I have always had an interest in encryption because it seemed like a contest of the minds. One side trying to hide a message from the world and the other trying to discover it. It seemed an interesting exercise for the mind.
    I am no expert on the matter but I have read some history about it and know the basics about the techniques used today. To anyone interested in the history of cryptography I highly recommend The Code Book by Simon Singh. It is very well written and very interesting. It is not very technical so even people who would not enjoy a technical book can enjoy it. At the same time it does go into some details so that those of us with a more technically inclined mind can enjoy it. I particularly enjoyed the explanations about the well-known Enigma machine which the Germans used during WWII. In another page I have extracted an interesting story: The Zimmermann Telegram.
    There is another issue of course and that is the right to privacy. the extent to which you have a right to privacy is a matter of opinion and culture. Of course, in countries that do not recognize the basic freedoms and rights that we enjoy in most of the western world this would be a mute point.
    But it may shock you to know that in France, yes FRANCE, there was a law until recently that outlawed all forms of encryption by individuals without government authorization. The argument of course is that encryption can be used for illegal activities. I find this argument ludicrous. Almost anything can be used illegally, including kitchen knives, and we do not outlaw them for that reason.
    France has recently reversed itself on this issue and given total freedom on this. The motives were not so much philosophical or ethical as practical. You see, companies that did business in France were much more subject to spying and many foreign companies flatly refused to do business in a country that would not allow them to protect their secrets.
    But even in countries like the USA where individual freedoms are given the highest consideration there is debate about the limits of the right to use encryption. The argument is that placing limits on this will help fight crime.
    Well, this is a matter of opinion and here's mine: The right to use encryption (and therefore to communicate privately) should be unlimited and paramount. I can think of no other right more dear to me than that to be able to keep my privacy. Even more than the right to freedom of expression in public, I would regard the right to freedom of thought and expression and communication in private.
    Yes, this can be used for illegal purposes and I would then have a law that would make it a crime in itself to use encryption for illegal purposes. But, of course, I could not accept a system where the freedom of expression and assembly and political organization are curtailed. I am talking of what in western countries are considered common crimes.
    Hayek (Friedrich August von Hayek 1899-1992, Nobel Prize for economy in 1974), in his book The Road to Serfdom, which I highly recommend, makes a very important point which is that we need to limit the powers of government, even if these powers can be used for good ends, because they can also be used for evil ends. I fully concur.


Why you should use it

    Imagine that regular mail was all written on postcards and it was delivered to the first house on the street and each neighbor kept what was addressed to him and photocopied the rest before passing it on to the next house. Now, you may think that, since you are doing nothing wrong you have nothing to hide but ... do you really want your neighbors to know how many margaritas your mother-in-law had on Thanksgiving day or to see your check payment to Victoria's Secret? And do you want the crooks out there to have access to your bank information? That is pretty much the situation with email as it goes through the internet. Most people are not aware of how open email is. It goes through hundreds of computers leaving copies in each one that anybody can read. It is so easy you would be amazed.
    In all countries, but especially in those with regimes that do not respect human rights like freedom of communication and freedom of expression, the use of encryption by everybody serves to protect and preserve the rights of those who have opinions and communications that may not be popular or may even be persecuted. By everybody using encryption we are making it the norm and therefore not suspicious per se.
    For this reason and because I often communicate with people who live in countries where basic freedoms are not recognized, I use encryption in my emails as often as my correspondents will allow it and I encourage everyone to use encryption as much as they can or want.


How it works

    The most basic form of encryption uses the same key to encrypt and later decrypt the message. The problem with this is that you need a secure channel to send the key to the receiver or it becomes public and useless. This is called "symmetrical" encription and was the only one known through historical times.
    The drawback is obvious: During WWII, a german submarine that left port for many weeks needed to carry with it the code (key) books it would need for all those weeks (the key was changed daily). If those books fell into the hands of the enemy, the key was useless as now the enemy could decode all messages.
    A much more ingenious concept is that of using dual keys and this system is called "asymmetrical" encryption. What this means is that to communicate you need a pair of keys. One key, called the public key is used to encrypt the message but this key can not be used to decrypt it. A separate, different, key, called the private key is used for deciphering the message. The keys therefore go in pairs. This is how to do it:
    I generate my pair of keys. Then I make my public key public and anyone who wants to send me a message uses that key to encrypt or encode the message. Once encoded with my public key the message can only be decoded or decrypted with my private key, which only I have. The beauty of this system is that there is no risk of the private key being compromised.
    The concept of asymmetrical encryption was invented by Diffie in 1976 but he only invented the idea and no practical implementation. A group of researchers (Rivest, Shamir, Adleman) invented the first practical algorithm (RSA) in 1977.
    Still cryptography was complicated to use and out of the reach of the masses until Phil Zimmerman wrote pretty Good Privacy (PGP) in the late 80s.
    I often use PGP 5.5.3i, an encryption program you can download for free and which I encourage you to use. This is based on the public/private key pairs. There are many servers that keep lists of public keys and you can find mine there if you ever want to send me an encoded message. Or email me and I will send it to you. There is a later version, PGP6 , but I had problems with it and so I returned to V5.5.3i


Electronic Signatures

    Of course it is essential that you are sure the key belongs to the person you think it belongs because I can post a key saying it belongs to the president of the USA and you may be using it thinking it is his when in reality it is I who is reading your messages.
    The system of key pairs also lends itself to the concept of electronic signatures and it works like this: If the message is encoded using the public key, then it can only be decoded by the private key. But if I encode a message using the private key, then it can only be decoded by using the public key. So, if you receive an encoded message that can be decoded using my public key, then you can be sure it was encoded with my private key.
    Electronic signatures are far safer and more difficult to forge than traditional signatures on paper. The European Union is working on legislation that would recognize their legal validity as much as traditional signatures.



Public key encryption and signature provide these features:

  • Confidentiality: security that the information contained in the message is kept confidential and only the sender and the intended recipient will be able to read and understand it
  • Authenticity: security that the persons with whom we are corresponding actually are who they say they are
  • Integrity: security that the information contained in the message is not tampered with, accidentally or deliberately, during transmission; and
  • Non-repudiation: security that there can be no denial on the part of the sender of having sent the message.


Using PGP

    You can download it from the links below and install it in your computer. Then you need to generate a key pair which you do by running PGPkeys. Once you have the key you can encrypt text in the clipboard, encrypt files etc. It is pretty straightforward and just needs a little practice.



How Stuff Works: How Encryption Works
PGP    Download it from NAI
My PGP key    RSA/2048  Use it to encrypt your messages to me
The Privacy Page
GILC    Cryptography and liberty
Center for Democracy and Technology
How To Keep It A Secret,
article by Jeff Prosise, PC Magazine, July 1994
Data Security Tutorial by Maedae
1994 discussion of the Clipper Chip from a Compuserve forum

Arturo Quirantes    En castellano - muy interesante y completo
Kriptopólis    En castellano


Autor: Alfonso Gonzalez Vespa