What Is an Encrypted Email?

Encrypted Email

Do you remember the first email you ever sent? It was a long time ago, and most likely, you weren't thinking about the security of the information you're transmitting. Now, though, you probably are worried, and you have probably heard that emailing sensitive information is a bad idea. Why is that?

Email's woeful security

The first ever email was sent in 1971. SMTP (or Simple Mail Transfer Protocol), the standard that we continue to use for sending and receiving emails, was first defined in 1982. Needless to say, there have been updates and improvements, but fundamentally, email uses technology that was designed at a time when internet security wasn't a problem because the Internet didn't exist. At least not in the way it does today.

Nowadays, when you send an email, a number of different parties handle your message before it ends up in the recipient's inbox. And since the message is sent in plaintext by default, there's nothing to stop these parties (or a person that has compromised their systems) from reading it. In other words, the information you transmit via an email is completely exposed to quite a few eyeballs. What can you do to protect it?

Encryption: the answer to email's security concerns

Encrypting your email doesn't change the way it travels around the world before it reaches its recipient. The message will go through the same route, and it will still be visible to the same parties. The information in it will be unreadable, however. The problem is, unreadable data isn't terribly useful for the recipient, which means that there needs to be a way of decrypting it. And it needs to be secure.

Pretty Good Privacy

There are other ways of encrypting information in an email, but the most popular one is with PGP which, in case you're wondering, stands for "Pretty Good Privacy." PGP was actually the program that started it all. Launched in 1991, it's quoted as the first widely used application to implement public-key cryptography. Later, Phil Zimmerman, PGP's creator, released OpenPGP – an open standard that many applications use to encrypt email messages. With the history lesson out of the way, it's time to see how it works.

Think of an encrypted email as a message locked in a box. Obviously, a lock is operated with a key. If the same key opens and locks the box, you'll have problems transferring the key in a secure manner and making sure that nobody else gets their hands on it. If you have two different keys, one that locks the box, and another that unlocks it, however, things are much easier.

With OpenPGP, you have exactly this: a public key that encrypts the email, and a private one that decrypts it. Your find the recipient's public key and use it to encrypt the email. When they receive it, they use their private key to decrypt it and see the information inside. Apparently, the sender needs to know the public key of the receiver, and if the message is to remain a secret, the private key must remain, well, private.

This, in a nutshell, is how OpenPGP works, and there are a number of applications that use the standard. Some are easier to use than others, and if you want everything to be completely automated, you have encrypted email providers like ProtonMail that also implement OpenPGP in their systems.

Earlier this year, researchers discovered possible attacks against PGP-based applications which could theoretically expose encrypted emails. A lot of people overreacted and called for the abolishment of the standard, but after a closer inspection, it became apparent that the security hole is in the implementation rather than the protocol itself. So, while it pays to shop around and look through the various alternatives, it's safe to say that most applications using OpenPGP are secure and reliable.

The growing popularity of instant messaging applications and other ways of communicating online means that most of us don't use our email very often. As a result, we tend to forget how insecure it is by default, and when we do need to relay sensitive information through it, we inadvertently put it at risk. Hopefully, you now know what you can do to stop this.

June 28, 2018

Leave a Reply