What does encrypting an email do?

Email encryption is a security measure that encodes an email message so that only the intended recipient can read it. What does encrypting an email do? Hiding, and specifically encrypting emails is a process designed to prevent cybercriminals, especially identity thieves, from obtaining valuable information that they can use for financial gain.

The email technology has long been a popular way to share information, but it also opens up the possibility of exposing confidential data to unauthorized access. This can include electronic employment contracts and pay slips for employees, business correspondence with a counterparty containing trade secrets, personal data of customers and employees, internal departmental reports and documentation, and other restricted information. Email encryption plays a key role in protecting sensitive information from such threats.

However, you cannot always be sure that an intruder will not gain access to the information contained in emails. Most emails are encrypted in transit, but stored in clear text. In other words, third parties, such as the owners of the mail server, can see their contents. This means that even though emails are encrypted during transmission, they can be vulnerable to access by third parties, such as server owners or hackers, who can potentially read the contents without the sender or receiver's knowledge.

This is why it is very important to use modern methods to protect information transmitted over the Internet — email encryption.

How email encryption works

To encrypt the email’s contents, plaintext (readable text) is encrypted into ciphertext (unreadable text). The data or text is encrypted with a unique encryption key and can only be decrypted with a unique decryption key.

The ciphertext is completely unreadable to humans and extremely difficult, if not impossible, to crack.

When you encrypt an email message, the entire message is converted into seemingly random, unreadable characters and numbers. Only the recipient can then decrypt the message. Of course, the recipient must have the decryption key.

To ensure that only the recipient can read the message, the parties can use either a symmetric or asymmetric encryption method.

In a nutshell, symmetric encryption is when the sender encrypts an email message and shares the key with the recipient — this can be done through different means of communication online, over the phone, or even in person. Symmetric encryption uses the same key to encrypt and decrypt the message.

A more secure but more complex encryption method is asymmetric encryption. Asymmetric encryption means that both parties have a set of keys: a private key and a public key.

Unlike symmetric encryption, which uses the same key to encrypt and decrypt, asymmetric encrypted messages cannot be decrypted with the same key that was used to encrypt them.

Messages encrypted with the public key can only be decrypted with the private key, and vice versa: messages encrypted with the private key can only be decrypted with the public key. The public and private keys are mathematically related.

The public key can be stored with your name and email address on a public server that anyone can access.

For example, you could find someone's public encryption key and email address, then send them an email and encrypt the email with the recipient's public key.

This process ensures that the email is unreadable (encrypted) in transit. It is encrypted and cannot be read by anyone who might try to intercept and eavesdrop on the message.

The only person who can decrypt the message is the recipient — using their private key, because the email has been encrypted with their public key.

Popular encryption algorithms

There are many encryption algorithms used to protect data in emails. Let's take a look at the most common and widely used email encryption algorithms.

• RSA (Rivest-Shamir-Adleman) is an asymmetric algorithm developed in 1977. It uses two keys, one public and one private. RSA provides a high level of security, but has a low speed for encrypting and decrypting large amounts of data.

• AES (Advanced Encryption Standard) is a symmetric encryption algorithm developed in 2001. It offers high encryption and decryption speed and good resistance to hacking, but requires a shared secret key between sender and recipient.

• DES (Data Encryption Standard) is a symmetric encryption algorithm developed in the 1970s. It was widely used in the past, but is now considered outdated and insecure.

• Blowfish is a symmetric encryption algorithm developed in 1993. It offers high encryption and decryption speed and good resistance to hacking.

• Twofish is a symmetric encryption algorithm developed in 1998. It is an improved version of the Blowfish algorithm and provides even greater resistance to hacking.

• Triple DES is a symmetric encryption algorithm that is an enhanced version of DES. It uses three keys for encryption and provides a higher level of security than DES.

• ChaCha20 is a symmetric encryption algorithm developed in 2008. It offers high encryption and decryption speed and good resistance to hacking. ChaCha20 is currently used in many applications and operating systems, including Google Chrome and Android.

Types of email encryption

• PGP (Pretty Good Privacy) is a software solution for encrypting emails and ensuring the privacy of communications. It uses a combination of asymmetric and symmetric encryption.

• S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard that enhances the security of the standard email protocol. It uses asymmetric encryption and digital certificates to ensure the security of email. S/MIME allows email senders and recipients to encrypt and decrypt messages, and to create and verify electronic signatures.

• TLS is an encryption protocol that ensures secure data transmission via email for both incoming and outgoing messages. Its use helps prevent eavesdropping between email servers and maintains the privacy of messages as they move between email providers. All modern email services support TLS.

Encrypted vs unencrypted email

Unencrypted email is any email that is sent in plain text without any form of encryption. This means that the email content is not scrambled, allowing anyone who intercepts it to read the message in its original form.

Advantages of unencrypted email

• Ease of use: Sending unencrypted email is simple and requires no additional steps or software.

• Compatibility: All email providers can send and receive unencrypted email without compatibility issues.

Disadvantages of unencrypted email

• Lack of privacy: Unencrypted email can be easily intercepted by malicious actors, including hackers and government agencies. This poses a significant risk to sensitive information such as personal details, financial data or confidential business communications.

• Data integrity risks: Without encryption, email can be altered in transit without the knowledge of the sender or recipient, resulting in misinformation or compromised data.

Encrypted email uses cryptographic techniques to protect the email contentl, making it unreadable to anyone without the correct decryption key.

Advantages of encrypted email

• Enhanced privacy: Encrypted email protects sensitive information from being read by unauthorized parties and ensures that only the intended recipients can access the email content.

• Data integrity: Encryption can help verify that the message has not been altered in transit, ensuring that the email content remains authentic.

Disadvantages of encrypted email

• Complexity: Setting up and managing encryption can be complicated and requires the use of specific software or tools. Both the sender and the recipient must have compatible encryption systems.

• Usability issues: If users forget their decryption keys or passwords, they may permanently lose access to their email.

How to start encrypting your emails

Email encryption might seem daunting, but it's actually quite straightforward. Here's a breakdown of how to start:

1. Choose an email encryption method

Start by choosing an encryption method that suits your needs. The two most common ones are:

• S/MIME (Secure/Multipurpose Internet Mail Extensions): This is built into many email services such as Outlook and Apple Mail and requires a digital certificate.

• PGP (Pretty Good Privacy): This method is often used with third-party apps or add-ons and gives you more control over your encryption keys.

2. Get a digital certificate or encryption key

• For S/MIME, you'll need a digital certificate, which acts as an ID for your email. You can get one from a trusted Certificate Authority (CA) such as DigiCert or GlobalSign.

• For PGP, you need to create a key pair (a public and private key) using a tool or software such as GnuPG or an email client with PGP support.

3. Install and configure encryption tools

• For S/MIME: Once you have received your digital certificate, you will need to install it in your email client. Most email services have step-by-step guides to help you with this process.

• For PGP: Install a PGP-compatible application or plugin (such as Gpg4win for Outlook or Mailvelope for Gmail). Import your encryption keys and configure the plugin to work with your email.

4. Exchange keys or certificates with recipients

• For encryption to work, both you and the person you're emailing need to exchange public keys (PGP) or digital certificates (S/MIME). This allows you to encrypt messages so that only the recipient with the correct key can decrypt them.

5. Encrypt and send emails

Once everything is set up, sending an encrypted email is easy:

• Compose your email as usual.

• Select the encryption option (this may be a padlock icon or a menu option).

• Make sure the recipient has the required certificate or public key.

• Send your encrypted email, safe in the knowledge that it is protected from unauthorized access.

6. Test and verify

• Before relying on encryption for sensitive data, test it by sending an encrypted email to yourself or a trusted contact. This will ensure that everything is working correctly and that you can decrypt messages on the receiving end.

Conclusion

All in all, email encryption is an integral part of information security in today's world. It allows you to protect confidential information from unauthorized access and reduce the risk of data leakage. However, to achieve maximum effectiveness, it is necessary to comply with information security regulations and use advanced encryption technologies.