Key Management

A major hassle with crypto is managing keys. Each user must have their own key and each contact has theirs.

GoodCrypto simplifies key management. It can automatically generate a key for each user in your group. It can also exchange keys with contacts that also use GoodCrypto. This means that the only task left for users is to verify a contact's key.

Users are kept up-to-date about keys via email. Your GoodCrypto private server automatically sends email to a user when their key is ready. And, the first user that receives a new key from a contact is reminded to verify the key.

Of course, users will likely be exchanging private messages with contacts that use PGP products other than GoodCrypto. When that happens, the user must import the contact's key and export their own key.

 

 

 

How Automatic Key Exchange Works

Decrypting inbound mail

GoodCrypto Mail works between your mail server and the world, automatically making your messages private. Without GoodCrypto, anyone can read your mail. With GoodCrypto, whenever you and your contacts use GoodCrypto or other privacy software, no one can read it until it's unlocked. You don't have to do anything. You just read and write mail as usual. GoodCrypto locks and unlocks private messages for you.

 

Step by Step

Let's look at how mail between Ted and Alice works. Assume:

  1. They've never used crypto, and don't know much about it.
  2. They work at different companies
  3. Both businesses have installed GoodCrypto. GoodCrypto works with other PGP packages, too.

Ted sends a message to Alice using his favorite mail client. He doesn't do anything differently. This first message is unprotected, since Ted and Alice don't have any keys yet. The message goes to Alice immediately. Then the GoodCrypto server creates keys for Ted.

Alice responds to Ted's message. Like Ted, she sends mail exactly the way she always does. Because Ted's key isn't ready yet, this message from Alice isn't encrypted. GoodCrypto adds a note to every message telling you whether it was encrypted. Her company's GoodCrypto server creates her keys. Both Ted and Alice will receive email from the GoodCrypto server when their keys are ready.

After Ted's key is ready, when he sends Alice a message his public key will be in the header. This message is also unencrypted because Ted doesn't have Alice's key yet.

When Alice receives this message, her company's GoodCrypto server sends two notifications. One tells Alice she now has Ted's key. The other goes to the administrator to say the no-metadata key for Ted's company arrived. Both Alice and the administrator should verify these keys. Alice's GoodCrypto server also sends Ted's GoodCrypto server the no-metadata key for Alice's company.

Here's the magic. Ted and Alice didn't have to do anything. They just exchanged email as usual. No one has to remember passphrases or click extra buttons. GoodCrypto's key management creates, exchanges, and pins keys automatically. Now whenever Ted and Alice exchange a message, it's protected. Both content and metadata are encrypted, mixed, and padded. In fact, anyone in either company can send encrypted mail to anyone at the other company. The metadata protection includes its own layer of encryption. No one has to do anything.

For encryption and decryption, the GoodCrypto server never connects directly to the Internet. It only talks to your mail server. GoodCrypto benefits from any protection the mail server has.

The layers of encryption, hopefully including SMTP TLS, mean that when one layer fails you're still protected. GoodCrypto encrypts from individual to individual, then it mixes messages from one group to another, pads, and encrypts again. A well configured mail server encrypts one more time. Encryption fails over time. With layered encryption, if even one layer works, you have time to fix or replace the failed layer. If you rely on a single layer of encryption, any failure is catastrophic. A defense in depth is much safer.

Learn how GoodCrypto works if a contact does not have GoodCrypto.

Learn how GoodCrypto protects metadata.

 

 

 

Verify Key

The most common way is when your contact appears to have successfully read a message you encrypted to them, but you need at least one more verification to be safe.

Ask the contact to provide their public key or its fingerprint through a channel other than email. The key or fingerprint must match your own copy. Compare fingerprints as described below.

Best is face to face. Other examples are for them to publish their key's fingerprint on a public site or service, or provide it by phone, SMS (if encrypted), or snail mail.

If you are verifying by hand, the longest version of the fingerprint is best. You don't have to verify the whole key by hand. A fingerprint is a really good summary of a key. If you verify the key's fingerprint, you have verified the key.

If you got a public key from a web site, it doesn't help much to verify using a fingerprint from the same web site. An attacker can spoof the web site and provide a matching fake fingerprint.

To compare a fingerprint using GoodCrypto:

  1. Browse to your GoodCrypto server website.
  2. Click on the Verify fingerprint; if the button is not on the screen, then click the Mail menu
  3. Type in the email address and click the Verify button.
  4. A fingerprint and a key summary are the same thing. Compare the Key summary with the other person's Key summary. Ignore spaces and whether a character is upper or lower case. Otherwise they must match.
  5. If they don't match, do NOT use that key to communicate.
  6. If the fingerprint is not flagged as verified and you have verified it, then you should flag the fingerprint as verified in the database

If the other person is also using GoodCrypto Mail, then they should follow this same procedure. Otherwise, they must use their encryption software program to get the key summary, known as the fingerprint in most encryption software, for the matching email address.

 

 

 

Import Key

You have two options: import a key from a file or import it from a keyserver. It's probably most reliable to ask your contact to export their key into a file and send it to you.

If your contact has stored their key on a public keyserver, then you can import the key from the keyserver. You can use their email address to find their key, but it's more reliable if you use their fingerprint. If your GoodCrypto private server can't find the key on the keyserver, then ask which keyserver the key is on. Then ask your mail administrator to add that server to your private server.

 

 

 

Export Key

  1. Connect to the Goodcrypto Server website. You may need to sign in if the administrator is using tight security for your server.
  2. click on the Mail menu
  3. click on Export key
  4. type in the Email address
  5. select the Encryption software (GPG and PGP are the same for this purpose)
  6. click on Export
  7. select a location and name for the file that will contain the key
  8. click on Save