Encryption and Signing

Cryptography can be used two ways: For digital signature and for secrecy. For both purposes, two digital number codes are used: One code that you keep hidden from everybody (called the private key), and one which can be published to everybody (called the public key). The two keys are constructed in such a way that if you use one of them for encryption, it is only possible to decrypt with the other key - and vice versa.

Secrecy

Secrecy (encryption) is done by using the recepients public key to lock (encrypt) the message. In this was it is only the recepient that can read the message - as he is the only one in posession of the private key that is needed to unlock (decrypt) the message.

Signing

A digital signature work just the opposite way. If the sender of a message locks (encrypts) the message with his private key, then it is only possible to unlock the message with his public key.

This implies that if a locked message only can be unlocked with the public key, then the message can only have been locked with the senders private key. And as the sender is the only one in possesion of the private key, he is the only possible sender.

Secrecy & Signing

Sometimes you wish both secrecy and signature, then you will combine the two techniques by first signing with the private key and then encrypting with the public key of the recepient. The recepient will now only be able to open the message with his private key and check the senders identity with senders public key.

Protection of data

If you just want to keep your own data a secret so that only yourself can read it, there is no need to have both a public and a private key. In this case, you only use one number code (called a symmetric key) that is constructed so that you can both encrypt and decrypt with the same key. This way you can protect your data, e.g. by encrypting your hard disk. As long as you keep the key to yourself, nobody else can access the data on the disk.

Practical uses

Most modern mail apprications already supports both encryption and signing using a standard called S/MIME. In order to use this, you only need to have a digital signatur/certificate. You can either buy one or make one yourself. In the latter case, you must be sure that whoever you communicate with, are informed about the socalled "fingerprint" of the certificate. Otherwise they will not know that it is you, they are communicating with.

Alternatively, you can use another standard, called GnuPG (GNU Privacy Guard). There is a lot of free software that supports it, but in most cases, you will have to install a plug-in in your mail reader to use it. The basic technology is the same in the two standards.

Political perspectives

As many other things secrecy and signing is a two edged sword: It can be used or abused.

In order for it to work, the most basic condition is that you must be absolutely sure that you alone know and have access to your private key. What could happen if somebody (i.e. an intruder) copied your private key and signed an instrument of debt with it? Will you then be in a better or worse position compared with a forged signature on paper?

Cryptography can also be used to prevent unauthorized persons getting access to private information. For example you can make sure that private documents can not be read by the thief who stole your laptop. But what happens if tax authoroties accuse you for cheating and beleive that the proof is on your computer? Can they demand for you to give them your private key? What happens if you do not deliver this private key?

The digital signature and cryptography can have several good uses and will be a part of the digital society of the future. But it is of utmost importance that everyone involved know how to handle it. We all have a lot of experience with hand-written signatures and door locks, and the juridical system have lots of precedence in court on these matters. The digital versions, however, work differently, and very little has shown up in court yet.

Therefore it is important that we are cautious and do it right. Both legally, technologically and educationally.

Disk encryption under Windows and Linux

TrueCrypt is able to encrypt disk partitions or whole disks and there is a version for both Windows as well as Linux

Under Linux you can use LUKS for the encryption of disk partitions. LUKS is even able to make a "Full Disk Encryption". That implies that the whole disk, except the Linux kernel and maybe some drivers, will be encrypted. In this way you are sure not to leave any tracks or confidential information in unencrypted files. If you do not want to encrypt all your data, Linux also offers "encfs" which allows you to encrypt single directories.