Emails are a common part of our private and professional communication. However, there seems to be no awareness of the vulnerability of each individual email sent. In many cases, emails travel across a variety of servers and countries, regardless of whether the recipient lives on a different continent or just on a different floor in the same building. The structure of the internet makes this possible.
As a result, anyone with the neccessary technical knowledge can intercept, read or even change emails at any node during transport. And he or she can write emails in your name.
The time to encrypt your emails is now
These are not delusions by crackpot conspiracy theorist: PRISM, email monitoring at Yahoo and phishing attacks are just a few current examples of why now (once again) is the best time to encrypt your emails. Apart from this, unencrypted emails are no longer compatible with data protection requirements, especially since the introduction of the General Data Protection Regulation (GDPR).
Email encryption standards
Let’s start with two terms, OpenPGP and S/MIME. Both name standards for email encryption. More precisely, they are data formats that are used for encrypted and digitally signed files. When it comes to encrypting emails, these two are the de-facto standards.
OpenPGP is based on PGP from 1991 and is often referred to as PGP encryption.
S/MIME dates back to 1995 and is also a standard for encryption and digital signing.
Both are based on the principle of hybrid encryption, a mixture of asymmetric and symmetric encryption. This means that there are initially two different keys, a private key and a public key (asymmetry). This concept is also known as Public Key Infrastructure (PKI) because of the use of public keys.
The use of public and private keys can be compared to the use of a padlock and the corresponding key. The recipient makes his lock, i.e. the public key, available to all communication Partners. This public key is used to encrypt the emails. Decryption is only possible with the private key in possession.
Asymmetric encryption is then used to encrypt a symmetric session key that is used to encrypt the actual data.
Encrypting emails with OpenPGP
The PGP in OpenPGP stands for Pretty Good Privacy. As already mentioned, two different types of keys are required:
- A public key in the possession of the sender. With this key, senders can encrypt data and verify signatures.
- A private (secret) key that is in the possession of the recipient. This key is used for decryption.
To use PGP encryption, the sender must have their private key and the public keys of all recipients.
Both keys can be generated with the appropriate software. The public key must then be distributed, for example by publishing it on a website or attaching it to emails. In this way, the communication partners come into its possession and can encrypt emails.
Digital signatures ensure credibility
But how can I be sure that someone else’s public key is authentic? The solution is provided by digital signatures, i.e. checksums, which are formed from the data of the public key to be signed and the email content.
With OpenPGP, the mutual signing of the public keys creates the so-called Web of Trust. This mutual signing of the public keys by the users of OpenPGP creates the certitude that a key is authentic. Of course, it is important that you (and others) only sign a public key if you are sure of the identity of the owner.
Email encryption with S/MIME
S/MIME stands for Secure/Multipurpose Internet Mail Extension and is also a standard for encrypting and digitally signing emails. As with OpenPGP, email encryption in S/MIME is based on the use of public and private keys. Here too, the sender must be in possession of both his private and public keys.
Email security through certificates and signatures
However, a certificate according to the X.509 standard is required to create the two keys. These certificates are created locally and then signed by a Certificate Authority (CA) – which shows the fundamental difference between S/MIME and OpenPGP: The credibility of a public key in S/MIME is based on a hierarchical certificate system, not on the Web of Trust.
With both S/MIME and OpenPGP, it is possible to digitally sign emails and thus prove the authenticity of the email. This is particularly relevant in times of sophisticated phishing attacks. This signature, which can be automatically added to emails, also transmits the public key to the recipient. The latter can then send you encrypted emails.
Another way to share your public key are key servers like Open Keys. Here you can publish your public key so that others can find it and use it to encrypt emails.
Encryption software for secure email communication
Many companies avoid the necessary and overdue step to implement effective and organisation-wide email encryption, often because these companies shy away from the effort involved. They may also fear that individual employees are forced to spend a lot of time encrypting emails: Private and public keys must be managed, secured and protected. The public keys must also be distributed, and the users must be trained.
Automatically encrypt Outlook emails
However, it is not necessary for each individual employee to concern themselves with the technical details. With the appropriate encryption software, your email encryption is automated.
Outlook emails, for example, are automatically encrypted by the encryption Software; the individual employee does not even notice that he or she is sending an encrypted email. Even PDF files can be encrypted in this way and sent directly from Outlook. The public keys of your communication partners are also centrally managed and stored securely.
Encryption software also ensures that employees do not endanger the company through by carelessness or mistakes; security policies are automatically enforced company-wide.
Encrypt all emails now
Be it contract details, invoices or other internal company data, every day you send emails with sensitive content to customers or partners on journeys around the world. To be sure that confidential information remains confidential during these trips, and to be certain About the identity of your Counterpart, you need powerful encryption software