I really wish this was easier.
It should be easier.
But it’s not.
The fact is, encrypting email is cumbersome, and solutions that should work easily don’t work consistently. I’ll look at why encrypting email matters, and then I’ll give you some alternatives, starting with the one that’s the easiest to use.
Become a Patron of Ask Leo! and go ad-free!
Why encrypt email?
An https connection to your mail account only encrypts the information between your computer and the mail server. Email itself is sent and stored in plain, unencrypted text. While on your mail provider’s server, and on your recipient’s server, the email is visible to mail service personnel.
On top of that, you have no control over whether any encryption is used when transmitting that mail from server to server. In theory, anyone with access to the network path taken to make the transfer could “listen in” and view your messages.
Finally, you have no control over how your recipient connects to their email. If they don’t use a secure connection, they could easily be downloading your email in the clear.
If you’re looking for complete security for your messages, the only solution is to encrypt the email message itself.
Unfortunately, that’s not as easy as it sounds.
Encrypted attachments
By far the most practical way to encrypt email for the average user is to send your message as an encrypted attachment.
- Write your message in a program like Notepad, Word, or whatever text or document editor you prefer.
- Save that message to a file on your hard disk (example: message.txt for notepad, or message.doc for a Word document).
- Encrypt that file, using a tool like AxCrypt, 7-Zip, or even GnuPG.
- Email the encrypted file, as an attachment, to its destination.
- Convey the password or encryption key to the recipient by some other means. This is important: if a malicious individual captures the encrypted package, they may be able to capture the password, if you sent it using the same technique. Pick up the phone, send a letter, text, instant message, or use completely different email accounts on both ends using completely different computers in completely different locations.
There are, naturally, a couple of caveats.
Make sure you chose an encryption program your recipient can use. Your recipient will need to be able to run the corresponding decryption tool.
Make sure you choose an appropriately difficult password/passphrase. Just like account log-in passwords, encryption passwords are subject to brute-force attacks. The simpler your password, the easier it is for someone to decipher it and decrypt your message.
This process is not pretty, and the steps involved make it a barrier to doing regularly, but it works.
With that out of the way, let’s look at two approaches that more closely match how it should work.
Certificate-based encryption
Buried in the advanced security dialogs in Outlook and account security setting dialogs in Thunderbird (and similar places in some other email clients) is the concept of using digital certificates to sign and encrypt email.
These are, essentially, the same kind of certificates used to protect https websites, and in general, they’re purchased the same way. Like website certificates, these certificates can be used for two purposes:
- To digitally “sign” your messages to confirm you as the author of the message, and confirm that the message has not changed since you signed it. (This isn’t encryption, it’s validation.)
- To allow people to send you encrypted messages such that only you can decrypt them.
That last one is a little counterintuitive. To encrypt a message, you don’t use your own encryption certificate; you use that of the person to whom you’re sending the encrypted message. That way, only they can decrypt it. (In reality, certificate-based encryption, like https, is quite complex and relies on public key cryptography, discussed below.)
This is a fine approach, and once set up, can be nearly transparent. As long as both you and your recipient use the same encryption mechanism, your emails are transparently encrypted and decrypted when sent or viewed. While stored on your machine, on your recipient’s machine, or somewhere in between, the messages are securely encrypted.
Unfortunately, it suffers from a couple of problems preventing widespread adoption:
- Not all email programs and interfaces support it.
- Certificates either cost money, or are cumbersome to obtain.
- All parties involved need to use the same system for it to work.
PGP/GPG-based encryption
PGP (Pretty Good Privacy) and GPG (Gnu Privacy Guard, the open-source equivalent) are very similar to the certificate-based encryption scheme above. They rely on public key cryptography, which, in a nutshell, boils down to this:
Two really large numbers, A and B, are created, and share a special relationship:
- Anything encrypted with “A” can only be decrypted by “B”.
- Anything encrypted with “B” can only be decrypted by “A”.
You make either A or B public, and keep the other one private.
Let’s say I make my “A” number public (which I have), and keep the “B” number private – only I have it. You can now encrypt a message to me using my public key “A”. Only I can decrypt it with my private key “B”.
To encrypt email to someone, you need their public key (their “A”, in my example). For someone to send an email only you can decrypt, they need your public key. The private key (“B”) is needed to decrypt it.
PGP and GPG are just standard techniques and tools to manage those two “numbers”, more commonly called keys, or key pairs.
The good news about GPG is that all the parts are free. The bad news it can be fairly really geeky. I wrote an article about using it some years ago: How do I send encrypted email?, which walks through the steps. I don’t recommend it for the average user, but if you’re at all technical, or just enjoy this kind of geekery, you can see what it entails.
Most email programs do not include support for GPG/PGP keys. Thunderbird does have an extension, “Enigmail“, that adds support quite nicely, and there’s a Chrome browser extension called “Mailvelope” that adds encryption to Gmail.
The weakest link when you encrypt email
I have to include a word about trust.
All the encryption in the world won’t help a whit if you can’t trust the person at the receiving end. They have to keep passwords safe, if you use them, and they have to keep your private message private, if that’s the intent of your encryption. They also have to practice safe computing – your message will be decrypted on their computer, and hence visible to any malware that might be present there. Heck, if their computer is stolen and they happened to keep the decrypted message, that email is now in the hands of someone else.
So, in addition to doing the right things with your sensitive information yourself, make sure your recipient has an appropriate level of understanding as well.
That’s something that technology just can’t fix.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
If you use Thunderbird using the add-on Enigmail makes the process painless. It acts like a front end for the more painful parts of GnuPG.
27-Feb-2009
–quote–
Right, but then everyone you send encrypted or signed email has to either have Thunderbird + Enigmail, or some other more painful solution to decrypt or validate.
-quote-
True, but my concern is making my life easier. If someone wants to use a painful solution to decrypting my email that is hardly my fault or concern.
01-Mar-2009
I have to ask. How often is it really necessary to encrypt your email?
01-Mar-2009
I gave Thunderbird + Engimail a try. The installation is not as straight forward as I like. Need to first install Thunderbird, and then GnuPG. After that I need to go to Thunderbird -> Tool to add the Engimail plugin. Can’t they make the whole things into one package?
Creating the key is easy – there is a wizard for it. I notice it says the key is good for 5 years. What will happen after that? Will my emails encrypted/signed by the old key stop working?
Encrypting is easy as well – just press the OpenGPG button. I notice it actually put some encoded strings in the email when I view it from gmail directly. But in Engiemail, it automatically decrypts it. Very nice!
However, now I run into a problem. How do I send encrypted emails to other people? I tried my other email account and Engimail complains it couldn’t find the key. Looks like the recipient must first have a key in the server? This seems broken… What do I miss here?
01-Mar-2009
I just started using voltage secureMail from voltage security to encrypt my email and I have to say it is the easiest email encryption solution I have ever used. After I installed it, all I had to do to send secure email was click the added “send secure” button in outlook. Also, it doesn’t matter if the person I am sending to doesn’t has secureMail, they can still read the message after they verify themselves. I think it has an advantage of PGP because it uses identity based encryption, which effectively makes my email address my public key. This is a great feature so i don’t have to keep looking up the public key of everyone I want to send email to. I would definitely recommend SecureMail to everyone. Have you ever tried SecureMail Leo?
03-Mar-2009
Come on, you said nothing about FireGPG for webmail GMAIL in Firefox http://getfiregpg.org/ It works just fine! And it’s free. Any upgrades come as naturally and automatically as any Firefox plugins, so it never gets outdated.
04-Mar-2009
Bottom line, don’t send anything by email you don’t want anyone else to see. If it’s that sensitive there’s still registered mail or certified mail w/return receipts…might take abit longer but atleast it’s safe…
I have done a LOT of searching for an easy and free email encryption service to use, and quite frankly there are no “free” versions out there that are user friendly and allows you to manage the keys yourself and at the same time worrying if your recipient can read when it gets there. As far as sending the occasional email that needs to be encrypted I prefer to use hushmail.com it is not a large sized account for the free version, but if you are worried about the information you are going to be sending it works and it’s easy to use. I do agree you are relying on someone else managing you keys, but lets face it some people just turn on the computer check email and surf the net for a while and that is it. In my opinion email encryption today is simply too much for the average user to handle. By the way I do like to use and recommend off-the-record (OTR) for my instant messenger client……
I’ve been playing with some free email encryption softwares in last few days. Here are the things I tried so far:
Hushmail – Easy to use. However I can’t use my existing gmail account. The recipient needs to be a registered user, or I need to provide a secret question and answer. No installation required but need to go back to hushmail to get the email.
FirePGP – easy to use, love the integration with gmail. I can actually send encrypted email directly on Gmail’s page! However, I can’t send email to other people, and recipient needs to install the software and use firefox.
Sendinc – Need to use their page to send the email. Can send to anyone, but needs to go back to sendinc’s page to read the email.
Opaqueware – easy to use, integrated with gmail. Can set time limit and get notification! Can send to anyone, but recipient needs to install the software.
So far, I like Opaqueware more. Both FirePGP and Opaqueware let me encrypt on my machine – I don’t want the provider to see my email. Opaqueware let me encrypt to anyone and I really like their notification.
Got this when I tried AxCrypt link:
Not Found
The requested URL /d-axcrypt was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Are they out of business?
07-May-2009
I have installed Opaqueware to use with Outlook 2007. When I click encrypt, pop window appears saying ‘The page you are looking for cannot be found’!
Not sure what is going on as the app is using IE settings.
Leo,
As always your advice & information is concise, spot on, but best of all, easily understood by us that do not fully understand computer talk.
Good onya?
Russell Iles
From deep down under Australia
thaanku leo :)
the image was very helpful :D
Thanks for this article. It’s now on the front page of Google for Email Encryption help. I have really struggled to get a SMIME certificate installed, and finally gave up after the person I wanted to send to had zero success. It’s amazing that such valuable technology is nearly impossible to implement successfully. We resolved our problem by signing up a free account at https://lockbin.com We’re using their Outlook add-in.
One thing I discovered that a lot of people are having trouble with: you can’t download a SMIME certificate from a cert authority using Chrome browser. It just doesn’t work. Try IE or Firefox instead.
for the lazy – look up the Proton mail
Remember BOTH the sender and recipient must use the same encryption technology. It’s not enough for YOU to use something, your recipient must also be able and willing to use something compatible. That’s not always the case, and often quite a barrier to widespread adoption.
Why did you not suggest encrypting with the built-in encryption in Word, Excel and Acrobat?
Depending on the version of the tool app-specific encryption can be weak. Consider also that it’s a feature of a program designed to do something else – often even an afterthought. Dedicated encryption tools are just that: designed specifically for encryption.
That being said, modern versions of popular apps tend to have adequate encryption for most puposes.
I use Protonmail,com for encrypted mail . They’re based in Switzerland, a country with very strict privacy laws. The service is invented and run by a bunch of egghead scientists from the CERN accellerator. They have a method where you can send an encrypted message to a person who does NOT have a corresponding encryption program. The message simply contains a link to Protonmail where the recipient has to enter the password you’ve sent to him by another channel, and the message is decrypted. 500mb of message storage is free and you can buy more as\t a nominal price. This makes sending an encrypted message absolutely painless. Go to protonmail.com for a full rundown.
On checking, I see that even my antique Outlook Express has a facility for encrypting outgoing messages (Tools > Options > Security) but I don’t know whether they could be decrypted with other programs. It might be worth mentioning that WinRar contains a facility for password protecting its files: of course, the recipient would also have to have WinRar, but it is widely used.
Austen Ray: Microsoft Office’s encryption since the 2007 version is pretty good. I think Bob doesn’t list it or Acrobat because they are not free. The free Open and Libre Office have the same capability to encrypt individual files and are are file-compatible with the Microsoft product. All of the offices are fairly large programs, installing one just to encrypt something would be overkill.
Since this article was originally written, AxCrypt has dropped off the recommended list for many people, including me. AxCrypt v2 now requires an account with Axantum, stores the password on their server, and does not allow different passwords for different files. Stick with v1 or the slightly more clunky AES Crypt.
I use Lockify (lockify.com). Works good enough for me.
It’s impossible to see exactly how it works without signing up, which makes me VERY uncomfortable.
I use Proton Mail, based in Switzerland. They do all the hard work for you, and you don’t have to trust people with keys.
Leo, I’d love to see a 2022 update to this. Thunderbird now has PGP integrated in the software, rather than forcing you to install third-party applications. Protonmail allows you to choose RSA or EC encryption algorithms, and converse with non-Protonmail users using PGP. I know very little about Tutanota, but their paid plans seem very reasonable. Many things have changed since this article was written. Could we see an update in the near future?
Honestly, it’s still as broken as it ever was. I love that those email providers and tools are incorporating GPG encryption, but honestly until it becomes native and easy in the major players like Outlook.com, Gmail, and in major programs like Microsoft Office’s Outlook, it still just as messy as its ever been.
It seems like it would be relatively easy to incorporate GPG into an email program, and as long as the sender and receiver were both using the same email program or compatible plugins, and exchanged keys, it would be as easy to send encrypted email as it would plain text. The only things that it would be necessary to do is create a key pair when installing the program or the plugin, and the program could have a button pr press to send attach the key.
It would even be possible to make this compatible between different email programs.
Absolutely. It’s possible. However it isn’t nearly as simple as it needs to be for the average user not to get totally lost and confused. AND the “cost of failure” is high — messages you encrypt that because it’s easy to mismanage keys you can no longer read. It’s like self-ransomware when done improperly, and it’s easy to do improperly.
This is all theoretical, but the self-ransomware disaster could be avoided by saving a plain text version of the email in the sender’s sent mail folder. I’m not saying it’s trivial, but a well-designed plug in, or better yet, encryption module built into a browser could make it almost trivial to the user.
Yes, all these things are possible. Implemented even — Thunderbird and ProtonMail are two examples, and have been for years. But the interoperability issues are a minefield. Imagine the questions we’d get about not being able to read an important email message.