CHIRS Email System
CHIRS' e-mail system protects confidential data
sent across the Internet. This system relies upon digital certificates
to:
- Authenticate the sender of a message;
- Guarantee that the message contents have not been altered in transit;
- Encrypt the content of a message
Digital Signatures and Certificates
A digital certificate ("certificate") is a globally-unique
collection of information that includes (among other things):
- Who the certificate was issued to (e.g. Sender@chirs.com)
- Who issued the certificate (e.g. Verisign or CHIRS)
- What the certificate can be used for (e.g. E-mail)
Since a certificate uniquely and positively identifies its owner,
e-mail is said to be "digitally signed" when the sender's certificate is attached to it.
A valid digital signature additionally guarantees that neither the
message nor the attached certificate have been altered in transit.
Unfortunately, a digital signature can - like a handwritten signature - be forged.
In order to authenticate a digital certificate, you must either (a) trust it explicitly
or (b) trust it implicitly - that is, rely upon the issuing authority to vouch for
certificates purporting to be issued from that authority.
Implicit trust in well-known issuing authorities such as Verisign Inc., is already
built into most Internet email software. Implicit trust in "CHIRS CA", however,
must be explicitly established before you can implicitly trust certificates issued from CHIRS.
Encrypted Email
A digital certificate also contains a "Public Key" that may be used
to encrypt data
being sent to the certificate's owner. Only the certificate's owner has the corresponding
"Private Key", which
is the only key able to decrypt that data. Anyone with access to the public key (i.e. anyone
who has received that certificate) can encrypt data, but only the certificate's
owner can decrypt that data. Although an encrypted message may be intercepted in transit
anywhere across the Internet, its actual content will be entirely unintelligible to all but the
sender and recipient.
If you have problems receiving email from CHIRS
E-mail from an untrusted source is
generally flagged by e-mail software as a security risk.
In order to trust
certificates issued by "CHIRS CA" (the CHIRS Certification Authority),
you must add "CHIRS CA" to the list
of "Trusted Root Authorities" on your PC - a list
that already includes other certificate-issuing authorities such as
Verisign Inc. and Thawte Inc. Fortunately, e-mail software such as Microsoft
Outlook reduces this procedure to a simple series of prompts and button clicks.
Once "CHIRS CA" is installed in your list of "Trusted Root Authorities", email purporting
to be from CHIRS can be automatically and absolutely authenticated (or repudiated) by your email software.
(Technical Note: The "CHIRS CA" X.509 root certificate has a thumbprint of
"07 ee 1e 55 ac 7b 2a da 5a 10 2e 7c 75 8d 44 21 24 a7 4a 9f".)