Email Encryption
??Sumit Jain ????
Helping Businesses Spearhead Cyber Defense | Building Team | MSP | Awareness | ??CEO @Threat ResQ??? Book a Discovery ?? Now!
Email encryption involves encrypting, or disguising, the content of email messages in order to protect potentially sensitive information from being read by anyone other than intended recipients. Email encryption often includes authentication.
As PC World points out, it’s not just those who may email sensitive information, such as Social Security numbers, login credentials, or bank account numbers, who need to encrypt their email. Hackers who gain unauthorized access to an email account can access attachments, content, and even hijack your entire email account.
Email is a vulnerable medium, particularly when emails are sent over unsecured, or public, Wi-Fi networks. Even emails sent within a secure company network can be intercepted by other users, including your login credentials. Encryption renders the content of your emails unreadable as they travel from origin to destination, so even if someone intercepts your messages, they can’t interpret the content.
EMAIL ENCRYPTION: WHAT TO ENCRYPT
PC World points out three primary things you should encrypt:
- The connection from your email provider
- Your actual email messages
- Your stored, cached, or archived email messages
Encrypting the connection prevents unauthorized users on the network from intercepting and capturing your login credentials and any email messages you send or receive as they leave your email provider’s server and travel from the server to server around the Internet.
Encrypting email messages before they’re sent means that even if a hacker or anyone other than the intended recipient should intercept your email messages, they’re unreadable and essentially useless.
Finally, if you store backed-up email messages in an email client, such as Microsoft Outlook, hackers may gain access despite password protection of your accounts and even your device. Email encryption ensures that even if access is obtained, the content of your email messages is unreadable.
WHAT EMAIL ENCRYPTION DOES
There are a variety of technology tools that can be used to encrypt email. A personal email certificate is one method of protection that digitally signs your messages, reducing the amount of spam messages that can be sent using your name and email account. This digital signature lets recipients know whether the messages they receive were actually sent by you; spoofed email messages will not contain the digital signature, tipping recipients off that the message may contain spam or malicious content.
Email encryption relies on a Public Key Infrastructure or PKI, in most cases, a combination of a private key (known only by you) and a public key (known only to those you choose to distribute it to or even made publicly available). Those sending emails that they want to encrypt would use the public key, while the intended recipient would use the private key to decrypt those messages into a readable format. In the PKI model, anyone can use a public key to encrypt email, but each encrypted message can only be decrypted by a unique private key.
Best practices for email encryption include consistently encrypting all messages you send and receive. Encrypting only email messages containing sensitive information raises a flag to hackers, pointing them directly to the messages that are most likely to contain valuable, sensitive information – the very information you’re trying to prevent outsiders from gaining access to in the first place.
When you encrypt all email messages as a standard practice, hackers wishing to access your personal information have a more substantial task in front of them. Decrypting email messages one-by-one in search of a single message containing sensitive information is a daunting and tedious task that even the most dedicated hackers may feel is not worth the effort.
Encryption for Email
Email encryption applies the principles mentioned earlier to email. Users publish a public key that is accessible by others in order to encrypt messages. The sender also has a secret private key that is used to decrypt (decode) the messages and encrypt (code) their own messages.
The email messages are scrambled into an unreadable format in order to hide them from the bad guys. The public key is used to encrypt and is shared with everyone. The private key is used to decrypt and is private.
Think of the decoder ring example: Companies send out thousands of coded (encrypted) messages to consumers. But the decoder rings (the decryption) are only owned by private individuals.
Encryption Methods
While the basic concept of encryption is detailed in the prior section, there are specific methods that expand upon the foundation. The overall goal is always security: Protecting the information sent in the message from unwanted eyes. Keep in mind, however, that no security option is infallible: There are hackers out there, and they want your information.
There are numerous methods for email encryption; this lesson will discuss three major players in encryption:
- PGP
- S/MIME
- TLS
PGP: Pretty Good Privacy
PGP (Pretty Good Privacy) is a hybrid approach: When user data is encrypted with PGP, PGP compresses the text; this not only saves disk space but increases security. A lot of hacking attempts try to read the plain text but may stumble on the compressed information.
Next, PGP creates a session key, which is a one-time use secret key. The text is encrypted, including the session key with it; the public encrypted session key is sent along with the coded/encrypted text.
On the receiver's side, the decryption works in reverse order: The recipient uses a private key to retrieve the session key, and PGP then decrypts the encrypted code.
S/MIME
S/MIME stands for Secure Multi-Purpose Internet Mail Extension. S/MIME uses a digital signature as well as encryption to secure the email transmissions.
The following occurs when the message is created:
- The message is entered/composed
- Unique information regarding the sender is retrieved
- A digital signature is added to the message using the sender's unique information
- This signature is added to the message
- Message is sent
When the message is received at the other end, the following occurs:
- Message received
- The digital signature is read
- The message body is read
- Identifying information from the sender is read
- Signing operation is run on the message
- The digital signature on the message is compared against the signature read on receipt
- If the signatures match, the message is verified