How to encrypt e-mail
In order to improve the security of e-mail information, an effective method at present is to encrypt the e-mail so that only designated people can browse it to ensure the security of the e-mail. At present, there are three common mail encryption methods: the first one: encrypt mail with symmetric encryption algorithm. Symmetric encryption algorithm is an earlier encryption algorithm with mature technology. In the symmetric encryption algorithm, the data sender uses a special encryption algorithm to process the plaintext (original data) and the encryption key together and turn it into a complex encrypted ciphertext to send. After receiving the ciphertext, if the receiver wants to interpret the original text, it needs to decrypt the ciphertext with the encryption key and the inverse algorithm of the same algorithm, so as to restore it to readable plaintext. In the symmetric encryption algorithm, only one key is used, and both the sender and the receiver use this key to encrypt and decrypt the data, which requires the decryptor to know the encryption key in advance. Symmetric encryption algorithm is characterized by open algorithm, small amount of calculation, high encryption speed and high encryption efficiency. The disadvantage is that both parties to the transaction use the same key, and the security cannot be guaranteed. Using symmetric cryptographic algorithm to encrypt e-mail needs to solve the problems of password transmission, storage and exchange. This method of mail encryption system is rarely used at present. The second type: using PKI/CA authentication encryption mail encryption system. At present, most products are based on this encryption method. PKI (Public Key Infrastructure) refers to public key infrastructure, and CA (Certification Authority) refers to certification center. PKI solves all kinds of obstacles of network communication security from the technical point of view. CA has solved the problem of network trust from the perspectives of operation, management, standardization, law and personnel. Therefore, people collectively refer to it as "PKI/CA". From the overall framework, PKI/CA is mainly composed of end users, certification centers and registration agencies. The working principle of PKI/CA is to establish a trust network by issuing and maintaining digital certificates, and users in the same trust network can complete identity authentication and security processing by applying digital certificates. The registration center is responsible for verifying the true identity of the certificate applicant. After verification, it is responsible for uploading the user information to the authentication center through the network, and the authentication center is responsible for the final authentication processing. The revocation and renewal of certificates also need to be submitted by the registration authority to the certification center for processing. Generally speaking, the certification center faces the registration center, the registration center faces the end user, and the registration institution is the intermediate channel between the user and the certification center. The management of public key certificate is a complex system. A typical, complete and effective CA system should at least have the following parts: public key certificate management; Release and management of blacklist; Backup and recovery of keys; Automatically update the key; Historical key management; Support cross authentication and so on. PKI/CA authentication system is mature, but there are some problems when it is applied to e-mail encryption system, such as complex key management and the need to exchange keys before encryption and decryption operations. The famous email encryption system PGP is encrypted by this encryption process. This encryption method is only applicable to enterprises, units and some high-end users. Due to the difficulty in obtaining CA certificate and the complexity of exchange, this email encryption method has been difficult to popularize. Thirdly, in order to simplify the key management of the traditional public-key cryptosystem, in 1984, Israeli scientist A. Shamir, one of the famous inventors of RSA system, put forward the idea of identity-based cryptography: public user's identity information (such as email address, IP address, name, etc.) is used as the user's public key, and the user's private key is composed of a trusted center called a private key generator. In the following two decades, the design of identity-based cryptosystem has become a research hotspot in cryptography. At present, this method is the most promising way to realize large-scale application of e-mail encryption. The representative Zeeman mail angel system in China.