Electronic Mail Exchange Privacy

Contents

Introduction

Electronic Mail exchange in the Internet is a way to send private messages and critical information back and forth between customers, vendors and all users, connected to the net. However, there are many points along the Internet where data and messages can be intercepted, copied, modified and re-routed. Because of these weaknesses, the need for strong cryptography is greater than before. Cryptography, to most people, is concerned with keeping communications private. In order to understand what cryptography really is, it is very important to read RSA Labs' FAQ on Cryptography

The Bat! uses Pretty Good Privacy (PGP) encryption to protect your messages from being read or modified. .

Besides message privacy, it is important for messages to be authentified and unmodified. Electronical signatures, or Digital IDs, provide a means of proving your identity in Electronic Mail exchange, much like a driver licence or a passport does in face-to-face interactions. With a Digital ID, you can assure friends, business associates, and online services that the electronic information they receive from you are authentic. In order to use electronical signatures properly, you need to know more about Digital IDs.

With PGP, you can protect the privacy of your e-mail messages by encrypting them so that only the intended recipients can read them. You can also digitally sign messages, which ensures their authenticity. A signed message verifies that the information within it has not been tampered with in any way.

You can use PGP v2.6.3, v5.5, v6.0.2 & v6.5 with The Bat! to gain Electronic Mail exchange privacy. In all cases, you need PGP for Win32 executables. The Bat!, being a Win32-application, doesn't support DOS executables of PGP.

Due to U.S. cryptography export restrictions, there are two separate versions of PGP - U.S. and International.

There are four modes of supporting PGP:

Signing your message with PGP

To ensure your recipients that messages they receive from your e-mail address, it is recommended to encrypt your messages with PGP. PGP signed messages contain their original text plus your key information so if somebody tries to modify a message signed by you, the message won't be verified successfully by its end-recipients. PGP signing can be used together with encryption.

With The Bat!, you can sign your messages from the message editor either manually using "PGP | Sign block" ("Sign entire text", "Sign and encrypt entire text") command or automatically using the on/off option "Sign when completed" of PGP menu.

Before sending signed messages, make sure that your recipient have your public PGP key, otherwise they won't be able to verify your signature validity. Please refer to PGP manual about the distribution of your public key.

Encrypting your message with PGP

To send message securely over the Internet, it is recommended to encrypt your messages with PGP. A PGP encrypted message cannot be read by anybody but the persons whose public PGP keys are used to encrypt the message. PGP Encryption can be used together with signing.

With The Bat!, you can encrypt your messages from the message editor either manually using "PGP | Encrypt block" ("Encrypt entire text", "Sign and encrypt entire text") command or automatically using the on/off option "Sign when completed" of PGP menu.

To encrypt your message to a particular recipient, you must have the recipient's public key. If you don't, please refer to PGP manual to learn how you can obtain public keys.

Verifying PGP signed messages

Whenever you receive a PGP signed message, you can check whether the signature is valid so the information in the message has been sent by an authorised person and is not changed before it has arrived your mailbox. To do this, you should have PGP properly installed and the sender's public key in your public key database.

To verify a signed e-mail message from The Bat!, use "Check PGP signature" command from the Tools menu. If the message is encrypted, it will be automatically decrypted (PGP may ask you for your passphrase).

Decrypting PGP messages

Whenever you receive a PGP encrypted message, you can decrypt it you have PGP properly installed and an appropriate private key in your key database. Please refer to PGP manual to get more information about PGP key pairs.

To decrypt an encrypted e-mail message from The Bat!, use "Check PGP signature" command from the Tools menu. If the message is signed, PGP automatically checks its signature validity. Note that the message is NOT stored so you need to decrypt it this way each time you read the message.

Another way is decryption as a message into your message base using "Decrypt PGP..." command of the Tools menu. Note that in this case your privacy might appear as defenceless because the message is stored in your message base in clear text so anybody else can read it.

Adding PGP public keys from a message

PGP public keys can be distributed in plain ASCII text and therefore it is possible to embed public key blocks in an e-mail message. Below is an example of a message with public keys embedded.

Hello John,

  This is my public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQBtAzPHTM0AAAEDAKCJ5/hM+qpxHaa4wFumqU2DEV4KfkKe5hkkfS6knTtn0rnD
Zm/90txo+29gOFARBL8ynIpGA7fUgmNG13mprN9q/9xrtH4gg6jV/cYJ3ZtnKN9B
sfw7QLKsW3r6eMYGsQAFEbQiU3RlZmFuIFRhbnVya292IDxzdGVmQHJpdGxhYnMu
Y29tPokAdQMFEDPHTM2sW3r6eMYGsQEBft0DAIi04Yya7Q5ZZAtz2K4bKHitMBFV
j1g0Vmr87Cr5qZYgGBzbNasyFwUuFqwqEuiwnLVNSpPiK8QsJTff6Ky9hqMUiZaL
ENOzJ5f9GKw0pmMio7rOlKRE8Szbl6RkpeCUQw==
=u13G
-----END PGP PUBLIC KEY BLOCK-----

All the best,
   Stefan

To import PGP public keys from an e-mail message with The Bat! use "Import PGP key" command from Tools menu.

 

Back to The Bat! Home Page


Copyright © 1995-2000 RITLABS S.R.L. All rights reserved.