9.3.4 Encryption
As an additional layer of security, you can encrypt your e-mail. Encryption will turn your e-mail
text into a garbled mess of numbers and letters that can only be read by its intended
recipient. Your deepest secrets and your worst poetry will be hidden from all but the most
trusted eyes.
However, you must remember, that, while this may sound good to you – and to all of us who
don't really wish to be exposed to bad poetry – some governments do not approve. Their
arguments may – or may not – be valid (you can discuss this amongst yourselves), but validity
is not the point. The point is that, depending on the laws of the nation in which you live,
sending an encrypted e-mail may be a crime, regardless of the content.

9.3.4 加密



9.3.5 How does it work?
Encryption is fairly complicated, so I’ll try to explain it in a low tech way:
Jason wants to send an encrypted message. So the first thing Jason does is go to a
Certificate Authority and get a Digital Certificate. This Certificate has two parts, a Public Key
and a Private Key.
If Jason wants to receive and send encrypted messages with his friend Kira, they must first
exchange Public keys. If you retrieve a public key from a Certificate Authority that you have
chosen to trust, the key can be verified back to that certifying authority automatically. That
means your e-mail program will verify that the certificate is valid, and has not been revoked.
If the certificate did not come from an authority you trust, or is a PGP key, then you need to
verify the key fingerprint. Typically this is done separately, by either a face to face exchange
of the key or fingerprint data.
Now let's assume that both Kira and Jason are using compatible encryption schemes, and
have exchanged signed messages, so they have each others public keys.

When Jason wants to send an encrypted message, the encryption process begins by
converting the text of Jason’s message to a pre hash code. This code is generated using a
mathematical formula called an encryption algorithm. There are many types of algorithms,
but for e-mail S/MIME and PGP are most common.
The hash code of Jason’s message is encrypted by the e-mail program using Jason’s private
key. Jason then uses Kira’s public key to encrypt the message, so only Kira can decrypt it with
her private key, and this completes the encryption process.

9.3.5 怎样工作的?





当Jason想发送一封加密邮件时,该邮件通过加密变成一段预哈希码。这个代码是由加密算法的数学公式转换的。有很多不同的算法,其中电子邮件 S/MIME 和 PGP最普遍。


9.3.6 Decryption
So Kira has received an encrypted message from Jason. This typically is indicated by a lock
Icon on the message in her in box. The process of decryption is handled by the e-mail
software, but what goes on behind the scenes is something like this: Kira’s e-mail program
uses her private key to decipher the encrypted pre hash code and the encrypted message.
Then Kira’s e-mail program retrieves Jason’s public key from storage (remember, we
exchanged keys earlier). This public key is used to decrypt the pre hash code and to verify the
message came from Jason. Kira’s e-mail program then generates a post hash code from the
message. If the post hash code equals the pre hash code, the message has not been altered
en route.
Note: if you lose your private key, your encrypted files become useless, so it is important to
have a procedure for making backups of your private and public keys.

9.3.6 解密

Kira已经收到Jason发过来的加了密的邮件, 她可以通过邮箱中的一个锁定图标看到。解密是由电子邮件软件处理的,但是解密的过程大概是这样的:Kira的电子邮件应用程序用她的私人密钥解开加密的预哈希代码和加密的邮件。然后程序会从存储器中取回Jason的公共密钥(要记得,我们之前就交换公共密钥了)。该公共密钥用来解密预哈希代码,核查Jason的信息。Kira的电子邮件程序会通过该邮件产生一个哈希代码。如果该哈希代码和预哈希代码相符,那么这份邮件在传输途中没有被篡改。


9.3.7 Is Encryption Unbreakable?
According to the numbers, the level of encryption offered by, for example, PGP is
unbreakable. Sure, a million computers working on breaking it would eventually succeed, but
not before the million monkeys finished their script for Romeo and Juliet. The number theory
behind this type of encryption involves factoring the products of very large prime numbers,
and, despite the fact that mathematicians have studied prime numbers for years, there's just
no easy way to do it.
But encryption and privacy are about more than just numbers. However, if someone else has
access to your private key, then they have access to all of your encrypted files. Encryption
only works if it is part of a larger security framework which offers protection to both your
private key and your pass-phrase.

9.3.7 解密工作难攻克吗?



1. Is encryption of email legal in the country that you reside in? Find one other country that it
is legal in,and one country where it is illegal to encrypt email.
2. Science fiction writers have imagined two types of futures, one in which people's lives are
transparent, that is, they have no secrets, and one in which everyone's thoughts and
communications are completely private. Phil Zimmerman, creator of PGP, believes in
privacy as a source of freedom. Read his thoughts on why you need PGP at
http://www.pgpi.org/doc/whypgp/en/. Then look at science fiction writer David Brin's
article 'A Parable about Openness' at http://www.davidbrin.com/akademos.html in which
he makes a number of points advocating openness as a source of freedom. Discuss these
two opposing viewpoints. Which do you prefer? Which do you think would most likely
succeed? What do you think the future of privacy will be like?



2、科幻小说家幻想了两种未来,一个未来世界里人们的生活是透明的,也就是说,人们之间没有秘密,另一个未来世界里每个人的思想和交流都完全保密的。Phil Zimmerman,PGP的设计者,认为自由的来源是隐私。在http://www.pgpi.org/doc/whypgp/en/上阅读他关于PGP的思想。然后 在http://www.davidbrin.com/akademos.html查看科幻小说家David Brin关于开放问题的文章。讨论这两种对立的观点。你更喜欢哪个?哪一种观点你认为会成功?你认为未来的隐私是怎样的?

9.4 Connection Security
Last but not least is connection security. For web mail, ensure you are using an SSL
connection to your ISPs e-mail. A small lock icon will appear in the bar at the bottom of your
browser. If you are using POP and an e-mail client, ensure that you have configured your email
client to use SSL with POP on port 995 and SMTP on port 465. This encrypts your mail from
you to your server, as well as protecting your POP / SMTP username and password. Your ISP
should have a how-to on their web site to configure this. If they don’t offer a secure POP /
SMTP connection, change ISPs!
If you have an e-mail account, find out if your account is using SSL for its connection. How do
you check this in your e-mail client? Does your ISP provide information regarding an SSL

9.4 联机安全




