Sunday, August 25, 2013

Why my email looks funny these days.


If you get an email from me, unless you are using a privacy-enabled e-mail client like Apple OSX's Mail app with the openGPG GPG tools plug-in plugged-in, or Mozilla Thunderbird with enigmail plugged-in, or K-9 for Android, et al., you may see some strange-looking text above and below what appears to be my message.

Relax, what it means is that it is more likely than usual that this e-mail actually came from my fingers.  I had to use an additional password, which is separate from any other password, just to sign it.

That one above came from my phone.  If I send from my MacBook Air, it might look like this one below:

Again, don't fret, this is just a different blurb of text that your e-mail program is currently not processing.  I hope in the near future that all e-mail programs will be able to just tell you what is going on, which is I used a system to increase the likelihood that e-mail people receive from my e-mail address actually came from me.

A working system on your end then checks that signature text against a database to see if it matches up (after processing with my public "key") with what I have said it should be, if it checks out, it will probably call this something like a "sender-verified" message.

So, why couldn't someone just copy that text and use it to spoof my messages?  Well, if you look closely at these two images, you will see that the validation text (the gibberish) is different.  That's because the text underneath changes with the text in the message, and with some other variables.  it is unique and will only verify this particular message correctly.

This is actually only half of the system.

If you have a GPG key published, and I have a copy, I can scramble the entire message using my private key and your public key.  That then means only you and I can read it (or more correctly, only someone with our independent passwords).  This means we can share private messages using separate passwords.  You use yours, I use mine.

I communicate with a small number of people this way, and our messages, while in transit, look like this:

Really just one short sentence.

This is only readable by myself and the person I sent it to.  The recipient has to be using a privacy-enabled e-mail client (and woefully few people do these days) or I'd send all of my e-mail this way.

Bottom-line:  the extra funny-looking text in my non-scrambled e-mail just means that it is highly likely I sent that message.  You can ignore it.