I really wish this was easier.
It should be easier.
But it’s not.
The fact is, encrypting email is cumbersome, and solutions that should work easily don’t work consistently. I’ll look at why encrypting email matters, and then I’ll give you some alternatives, starting with the one that’s the easiest to use.
Why encrypt email?
An https connection to your mail account only encrypts the information between your computer and the mail server. Email itself is sent and stored in plain, unencrypted text. While on your mail provider’s server, and on your recipient’s server, the email is visible to mail service personnel.
On top of that, you have no control over whether any encryption is used when transmitting that mail from server to server. In theory, anyone with access to the network path taken to make the transfer could “listen in” and view your messages.
Finally, you have no control over how your recipient connects to their email. If they don’t use a secure connection, they could easily be downloading your email in the clear.
If you’re looking for complete security for your messages, the only solution is to encrypt the email message itself.
Unfortunately, that’s not as easy as it sounds.
By far the most practical way to encrypt email for the average user is to send your message as an encrypted attachment.
- Write your message in a program like Notepad, Word, or whatever text or document editor you prefer.
- Save that message to a file on your hard disk (example: message.txt for notepad, or message.doc for a Word document).
- Encrypt that file, using a tool like AxCrypt, 7-Zip, or even GnuPG.
- Email the encrypted file, as an attachment, to its destination.
- Convey the password or encryption key to the recipient by some other means. This is important: if a malicious individual captures the encrypted package, they may be able to capture the password, if you sent it using the same technique. Pick up the phone, send a letter, text, instant message, or use completely different email accounts on both ends using completely different computers in completely different locations.
There are, naturally, a couple of caveats.
Make sure you chose an encryption program your recipient can use. Your recipient will need to be able to run the corresponding decryption tool.
Make sure you choose an appropriately difficult password/passphrase. Just like account log-in passwords, encryption passwords are subject to brute-force attacks. The simpler your password, the easier it is for someone to decipher it and decrypt your message.
This process is not pretty, and the steps involved make it a barrier to doing regularly, but it works.
With that out of the way, let’s look at two approaches that more closely match how it should work.
Buried in the advanced security dialogs in Outlook and account security setting dialogs in Thunderbird (and similar places in some other email clients) is the concept of using digital certificates to sign and encrypt email.
These are, essentially, the same kind of certificates used to protect https websites, and in general, they’re purchased the same way. Like website certificates, these certificates can be used for two purposes:
- To digitally “sign” your messages to confirm you as the author of the message, and confirm that the message has not changed since you signed it. (This isn’t encryption, it’s validation.)
- To allow people to send you encrypted messages such that only you can decrypt them.
That last one is a little counterintuitive. To encrypt a message, you don’t use your own encryption certificate; you use that of the person to whom you’re sending the encrypted message. That way, only they can decrypt it. (In reality, certificate-based encryption, like https, is quite complex and relies on public key cryptography, discussed below.)
This is a fine approach, and once set up, can be nearly transparent. As long as both you and your recipient use the same encryption mechanism, your emails are transparently encrypted and decrypted when sent or viewed. While stored on your machine, on your recipient’s machine, or somewhere in between, the messages are securely encrypted.
Unfortunately, it suffers from a couple of problems preventing widespread adoption:
- Not all email programs and interfaces support it.
- Certificates either cost money, or are cumbersome to obtain.
- All parties involved need to use the same system for it to work.
PGP (Pretty Good Privacy) and GPG (Gnu Privacy Guard, the open-source equivalent) are very similar to the certificate-based encryption scheme above. They rely on public key cryptography, which, in a nutshell, boils down to this:
Two really large numbers, A and B, are created, and share a special relationship:
- Anything encrypted with “A” can only be decrypted by “B”.
- Anything encrypted with “B” can only be decrypted by “A”.
You make either A or B public, and keep the other one private.
Let’s say I make my “A” number public (which I have), and keep the “B” number private – only I have it. You can now encrypt a message to me using my public key “A”. Only I can decrypt it with my private key “B”.
To encrypt email to someone, you need their public key (their “A”, in my example). For someone to send an email only you can decrypt, they need your public key. The private key (“B”) is needed to decrypt it.
PGP and GPG are just standard techniques and tools to manage those two “numbers”, more commonly called keys, or key pairs.
The good news about GPG is that all the parts are free. The bad news it can be
fairly really geeky. I wrote an article about using it some years ago: How do I send encrypted email?, which walks through the steps. I don’t recommend it for the average user, but if you’re at all technical, or just enjoy this kind of geekery, you can see what it entails.
Most email programs do not include support for GPG/PGP keys. Thunderbird does have an extension, “Enigmail“, that adds support quite nicely, and there’s a Chrome browser extension called “Mailvelope” that adds encryption to Gmail.
The weakest link when you encrypt email
I have to include a word about trust.
All the encryption in the world won’t help a whit if you can’t trust the person at the receiving end. They have to keep passwords safe, if you use them, and they have to keep your private message private, if that’s the intent of your encryption. They also have to practice safe computing – your message will be decrypted on their computer, and hence visible to any malware that might be present there. Heck, if their computer is stolen and they happened to keep the decrypted message, that email is now in the hands of someone else.
So, in addition to doing the right things with your sensitive information yourself, make sure your recipient has an appropriate level of understanding as well.
That’s something that technology just can’t fix.