Email was one of the earliest forms of communication on the internet, and if youre reading this you almost undoubtedly have at least one email address. Critics today decry the eventual fall of email, but for now its still one of the most universal means of communicating with other people that we have. One of the biggest problems with this cornerstone of electronic communication is that it isnt very private. By default, most email providers do not provide the means to encrypt messages or attachments. This leaves email users susceptible to hackers, snoops, and thieves.
So you want to start encrypting your email? Well, lets start by saying that setting up email encryption yourself is not the most convenient process. You dont need a degree in cryptography or anything, but it will take a dash of tech savvy. Well walk you through the process later on in this article.
Alternatively, you can use an off-the-shelf encrypted email client. Tutanota is one such secure email service, with apps for mobile and a web mail client. It even encrypts your attachments and contact lists. Tutanota is open-source, so it can be audited by third parties to ensure its safe. All encryption takes place in the background. While we can vouch for Tutanota, its worth mentioning that there are a lot of email apps out there that claim to offer end-to-end encryption, but many contain security vulnerabilities and other shortcomings. Do your research before choosing an off-the-shelf secure email app.
If youd prefer to configure your own email encryption, keep reading.
Encryption, put simply, is no more than scrambling up the contents of a message so that only those with a key can decrypt it. Sort of like those puzzles you did in school where every letter of the alphabet had to be converted to some other letter of the alphabet so as to decode the final message. Computers make the scrambling far more complex and impossible for a human to crack by hand. When you encrypt an email, its contents are scrambled, and only the receiver has the key to unscramble it.
To make sure only the intended recipient can decrypt the message, email encryption uses something called public key cryptography. Each person has a pair of keysthe digital codes that allow you to decrypt an encrypted message. Your public key is stored on a key server where anyone can find it, along with your name and email address. Conversely, you can find other peoples public keys on keyservers to send them encrypted email.
When you encrypt an email, you use the recipients public key to scramble the message. Due to the technology behind this type of cryptography, the public key cannot be used to decrypt it. The email can then only be decrypted by the recipients private key, which is stored somewhere safe and private on his or her computer.
There are two main types of email encryption methods you need to know exist: S/MIME and PGP/MIME. The former is built into most OSX and iOS devices. When you receive an email sent from a Macbook or iPhone, youll sometimes see a 5-kilobyte attachment called smime.p7s. This attachment verifies the identity of the receiver so only he or she can read the email. S/MIME relies on a centralized authority to choose the encryption algorithm and key size, is easy to maintain, is harder to set up with web-based email clients, and is more widely distributed thanks to Apple and Outlook.
The other heavyweight in email encryption is PGP/MIME, which is what were going to focus on in the latter part of this tutorial. You get more flexibility in how you encrypt emails, it relies on a decentralized, distributed trust model, and its fairly easy to use with web-based email clients. Its also free to get a certificate, which S/MIME is usually not (you buy it when you buy an iPhone or Macbook). With PGP, not only can you choose how you encrypt, you can specify how well encrypted the messages you receive must be.
This makes PGP/MIME cheaper and more flexible, but before we get into that, well look at the S/MIME encryption features built into Outlook and Apple products.
Now that you have a digital certificate/ID, follow these instructions to get it into Outlook:
Okay, so now youve got a digital signature to put on your emails, but they wont appear by default. To attach your digital signature:
At this point we want to remind you that digitally signing an email is not the same as encrypting it. However, if you want to send someone an encrypted message on Outlook, that person needs to have sent you at least one email with their digital signature attached. This is how Outlook knows it can trust the sender. Conversely, if you want to receive an encrypted email from someone else, youll need to send them one unencrypted email first with your digital signature on it. This is a tedious downside to S/MIME. You can digitally sign your email just by clicking the new Sign button before sending.
Now that you have each others digital signatures and certificates saved into your respective key chains (address books), you can start exchanging encrypted emails. Just click the Encrypt button that we added before hitting send, and thats all there is to it!
S/MIME support is built into the default email app on iOS devices. Go into the advanced settings, switch S/MIME on, and change Encrypt by Default to Yes. Now when you compose a new message, lock icons will appear next to recipients names. Simply click the lock icon closed to encrypt the email.
iOS consults the global address list (GAL), a sort of keyserver for S/MIME certificates, to find contacts in your exchange environment. If found, the lock icon will be blue.
When you receive that email, do the following:
To send encrypted messages in the default mail program in Mac OSX requires the same condition as iOS and Outlook: you must first have the recipients digital signature stored on your device. When you compose a message and type in the recipients email, a checkmark icon will appear to show the message will be signed.
Next to the signature icon, a lock icon also appears. Unlike iOS where you can select which recipients will receive encrypted email and which dont, OSX is an all-or-nothing affair. If you dont have the certificate for all of the recipients, the email cannot be encrypted.
Remember to sign emails only after youve finished writing them. If its been altered, the certificate will show up as untrusted.
On Android, youve got a couple options for how to encrypt your email. The CipherMail app allows you to send and receive S/MIME encrypted mail using the default Gmail app and some 3rd-party apps like K-9. It follows the same certificate rules as what we already discussed above.
The other option is to use PGP/MIME, which requires both an email app and a keychain to store certificates. PGP requires a bit more setup, but you dont need to receive someones digital signature in advance to send them encrypted email.
OpenKeychain is a simple and free keychain tool for storing other peoples certificates. It works well with K-9 Mail, but some other email apps might also be compatible.
In OpenKeychain, you can create your own public and private keys. Input your email address, name, and password, and it will generate these keys for you. If you have an existing key, you can import it. To use a generated key with other devices and apps, you may export it.
OpenKeychain also helps you search for other peoples public keys online so you can send them encrypted email. After youve added someones public key to your keychain, they will be saved for more convenient use later.
To use OpenKeyChain with an email app, go into the email apps settings and make OpenKeyChain your default OpenPGP provider. This process varies from app to app, but it should just take a bit of digging through settings menus to find it. Not all email apps (including Gmail) will support encryption, however.
For web-based email clients like Gmail, we recommend a PGP/MIME encryption solution, as they are far easier to incorporate than S/MIME. For the purposes of this tutorial, were going to use a Chrome extension called Mailvelope with Gmail. Most browser extensions work in a similar manner, however, and follow the same basic principles. You can also consider EnigMail, GPGTools, and GNU Privacy Guard.
To get started, install the extension and open the options menu. Start by generating your own key: enter a name, email, and password and click Generate. Most email encryption extensions come with a built-in key generator and key ring. If you already have a key, just select the option to import it via copy and paste.
Now youve got an encryption key, but it doesnt do much good if no one can find your public key to send you encrypted mail. You can upload your public key to a keyserver. We suggest MITs keyserver because its popular, free, and easy to use. In the Mailvelope settings, navigate to Display Keys and click on the one you just made. Go to Export to see the plain text of your public key. Copy it to your clipboard.
Head to the MIT PGP Keyserver and paste your key into the Submit a Key field and hit submit. Now go back to the MIT keyserver homepage and search the name you entered. You should see your key listed.
Take note of the key ID, which is displayed both in the Mailvelope settings and on the MIT listing. This is useful if you have the same name as someone else on the keyserver because it serves as a unique identifier. Journalists, for instance, often publish their key ID onto their online profiles and social media so sources know for certain that they are emailing the right person.
While were on the MIT keyserver site, you can use it to search for the public keys of others. Click on the key ID of the person you are searching for to display the plain text of their key. Copy it and paste it into the import section of Mailvelope to add it to your keyring.
Now that youve added recipients to your key ring and made your own public key available to others, you can start sending and receiving encrypted mail. Mailvelope adds a button to the Gmail composer that opens another window where you can type out the message you want to encrypt. When youre done, hit the encrypt button, choose the recipient, and transfer the encrypted text into the email. You can add unencrypted text in the email as well, but dont tamper with the encrypted text.
When you receive an encrypted email, the browser extension you chose should automatically recognize it and offer to decrypt it. The recipient will need an extension or some sort of PGP decryptor app on their end. In Mailvelopes case, I just click the icon that appears hovering over the encrypted text, enter my password, and voila!
The downside to Mailvelope, and indeed most web-based encryption extensions, is that they dont encrypt attachments. You can use Gnu Privacy Guard to encrypt attachments with PGP before uploading them, which allows you to encrypt using the same key pair. Or you can opt for any one of these file encryption apps.
Encryption only hides the content of the message, not the senders email address. For any number of reasons, a time may come when you need to send an email anonymously to hide your identity. To do this, a few burner email services will give you a temporary fake email address.
Guerrilla Mail is our top choice. You can set up a disposable email address from which you can send and receive messages. It includes a password manager so you dont have to memorize passwords for multiple burner accounts. Best of all, its completely web-based with no registration required, which makes hiding your identity that much more effective.
Zmail is another solid option for sending fake email if you prefer a desktop client rather than a web app.
Nine out of 10 viruses that infect computers come from email attachments. No level of encryption will protect you from being careless. Its therefore very important to scan all email attachments before opening them, especially from senders you dont recognize. Viruses disguised as Microsoft Word documents are especially common. Many email clients, including Gmail, will automatically scan attachments for you, but others will require you do so manually.
Dont click on links in emails from unreliable sources. In fact, just dont open emails altogether if they dont look trustworthy. A spam blocker will go a long way toward avoiding these.
If you email a large group of people, use BCC so spammers cant get a hold of the list. Conversely, if someone includes you in a long list of CCed email addresses, dont hit reply all without carefully considering the alternatives.
Finally, set a strong password on your email account and change it every so often. Read through our guidelines if youre not sure what constitutes a strong password or use apassword strength checker if youre still unsure how strong yours is.
Now, lets get on with encryption.
Related: Cyber security statistics
Many apps and email services out there promise email encryption but dont use S/MIME or PGP/MIME. These are indeed much easier and faster to set up, but be aware that they roll their own encryption and may not strive for the same privacy standards. SafeGmail and Virtru are examples of these, and we dont recommend them.
We encourage you to upload your public PGP key to a keyserver, but its not required. Instead, you can just send the plain text of your public key to the person(s) that you want to receive encrypted from.
Email encryption provides a secure means of sending messages containing sensitive material as well as a means for others to send you sensitive material. Journalists use it to correspond confidentially with sources. Businesses use it to relay trade secrets and classified documents. Lawyers use it to keep sensitive client and case information safe. You get the idea. In our opinion, email encryption is something you should have readily available when the need arises, but its not necessary for everyday communication.
See also: Can your employer read your personal emails?
Related: Looking for a VPN to protect your privacy? See our list of the best VPN services.
See the original post:
How to encrypt email (Gmail, Outlook iOS, OSX, Android ...
- Bill to protect children online ensnared in encryption fight | TheHill - The Hill - March 13th, 2020
- Child exploitation bill earns strong opposition from encryption advocates - Washington Examiner - March 13th, 2020
- Senators Pretend That EARN IT Act Wouldn't Be Used To Undermine Encryption; They're Wrong - Techdirt - March 13th, 2020
- Patent hints that encrypted displays could appear on future Apple devices - TechSpot - March 13th, 2020
- Senators dispute industry claims that a bill targeting tech's legal shield would prohibit encryption - CNBC - March 11th, 2020
- The EARN IT Act Is a Sneak Attack on Encryption - WIRED - March 11th, 2020
- Krk WiFi vulnerability affected WiFi encryption on over a billion devices - Privacy News Online - March 11th, 2020
- The Benefits of Encryption and the Implications of Creating Backdoors - American Action Forum - March 11th, 2020
- Big Boom in Encryption Key Management Software Market that is Significantly Growing with Top Key Players Netlib Security, Fortanix, Avery Oden, AWS -... - March 11th, 2020
- Mobile Encryption Market to Witness Robust Expansion throughout the Forecast 2020-2026: McAfee(Intel Corporation), Blackberry, T-Systems... - March 11th, 2020
- Email Encryption Market Rising Trends, Technology and Business Outlook 2020 to 2026 - Best Research Reports - March 11th, 2020
- Crypto, Encryption, and the Quest for a Secure Messaging App - Bitcoin News - March 8th, 2020
- Encryption Flaws Leave Millions of Toyota, Kia, and Hyundai Cars Vulnerable to Key Cloning - Gizmodo - March 8th, 2020
- IoT Security Solution for Encryption Market to Boom In Near Future by 2026 Industry Key Players: Cisco Systems, Intel Corporation, IBM Corporation -... - March 8th, 2020
- What are the top-rated encrypted texting apps? - Fox Business - March 8th, 2020
- Data Encryption Software Market: Future Forecast Assessed On The Basis Of How The Industry Is Predicted To Grow 2020-2025 - Bandera County Courier - March 8th, 2020
- How Encrypted Messaging Works And Why Australian Spies Are Trying To Break The Code - Gizmodo Australia - March 8th, 2020
- Why Britains new deal with Silicon Valley for stopping child abuse still has one big hole in it - Telegraph.co.uk - March 8th, 2020
- What the 2020 election means for encryption - The Verge - March 3rd, 2020
- Our guide to the 2020 election including Section 230 and encryption - The Verge - March 3rd, 2020
- Research: IT Managers Regard Encrypted Traffic as a Source of Cyberthreats, But Their Defenses Are Inadequate - Yahoo Finance - March 3rd, 2020
- Encryption Foes in Washington Won't Give Up - Reason - March 3rd, 2020
- BestCrypt by Jetico expands cross-platform protection to computers with T2 chip - Help Net Security - March 3rd, 2020
- Barr's Motives, Encryption and Protecting Children; DOJ 230 Workshop Review, Part III - Techdirt - March 3rd, 2020
- Comment: Its time for governments to learn how end-to-end encryption works - 9to5Mac - March 3rd, 2020
- Crypto AG Shows That US Concern Over Huawei Encryption Backdoors Comes From Long Experience Doing the Same Thing - CPO Magazine - March 3rd, 2020
- MI5 Still Thinks Encryption Backdoors are an Excellent Idea That Couldn't Possibly Go Wrong - Gizmodo UK - March 3rd, 2020
- Global Encryption Software Market is projected to reach a value of USD 20.44 billion by 2026 - WhaTech Technology and Markets News - March 3rd, 2020
- Exporters Should Be 'Very Careful' of Misusing New End-to-End Encryption Carve-Out in ITAR, Experts Say - Export Compliance Daily - March 3rd, 2020
- Encryption Software Market 2020 Analysis by Overview, Growth, Top Companies, Trends, Demand and Forecast to 2026 - Packaging News 24 - March 3rd, 2020
- If We Build It (They Will Break In) - Lawfare - March 3rd, 2020
- Why the US government is questioning WhatsApp's encryption - CNBC - February 25th, 2020
- No Backdoor on Human Rights: Why Encryption Cannot Be Compromised - Bitcoin News - February 25th, 2020
- Backdoor to encryption back on agenda in absurdly named bill - 9to5Mac - February 25th, 2020
- Signal is the European Union's encrypted messaging app of choice - Cult of Mac - February 25th, 2020
- cloudAshur, hands on: Encrypt, share and manage your files locally and in the cloud - ZDNet - February 25th, 2020
- ASIO: Relentless advance of technology was outstripping our capabilities - ZDNet - February 25th, 2020
- Cygilant to Highlight the Need for Encrypted Traffic Visibility at RSA Conference 2020 - Business Wire - February 25th, 2020
- Encryption Software Market 2020 Emerging Trends, Growing Demand, Leading Companies, Applications, Overview and Regional Analysis 2026 - News Times - February 25th, 2020
- US bill seen threatening encryption on tech platforms - EJ Insight - February 25th, 2020
- AES Encryption Software Market to Witness Increased Incremental Dollar Opportunity During the Forecast Period 2020 2026 | Dell, Eset, Gemalto, IBM,... - February 25th, 2020
- Malware and HTTPS a growing love affair - Naked Security - February 25th, 2020
- Hardware-based Full Disk Encryption Market To Witness Growth Acceleration During 2020-2026 | Western Digital Corp, Samsung Electronics, Toshiba,... - February 25th, 2020
- Encryption Software Market are anticipated to lucrative growth opportunities in the future by Product Type, Structure, End-user and Geography to 2027... - February 25th, 2020
- Proposed Bill Could Threaten Apple, Facebook Messaging Platforms - MSSP Alert - February 25th, 2020
- Zettaset to Participate in Cybersecurity Forum at Annual HIMSS 2020 Conference - Business Wire - February 25th, 2020
- Cloud Encryption Technology Market Analysis with Key Players, Applications, Trends and Forecasts to 2025 | Gemalto, Sophos, Symantec - Nyse Nasdaq... - February 25th, 2020
- US legislation to fend off end-to-end encryption of Facebook, Google and others - Financial World - February 25th, 2020
- Encryption on Facebook, Google, others threatened by planned new bill - Reuters - February 22nd, 2020
- What Is an Encryption Backdoor? - How-To Geek - February 22nd, 2020
- Sophos Takes On Encrypted Network Traffic With New XG Firewall 18 - CRN: Technology news for channel partners and solution providers - February 22nd, 2020
- Last Week In Venture: Eyes As A Service, Environmental Notes And Homomorphic Encryption - Crunchbase News - February 22nd, 2020
- CIA Encryption Meddling and Chinese Espionage Allegations Make It Clear: We All Need Strong Data Protection - Reason - February 12th, 2020
- Congress, Not the Attorney General, Should Decide the Future of Encryption - Lawfare - February 12th, 2020
- The code breakers: This vault is the epicenter in law enforcement's battle to unlock encrypted smartphones - USA TODAY - February 12th, 2020
- Enea Announces New Smart Tools to Identify Encrypted and Evasive Network Traffic - Yahoo Finance - February 12th, 2020
- Encryption Vs. Decryption: What's the Difference? - Techopedia - February 12th, 2020
- Labor Bill to fix Australian encryption laws it voted for hits second debate - ZDNet - February 12th, 2020
- Encryption Software Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026 - News Parents - February 12th, 2020
- Mobile Encryption Market to Grow Massively (2020-2025) By Size, Share, Price, Trend and Forecast | Blackberry, T-Systems International, ESET, Sophos,... - February 12th, 2020
- Child-Welfare Activists Attack Facebook Over Encryption Plans - The New York Times - February 9th, 2020
- How Attorney General Barr's War On Encryption Will Harm Our Military - Techdirt - February 9th, 2020
- Strong Opinions on Whether Police Calls Should be Encrypted - Government Technology - February 9th, 2020
- The EARN IT Act is the latest clueless attack on encryption, do not fall for it - Privacy News Online - February 9th, 2020
- Republican Senator Lindsey Graham introduces bill that threatens end-to-end encryption - World Socialist Web Site - February 9th, 2020
- Activists write to Facebook against encryption, says it will dent bid to curb child pornography - Hindustan Times - February 9th, 2020
- BBB Offers the Following Tips for National Clean Out Your Computer and Safer Internet Day WKTN- A division of Home Town Media - WKTN Radio - February 9th, 2020
- Optical Encryption Market Booming by Size, Revenue, Trends and Top Growing Companies 2026 - Instant Tech News - February 9th, 2020
- Federal government warning of voter coercion, foreign election interference through private messaging services - CBC.ca - February 9th, 2020
- Mobile Encryption Market 2020 Recent Industry Developments and Growth Strategies Adopted by Top Key Players Worldwide and Assessment to 2025 -... - February 9th, 2020
- Well-meaning charities urge Facebook to halt encryption plan to protect kids - 9to5Mac - February 6th, 2020
- How the B-Team watches over Australia's encryption laws and cybersecurity - ZDNet - February 6th, 2020
- Kids Need End-to-End Encryption for Protection Against Corporations - The Mac Observer - February 6th, 2020
- Encryption Backdoors: The Achilles Heel to Cybersecurity? - Techopedia - February 6th, 2020
- US Lawmakers Seeking to Ban Companies From Using End-to-End Encryption With a New Draft Bill - Bitcoin Exchange Guide - February 6th, 2020
- United States: a invoice towards end-to-end encryption? - Sahiwal Tv - February 6th, 2020
- TLS 1.0/1.1 end-of-life countdown heads into the danger zone - The Daily Swig - February 6th, 2020
- How Would a US Ban on End to End Encryption Affect Cryptocurrency? - Bitcoinist - February 5th, 2020
- Officials Ask Public to Weigh in on Encrypting Police Calls - Government Technology - February 5th, 2020
- Bluefin and FroogalPay Partner to Provide PCI-Validated Point-to-Point Encryption (P2PE) - Benzinga - February 5th, 2020