This site may earn affiliate commissions from the links on this page. Terms of use.

encryption head

So you want to transport an encrypted email. You lot criminal, you lot.

First, it'due south necessary to make a few basic points. Programs like Outlook and services like Gmail will talk almost offering "encrypted" email to their users, and they certainly do, merely that'due south not what we're talking most. Their encryption keeps your data safe while it's traveling through the diverse lines on its way from i user to another — very important. This can (frequently) stop eavesdroppers with access to the concrete lines of communication from abusing that admission to read the bits going through them. If that'south what you desire (and it's not a bad thought at all), that'south as easy as irresolute a settings selection.

There are as well a number of far more secure email services that offering aggressive end-to-end encryption methods. Those are a big step upwards in security, simply as the saga of Lavabit showed, leaving your emails on servers owned by real humans ways that those real humans might be compelled to take measures that will reveal your data. A adept rundown of encrypted electronic mail services can be found here, though they nearly ever come up with a monthly fee and sometimes only accept payment in cryptocurrency like BitCoin. The nigh secure I'm aware of at the moment is probably the Lelantos Project, only this space is changing virtually calendar week to week.

encryption 4The user-based encryption we're talking almost is far more robust, since information technology encrypts your letters even from the person who'south supposed to receive it, if they're non prepared to open up them. It doesn't give Google or everyone else the selection of encrypting or not — you're the one doing the scrambling, and then only yous and your chosen recipient(south) tin can decide if you both experience similar doing any unscrambling. If you receive a user-encrypted message in your Gmail account, Google can only ever read the garbled version, considering that's all the company ever actually received. It nullifies the trust element of security for everybody except for yourself and your recipient.

As a effect, information technology'south significantly more bothersome to ready upwardly and apply. Encryption isn't perfect by whatsoever means, merely with a good understanding of secure electronic mail transmission, you can make sure that nobody without significant time and resources tin can overhear on yous — and how many of united states of america are, realistically, worth government-level attempt?

encryption 3Showtime, hither's how computer encryption works in bones sense. In crypto, there is a problem called key distribution: it's easy enough to lock a file, only for an intended recipient to be able unlock it and read it, you have to get them a copy of the mathematical fundamental — and if you lot could distribute things like that safely, you could just use that fundamental-distribution method to send the message itself, and keys wouldn't be needed at all. The eventual solution was to utilize a then-chosen public-private key philharmonic, in which one user tin can lock a file with a publicly listed primal unique to a detail recipient, merely so simply a corresponding secret key held by the recipient can open it.

It's a adequately simple thought that was held back for years by the sheer difficulty of coming up with a mathematical operation that could do this — lock with one cardinal, then unlock with another. When such a method was offset discovered, it was called RSA. RSA didn't actually come into its own until information technology was put into do by a guy named Phil Zimmerman in 1991, with the release of a user-friendly software suite chosen Pretty Good Privacy, or PGP.

There are a number of like solutions include, but not limited to, PGP, OpenPGP, and GNU Privacy Guard, ofttimes called GPG.

We'll need to do iii things to get started: install the system itself, generate a public-private central pair, and publish our public key somewhere that people tin find it. There are some browser extensions that will automate some of this procedure — just frankly, if you're willing to give away control of that much to unknown parties, you can probably just get by with a paid encrypted email service anyhow. We're trying to practise it ourselves, here.

GPG makes things very simple. If you're using a Windows PC, you might want to endeavour GPG4Win, on Mac GPGTools. The procedures for getting started with these systems are broadly similar, with only slightly different program names and on-screen prompts.

encryption 2The GPGTools Suite is probably the most streamlined option. It uses a version of the Mac keychain called GPGKeychain to generate and manage any keys you lot make or encounter. When you make a new cardinal-pair for your own use, or enter someone else's public key so you tin can send them messages, GPGKeychain manages this data. This is the heart of your security earth from now on; someone with admission to this programme could get at your private keys, reading all encrypted postal service just as easily as you do. Brand sure you have a screen lock on any system with this program installed.

Creating a new key-pair is as easy equally clicking "New," and following the instructions. This is where you make up one's mind on what level of encryption you desire (the default is almost always fine), as well as what actual e-mail address volition receive the encrypted messages and the allonym that will be displayed. You can apply your real name if y'all'd like (I exercise) but y'all don't accept to if you'd like to remain bearding. Once you lot click create, y'all'll take access to a public cardinal for you lot to copy and host somewhere on the Internet.

The easiest manner to exercise this is probably to correct-click and Export the key in question as a text file. Open up it up and copy-paste the full cardinal (header/footer and all) into the submit box on this website. MIT hosts public encryption keys for anyone, for gratis — they're not the merely ones doing it, but they're the near reliable. If you lot don't want to trust MIT to keep the servers up indefinitely, try hosting it on your own personal webspace. You'll accept to publish the link somewhere, and then people can really discover it to bulletin you — Twitter bios are popular places to host links to public keys.

encryption 5At present, actually making utilize of these public/private keys to ship or receive emails takes another program from the GPG Tools Suite: GPG for Mail. If you receive an encrypted message without this installed, even one correctly encrypted with your public key, information technology volition appear as gibberish. By installing GPG for Mail, you teach the Mail app to put those keys to use both encrypting and decrypting letters. This means that if y'all were to lose or suspension the system with the properly patched Mail client on information technology, yous'd have to reinstall GPGTools to read your own encrypted messages — even those you lot've already opened and read in the past.

GPG4Win works much the aforementioned manner, with its ain key-managers and plugins for Outlook. Linux has by far the broadest set of encryption tools available, but they also tend to exist the nigh complex.

In the end, real user-based encryption is nevertheless fairly opaque to most users. On the other hand, a well-designed personal encryption regimen is the best communications protection it's possible to have correct now, and unlike professional encrypted e-mail services it doesn't cost a thing to operate. Yous'll need to do just a chip of DIY work to go information technology running, but honestly not all that much.

Now all you need is a real reason to be so secretive.

Check out our ExtremeTech Explains series for more in-depth coverage of today'southward hottest tech topics.