[This is a guest post by Konrad M. Lawson, a graduate student studying modern East Asian history and founder of froginawell.net. Konrad has contributed several recent posts on managing photos from archives.--@jbj]
Encryption is not just for spies and gangsters. Anyone who is active online already benefits from it in a host of transactions with banks, web retailers and during most account logins. It is essential for the protection of our personal and financial data. In the realm of email communications, however, there are many occasions when an extra layer of protection is needed to protect a party or the information they send, especially when we are living in or communicate with people who are in states that with very limited civil liberties: the professor who is getting updates from a student doing sensitive research in an authoritarian country, the researcher who is receiving advice from a friendly state archivist on what unclassified-but-maybe-they-shoulda-been documents to request, a sociologist who is studying the formation and development of dissident networks, or anyone who has friends that might be at risk if they spread their views and information they have.
Unfortunately, much of the information online about email encryption and cryptography is unnecessarily detailed and complex. Most people just want to know, “How do I exchange email with person X without anyone else reading it?” They may not be interested in prime factorization, rainbow tables, and cryptographic salts. On the other hand, in order to effectively use any of the popular systems for secure email exchange there are still some basic concepts that need to be understood.
The leading method for exchanging secure email messages with a large number of people is called public-key, or asymmetric encryption. My own experience suggests that it can be somewhat confusing to new users, a problem compounded by the often highly technical explanations found in software manuals and on websites. The following is a custom version of my favorite way for explaining how public-key encryption works:
Professor More receives a letter from his friend in Italy, Professor Erasmus. “What’s up Tom? I wanted to get your thoughts on a draft syllabus I put together for a course entitled, ‘Can Folly Speak? Corruption and Superstition in Early Modern Europe’” Unfortunately, as Prof. Erasmus adds in his letter, the course outline might lead to some misunderstandings, so he wants only his friend to see it.
What to do? He could lock the document in a box, and somehow send the key to Prof. More, but what happens if someone intercepts and copies that key along the way? The two come up with an ingenious solution: Prof. More and Prof. Erasmus send each other an open padlock, but keep the key. Prof. Erasmus places his syllabus in a box, locks it with Prof. More’s padlock and sends it to him. Prof. More then opens the box, locked with his own padlock, using the key he kept. When he is ready to send back his comments, Prof. More places the document into the box, but this time locks it with the open padlock that Prof. Erasmus sent him. Prof. Erasmus receives the returned box and opens it with his own key. No one who intercepts the box or the exchanged locks ever gets a chance to steal a key since they never leave the possession of the owner.
This little story reveals two of the most basic concepts behind public-key encryption:
- Whenever a message is sent it is encrypted with the recipient’s lock, not one’s own.
- The system only works if Prof. Erasmus is sure that the padlock he was originally sent and uses to lock the box indeed came from Prof. More and wasn’t, for example, intercepted and craftily switched out with another lock belonging to crazy grad student Ulrich, who is always trying to twist his words to suit his own radical agenda.
Keeping the story above in mind, let us see how it parallels elements in the world of public-key encryption and email:
Using his encryption software Prof. More creates two connected ‘encryption keys.’ He keeps one private, and reveals it to no one. This ‘private key’ corresponds to the key in our story, and exists as a small file on his iUtopia computer. The other ‘public key,’ which, somewhat confusingly, corresponds to the open padlock in our story, only has the ability to encrypt a message, that is, to lock a box, such that only Prof. More’s ‘private key’ can unlock it. Prof. More wants all of his friends to have this ‘public key’ so they can send him encrypted email whenever they like. Also, to prevent Ulrich from fooling Prof. Erasmus by giving him another ‘public key’ and claiming that it is from Prof. More, instead of merely emailing his friends copies of this ‘public key’ Prof. More also puts a copy of the key on his homepage (as I do) and registers it with one or more open depositories of public keys called key servers. For every person Prof. More wishes to communicate securely with, he will need a copy of their public key in order to encrypt his messages to them.
I have not addressed another important but somewhat less confusing level of authentication used called ‘digital signatures’ that prevents Ulrich from posing as Prof. Erasmus when he sends an encrypted message to Prof. More, or discussed expiration and revocation of keys which constitutes another aspect of email security. I do hope the posting has made clear the often confusing role of public and private encryption keys that is the heart of a lot of email encryption today. In a separate posting I want to shift to a discussion of the specific software options out there that will allow you to create and manage keys, and integrate encryption into your email workflow.
How about you? Do you use public-key encryption? How have you persuaded others to do so? Let us know in comments!
Image by Flickr user ell brown / Creative Commons licensed.
Follow Profhacker through your favorite RSS reader: 
16 Responses to Secure Communication with Public-Key Encryption
jabberwocky12 - February 8, 2011 at 11:30 am
This is a great explanation. When I first read about the process, I understood none of it, and simply didn’t get the ‘public-key’ vs. ‘private key’ bit, so gave up trying understand it. Somebody should have used your analogy, and your language, and just called it ‘open padlock’ and ‘key.’
stevefoerster - February 8, 2011 at 3:39 pm
Cool, “open padlock” is a great metaphor for a public key. I hope you’ll follow up with a piece on which tools are easy to use. I use Thunderbird with Enigmail, and once its properly configured it’s extremely easy to use, even for non-technical people.
kmlawson - February 8, 2011 at 5:53 pm
Many thanks to both of you. I think another posting I wrote along with this one, which talks about GPG Tools and its use both in Apple Mail and in Thunderbird (with Enigmail), is on the way.
sherbygirl - February 28, 2012 at 2:54 pm
This is such important advice. When I found out about my first on-campus interview, my daughter wasn’t even 8 months old. My husband and I agonized over what we would do. Surely she couldn’t survive three days (because it was a bi-costal trip) without me. She wasn’t weened, wouldn’t take a bottle and wasn’t yet sleeping through the night. It wasn’t just my anxiety, but also my husband’s (what will I do when she’s hungry and wants her mom?). We discussed them flying out with me, me bringing the baby and finding childcare, and none of the options worked. What happened? I flew to the interview, they both survived just fine, and since then, neither of us stress much when I leave to go to conferences and the like. Now, am I able to completely let go? No, especially because I have to remind my husband about our two kids’ schedules (he can’t keep my schedule straight either, it’s a thing). But I know they’ll eat, go to bed, and be fine when I get back. It took both of us being forced to see it for it to happen. To think back on how anxious both of us were about that initial separation, I laugh.
girl37 - February 28, 2012 at 5:47 pm
Entirely different topic, but it would appear that Virginia Valian is a wise woman of our era. I recently read her 1985 article on “work”–basically an investigation into pschological barriers to academic productivity and how they can be solved–and it really changed the way I operate. Well worth reading! http://maxweber.hunter.cuny.edu/psych/faculty/valian/docs/1985solvingAWorkProb.pdf
mmullins - February 28, 2012 at 6:22 pm
It is really unfortunate that women/mothers are once again blamed — this time, for over parenting. Women are now guilty of being too responsible. Women, can’t you help yourselves? Why must you over parent? Let’s pretend that this story was written with the genders switched. Would men take the blame for over parenting? I doubt it.
The problem is not with the women or with overzealous mothers, it’s with our culture.
janesdaughter - February 29, 2012 at 9:38 am
Surely we can all name a father, husband, brother or male friend who is just as compulsive and overly zealous as the author, describing her pre-enlightenment, pre-conference routines. My mother was organized almost to the point of obsession and had strong opinions about how anything should be done, but I attribute that to a personality type, or maybe the fact that she was a Virgo, more than to her being a woman.
22048164 - February 29, 2012 at 10:24 am
Why did you take a perfectly good piece of advice and turn it into an attack on women? I think it’s much less likely that a man would do what Vaillancourt was describing. It’s a mom thing to be overprotective of the young children. We’ve all seen it.
sbalik - February 29, 2012 at 6:00 pm
Does your husband not perform any of these tasks when you are home? Sounds like that might be the problem. When I leave town by myself (which I do 2-3 times a year for conferences, etc.), I’m not concerned about whether my husband can manage my kids’ schedules, feed them, dress the younger one, and run any necessary errands. He does all of these things anyway on a regular basis, as do I!
a_vaillancourt - February 29, 2012 at 7:23 pm
My husband is no slacker; we’ve simply established a division of labor based on our strenghs and preferences. I cook. He does laundry. I pay the bills. He pulls weeds. I edit English assignments. He coaches on Calculus homework.
kcookga1 - March 1, 2012 at 12:10 pm
I raised my three children at the cost of obtaining the tenure track position I wanted (and still do). I did write a PhD and am currently a lecturer. I am fully satisfied, however, that I taught my children everything that I wanted them to learn, on a daily basis. I did not want them to be raised by a nanny (couldn’t afford it anyway) or be put in some cheap childcare during the first absolutely crucial 3-4 years of their life. After that. they can can be more on their own, but until then, they are little sponges that just want to discover and absorb everything they can. Learning is a game for them (too bad that changes later).
scholarlybalance - March 1, 2012 at 1:07 pm
Now this is the sort of thing I have a problem with. Our culture has completely glorified the first 3-4 years of a child’s life in a ridiculous way. There is most definitely a suggestion that women should be supermom in those first 3-4 years of life. And I have seen women scramble to try to play catch up after those 3-4 years of the child’s life, only to realize that now – when the child is very aware of their presence or non-presence – that slowing down too much can lead to what I like to call ‘late onset neglect’ if they are ever to have the sort of thriving career they want. Let’s all get real – instead of intensely parenting our children at any one point of their lives, why don’t we keep a slow and steady pace while they’re young, all the way up till they’re adults? That way, a mom can have a thriving career, without succumbing to falling off her ‘goals-track’ or playing catch up. Yes, it can be intensely hard to make an investment into your career when the kids are young, but I don’t want my daughter to think that her success will automatically become limited whenever she chooses to have children. I want her to see that – yes, it can be hard. But mom made it and so can I!
Women who buy into our culture’s over-glorification of a child’s early years – as if these years are truly more important than the others in terms of engaged parenting – are *high risk* for being Mommy Tracked or ending up on the Mommy Track. I even see this trend with other moms in PhD programs. There’s a big difference between those who insist on more balance in parenting with their partners in their child’s early years and make good progress on the dissertation, and those who consistently over-parent and don’t insist that their partners become involved. So I don’t buy into the belief that the first 3-4 years are so crucial that parenting responsibilities can’t be split more equitably with – [gasp!] – a partner. Even women who don’t have a partner often find other support systems to help them make traction towards their goals. One doesn’t necessarily need a nanny for there to be more balance in parenting arrangements.
1olgas1 - March 1, 2012 at 1:33 pm
What about if you are a single parent? The couple normativity assumption in this article does not apply to many single parents in this country (in particular racial minorities) who have nobody to relay on except paid daycare (a difficult situation to handle when you are in an interview far away from home). Additionally, why the article focuses only on parenting, when there are many institutional barriers for women, specifically to women of color, to achieve tenure in academia? It is so easy to blame parenting and be silent about racism and the fact that professors are overworked individuals. Lets face it, academia was shaped by the patriarchal model: a professor who has a partner to do most of the unpaid work of reproduction in the home, while the professor overworks tireless in the paid economy.
astutzman - March 6, 2012 at 1:33 pm
Speaking as a very involved husband and father, I find that the whole “division of labor” that I often see with my peers is a bit skewed. I find that things like getting the kids dressed, changing diapers, and general cleaning always fall towards the mother/wife of the partnership. This is not an attack on your husband, but is aimed at most of my peers and even the Entertainment industry that continually shows us caricatures of men that can’t handle the “domestic duties” of a household. I get so disgusted a guys I know that refer to watching their own kids as “babysitting”.
Maria Shine Stewart - March 6, 2012 at 8:19 pm
You make many good points here but all the posts seem remote from my experience. Overlooked often in these discussions is the medically fragile child. I never expected to have one, and — yes — my (public relations/writing) career was rerouted. I made a conscious decision that I wanted to be the person able to medicate my child in infancy…I would not delegate that. If I worked, I needed to generally be near due to the nature of his health concerns. I made some exceptions, but that was my modus operandi. Each step along the way, I realized that (as my son’s health issues episodically deepened and improved at various intervals) I was just one person. My students were never compromised; they got the best from me. These are tough professional choices. What to do is never one size fits all.
lotsoquestions - March 7, 2012 at 9:04 am
I’m almost 50, and I think it’s hard for people of our generation to buy into the notion that mom and dad are interchangeable, mostly because we weren’t raised that way.
When my kids were little, I remember being worried (probably irrationally so) that my husband wouldn’t be able to find the place he was supposed to take the child to in my absence. (This was before GPS, but after Mapquest). I actually printed out directions to all their playdates, lessons, birthday parties, etc. — along with a cheat sheet with the parents’ names and pertinent facts (such as the fact that one family had a big dog which they would put in the basement while our daughter was there since she was afraid of him, but only if you reminded them).
I think it’s A LOT easier once the kids can talk well and provide that sort of info themselves. I had a research trip last summer and my mom filled in for me at home, and she was amazed at the fact that my kids could give her directions to everywhere they needed to go, actually knew their own schedules for sports practice, etc., were capable of packing water and a snack for the practice, and the fact that they could do laundry and cook. Meanwhile, my sister in law’s kids aren’t allowed to get their own glass of water since she’s worried they’ll mess up her kitchen. I think lots of people who overparent do it because of their own psychological hangups and not because the spouse or kids requires it.