There are three components to an e-mail message:
- The envelope
- The headers
- The message body
The envelope is used internally by Message Transfer Agents (MTA), more commonly referred to as "mail server programs," to route a message. The machine that receives the message generates the envelope headers rather than the sender. The "To" field is derived from the "RCPT TO" command sent from the sender. Messages are routed and delivered based on the envelope's "To" field, regardless of what the message's "To" field says.
When you digitally sign and send a message via Outlook Express, a unique mathematical value based on the message body, is calculated using a hashing or message authentication algorithm. This value is then encrypted with the sender's private key – creating a digital signature for the specific message. This encrypted value is attached to the end of the message along with the sender's digital certificate, which also contains their public key. When Outlook Express receives a signed message, it calculates its own message hash, uses the sender's public key to decrypt the hash value included with the message and compares the two values. If the two values match, the recipient of the signed message can be sure that the message has not been altered and was signed by the owner of the private key corresponding to the public key in the digital certificate.
On the other hand, with a signed e-mail, only the body of an e-mail message is used to create the hash value. The e-mail subject and other header fields such as "From," "To" and "Date" are not used, which means that all but the "From" field can be altered without causing Outlook's verification process to fail. For example, I could change the "To" field to make it look like the e-mail was sent to someone else, because the recipient's digital certificate is not required for a message that is only digitally signed. However, if I change the "From" field, Outlook Express warns me that the "digital ID's e-mail address does not match the sender's," because the sender information in the "From" field is matched to the X.509 subject name on the digital certificate used to sign the e-mail.
To further examine this process, let's look at what happens when a message is encrypted and Outlook Express needs to access the correct private key to decrypt the message. When Outlook encrypts an e-mail message, it first creates a random Message Encryption Key (MEK). The MEK encrypts the message body before it is encrypted by the recipient's public key. The identity of the intended recipient is documented in the message header field called, "RecipientInfo," which specifies the recipient's certificate. When Outlook Express receives an encrypted e-mail, it uses this header value, instead of the message header "To" value, to access the correct digital certificate and private key. The digital certificate is tied to the e-mail address of the recipient.
As you can see, it is far better to sign and encrypt important documents to ensure that they cannot be altered in any way. If the person you are sending such an e-mail to does not have a digital certificate, meaning you can only sign the e-mail, I would add a salutation, date and time in the body of the e-mail and ensure that the context of the message is clear. Also, never Bcc someone in an encrypted e-mail because most e-mail clients make it easy for the "To" recipient to see who was Bcc'd!!
This was first published in February 2006