[Cryptography] How to prove Wikileaks' emails aren't altered
Henry Baker
hbaker1 at pipeline.com
Mon Oct 24 21:38:56 EDT 2016
FYI --
http://blog.erratasec.com/
Errata Security: Advanced persistent cybersecurity
Sunday, October 23, 2016
Politifact: Yes we can fact check Kaine's email
This Politifact post muddles over whether the Wikileaks leaked emails have been doctored, specifically the one about Tim Kaine being picked a year ago. The post is wrong -- we can verify this email and most of the rest.
http://www.politifact.com/truth-o-meter/article/2016/oct/23/are-clinton-wikileaks-emails-doctored-or-are-they-/
In order to bloc spam, emails nowadays contain a form of *digital signatures* that verify their authenticity. This is automatic, it happens on most modern email systems, without users being aware of it.
This means we can indeed validate most of the Wikileaks leaked DNC/Clinton/Podesta emails. There are many ways to do this, but the easiest is to install the popular *Thunderbird* email app along with the DKIM Verifier addon. Then go to the Wikileaks site and download the raw source of the email https://wikileaks.org/podesta-emails/emailid/2986.
https://www.mozilla.org/en-US/thunderbird/
As you see in the screenshot below, the DKIM signature verifies as true.
https://3.bp.blogspot.com/-4LCi3_fFfwA/WA1XslhEtYI/AAAAAAAAEJE/C3bPEy_65fcEh4wAL7a90L5uQARFpD6kACLcB/s400/kain-valid.png
If somebody doctored the email, such as changing the date, then the signature would not verify. I try this in the email below, changing the date from 2015 to 2016. This causes the signature to fail.
https://1.bp.blogspot.com/-sqcaudxDpM0/WA1Ya9YE-AI/AAAAAAAAEJM/m-PUqysTJKQgoAhnAa_Qzx1RkkOagTrhgCLcB/s400/kain-invalid.png
...
Since DKIM verifies this email and most of the others, we conclude that Kaine is "pants on fire" lying about this specific email, and "mostly untrue" in his claim that the Wikileaks emails have been doctored.
...
-------
Just in case the clueless pro-Hillary press claims that the Wikileaks emails aren't genuine, Robert Graham's blog shows how anyone can prove that they are indeed genuine. Of course, if the Hillary camp understood encryption technology better in the first place, there wouldn't be any Wikileaks emails to verify.
More information about the cryptography
mailing list