Score:0

DKIM &PGP email security

lv flag

I'm trying to figure out when using DKIM it signs all of the email including the body message and the from address , and with pgp it uses a unique key while in dkim is a general key ... but with both encryptions the email can still be changed ? they can just inform me wether the email has been changed but they can not prevent it from being changed ?

thanks

Score:1
fr flag

OpenPGP is designed to sign a particular message. When used with OpenPGP/MIME, it authenticates the body of the message and prevents it from being modified. When done correctly, that includes all of the body, including all parts, such as attachments. It is possible to attach additional parts after the fact, and some environments, such as mailing lists, do this, in which case those parts are not authenticated. The digital signature in this case is typically (but doesn't have to be) made by the author of the message.

DKIM signs the entire body, plus a set of headers that are specified in the message. Typically that includes the From header and other data, but not all headers are included. The signature in this case is typically made by the mail server for the originating domain of this message. That's because the key must be in DNS, and that is usually only handled by the owners of a domain.

In both cases, it is possible to modify the message if one gets access to it. For example, if an email is sent to a mailing list, the mailing list software may modify it. Oftentimes this is done to add a trailer to the message. In such a case, for OpenPGP, if the trailer is appended to the body as a separate part, the signature won't cover that data, but the signature will still validate the signed data. For DKIM, any modification to the body will intrinsically cause the signature to fail validation.

Other cases in which modification could occur include by the system administrator of one of the systems handling the data or by a malicious party along the network path if the connection used to send the mail is not secured with TLS. (Strictly, one could modify the data even with TLS, but because a proper participant would abort the protocol, the SMTP transaction would not complete.)

In none of these cases is the modification prevented, but it can be detected. Typically, when one receives data with an invalid signature, one considers the data as untrusted and, at the very least, does not act on it. One may additionally choose to discard the data and, in some cases, notify the other party over a secure channel about the tampering.

As a practical matter, most parties, knowing that a message is authenticated, either with a digital signature or with a MAC (such as in TLS), will not attempt to actively attempt to tamper with the data unless their intent is to prevent the communication (say, by a government), since it is immediately obvious to others that tampering has occurred. Most cases of modification occur because someone has not considered that the message might be authenticated (and therefore didn't consider whether modifications would be detected), such as with our mailing list example, or because of some sort of accident (network problem, broken software, etc.).

Score:1
si flag

PGP messages are sometimes sent via email, but don't have to be. Thus PGP is only capable of signing part of the message (the body) and can't even detect if an attacker modifies the rest of the message (subject & other headers).

DKIM authenticates the whole message.

Authentication does only allow detecting modifications, there's no way to prevent modifications. But a good client should not display the message at all if authentication fails.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.