Sending encrypted emails
No one likes a snoop! In this Crazy Modern World of surveillance, leaks, hackers and whistleblowers, it’s more important than ever to know how to keep your communications secure. This means encrypting emails so that they can only be read by you and whomever you’re communicating with.
Unfortunately no major email clients support encryption out of the box. But no need for tears! There are a bevy of add-on options, from support for standalone email clients like Outlook and Thunderbird to browser extensions to allow encryption in
Public key cryptography
The kind of encryption we’re going to be using falls under the banner of public key cryptography. In public key cryptography, you use two things:
1) A public key that you share with the world 2) A private key that you keep to yourself
When someone encrypts a message with your public key, only your private key can decrypt it. That means by putting your public key out into the world anyone is able to send you a message securely.
Because your private key can open any message sent to you, there are three rules for public key cryptography:
- Keep your private key secret.
- Keep your private key secret.
- Keep your private key secret.
PGP, OpenPGP, and GPG
PGP, Pretty Good Privacy, is a piece of encryption software released in 1991 by Phil Zimmerman. It’s now owned by Symantec.
Zimmerman then helped create OpenPGP, an open-source standard for PGP. This helped people avoid issues regarding PGP-related patents. It was released in 1997, and with a open-source standard now anyone could create software that supports encrypting and decrypted PGP messages.
GPG, GNU Privacy Guard, is an open-source implementation of OpenPGP compliant encryption.
So, PGP got written as closed-source software, OpenPGP was written as an after-the-fact standard, then GPG was made as the open-source version of PGP.
What can we do?
You can do a lot of things with OpenPGP-compatible software. The most useful for communication are:
- Receive a message from anyone that only you can read: so they can trust the communication will not be intercepted
- Send a message to someone that only they can read: so you know no prying eyes will read it
- Prove that you’re the sender of a message: so no one can impersonate you
- Confirm that someone else is the sender of a message: so you know you can trust a message
What software will I need?
There are plenty of options - some more user-friendly than others - but your best bets are
- Web-based email clients: You’ll want to use Mailvelope, a browser plugin for Chrome and Firefox.
- OS X outside of email: GPGTools, which lets you right-click and encrypt/decrypt from anywhere
- Windows outside of email: You can follow this gpg4win guide