and you really don't know how the message is going to get routed. E-mail also has a pretty high profile as an online communications method, so the various servers on this planet are probably heavily monitored by all sorts of folks. Because of its evolution, e-mail is inherently insecure. Sure, things like OpenPGP, S/MIME are attempts to minimize that insecurity, but as a connectionless communication method, you really don't know if the message made it until you get a response, and you don't really know if the intended recipient is really the person with their eyes to the screen.

 

[HenryAZ]

How would the NSA force Apple to put a backdoor in OpenPGP?

They don't have to. If we've learned anything from the Snowden revelations, it's that the NSA doesn't take the hard road if there is an easy road. When you compose the message, it exists in plain text on your hard drive until you click send, and only then is encrypted.

 

[mrcodewizard]

… With an email program that actually cares about user security like Thunderbird ...

*ROTFLMAFHO* That’s the funniest thing I read in decades. Who knew that Thunderbird had a conscience, much less was actually secure.

Even funnier, you are on a Mac site, and with your attitude, I would have thought you would surely have been a Linux d00d.

Stop it, you’re killing me with these jokes.

----------

Wonder if the NSA can break it?

Anyone can break it, as long as they have the time and computing power.

With unlimited money, unlimited resources, and unlimited time; anything is crackable.

 

[Lord Hamsa]

Anyone can break it, as long as they have the time and computing power.

With unlimited money, unlimited resources, and unlimited time; anything is crackable.

The rule of thumb for cryptography is to use an encryption method that is strong enough so that the cost of breaking the encryption greatly outweighs the value of the information protected.

----------

Apple Mail (OS X) and the iOS Mail app have both long supported S/MIME certificates. Of course, no one uses it, and S/MIME is arguably easier to use than OpenPGP.

Basically Joe Consumer don't care about encrypting his e-mail.

Supporting something and making it the default are two very different things. Technically, Apple Mail "supports" PGP/GPG because it will send the encrypted messages you can generate from external programs.

If Apple, again as an example, wants to follow up on its recent privacy and security pushes, they could add creating (or linking to existing) keypairs, certificates, whatever technology they wanted to use as part of the device setup process, just like putting a passcode lock on an iOS device - a step that is recommended and the default, but can be bypassed if you choose otherwise. (And, of course, with iCloud, once you've set that up on one device, all of the devices linked to the same iCloud account would be likewise set up.)

That is, making it opt-out instead of opt-in would likely increase the user base of secure communications, which in turn increases the usability of the security mechanism.