O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

9.5. Digitally Signing and Encrypting Email

Even if both the sender and the recipient of an email message use SSL to connect to their respective mail servers when sending and receiving mail, someone could read the messages while they're stored on either of the servers (or their backups), and could intercept them as they travel from one server to another. The only way to be sure that your message can't be read by anyone except you and the person on the other end is to encrypt it, which keeps it safe from end to end, regardless of whether you log in securely, use a VPN, or take any other security measures.

Separate from encryption is the question of integrity. How do you know that a message actually came from the party who claimed to send it? And how do you know that someone else didn't tamper with it on its way? Both of these questions are addressed by digital signatures. When you digitally sign a message, your email client appends your certificate (which includes your public key — but not your private key) along with a digest of the message, which is basically an encrypted checksum of the message text (a number calculated from the contents in such a way that any change would yield a different result). Because the receiving client can verify whether the message text and its digest match, it can tell whether the message has been altered. And by checking the authenticity of the certificate, the receiving client can confirm that the claimed sender was the real sender. For any given ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required