message: Security
2.7 Security
============
By default, e-mails are transmitted without any protection around the
Internet, which implies that they can be read and changed by lots of
different parties. In particular, they are analyzed under bulk
surveillance, which violates basic human rights. To defend those
rights, digital self-defense is necessary (in addition to legal
changes), and encryption and digital signatures are powerful techniques
for self-defense. In essence, encryption ensures that only the intended
recipient will be able to read a message, while digital signatures make
sure that modifications to messages can be detected by the recipient.
Nowadays, there are two major incompatible e-mail encryption
standards, namely OpenPGP and S/MIME. Both of these standards are
implemented by the GNU Privacy Guard (GnuPG) (https://www.gnupg.org/),
which needs to be installed as external software in addition to GNU
Emacs. Before you can start to encrypt, decrypt, and sign messages, you
need to create a so-called key-pair, which consists of a private key and
a public key. Your _public_ key (also known as _certificate_, in
particular with S/MIME), is used by others (a) to encrypt messages
intended for you and (b) to verify digital signatures created by you.
In contrast, you use your _private_ key (a) to decrypt messages and (b)
to sign messages. (You may want to think of your public key as an open
safe that you offer to others such that they can deposit messages and
lock the door, while your private key corresponds to the opening
combination for the safe.)
Thus, you need to perform the following steps for e-mail encryption,
typically outside Emacs. See, for example, the The GNU Privacy Handbook
(https://www.gnupg.org/gph/en/manual.html) for details covering the
standard OpenPGP with GnuPG.
1. Install GnuPG.
2. Create a key-pair for your own e-mail address.
3. Distribute your public key, e.g., via upload to key servers.
4. Import the public keys for the recipients to which you want to send
encrypted e-mails.
Whether to use the standard OpenPGP or S/MIME is beyond the scope of
this documentation. Actually, you can use one standard for one set of
recipients and the other standard for different recipients (depending
their preferences or capabilities).
In case you are not familiar with all those acronyms: The standard
OpenPGP is also called PGP (Pretty Good Privacy). The command line
tools offered by GnuPG for OpenPGP are called ‘gpg’ and ‘gpg2’, while
the one for S/MIME is called ‘gpgsm’. An alternative, but discouraged,
tool for S/MIME is ‘openssl’. To make matters worse, e-mail messages
can be formed in two different ways with OpenPGP, namely PGP (RFC
1991/4880) and PGP/MIME (RFC 2015/3156).
The good news, however, is the following: In GNU Emacs, Message
supports all those variants, comes with reasonable defaults that can be
customized according to your needs, and invokes the proper command line
tools behind the scenes for encryption, decryption, as well as creation
and verification of digital signatures.
Message uses the MML language for the creation of signed and/or
encrypted messages as explained in the following.
Menu