Security

Five free apps for encrypting email

Whether you are using an email client or a web-based email solution, you can encrypt your email.

6_secure_email_iStock.jpg
There are those that claim encryption is dead. Not so, says many small and medium sized businesses across the globe. There are plenty of reasons why you might need to encrypt an outgoing email – just as many reasons as there are ways. Whether you are using an email client or a web-based email solution, you can encrypt your email. I have searched for some of the easier (and free) means to successfully get those outgoing emails wrapped in a warm blanket of secrecy.

With the exception of one, these tools serve a singular purpose - to encrypt email messages. Each of them offers a fairly straight-forward learning curve that anyone should be able to get up to speed with quickly. That said, let's dive in and see what each of these tools can do for your encryption needs.

This article is also available as a TechRepublic Screenshot Gallery.

Five Apps

1. Enigmail

Enigmail is a Thunderbird extension that works in conjunction with GnuPG to encrypt email. This extension requires both Thunderbird and GnuPG to be installed on the machine in order for it to function. This extension works with Thunderbird versions 17-27 on both Windows and Linux. Enigmail also features support for in-line PGP, per-identity encryption rules, automatic encrypt/sign, integrated OpenPGP PhotoID viewer, OpenPGP key retrieval via proxy servers, and much more. Enigmail is available for Windows, Linux, Mac, BSD, and OS/2.

a1_enigmail_1.png

2. Mailvelope

Mailvelope is an extension for Chrome and Firefox that seamlessly integrates with Gmail, Yahoo Mail, Outlook.com, and GMX. With Mailvelope you can generate the necessary keys (which are stored on your local machine) and import other users keys. This extension works from within your web-mail client when you go to compose an email. In the email composition window a small button will appear (in Gmail it's in the upper right corner of the text area of the compose window) that you can click to encrypt the email. By default all outgoing email are all unencrypted, so you have to manually select to encrypt. For anyone who depends upon web mail, this is one of the best solutions for mail encryption.

b1_mailvelope_1.png

3. Infoencrypt

Infoencrypt is probably one of the easiest means to encrypt a one-off email. All you need to do is visit the site, type the email to be encrypted, type a password (and verify the password), and click Encrypt. The site will encrypt the email and post the encrypted text so you can then copy and past it into an email to be delivered to a recipient. Once the recipient gets the email, they go back to the site, paste the text into the window, enter the password you used to encrypt the email, and click Decrypt. Your email will be quickly decrypted for the recipient to read. It's that simple. Although not for the most ardent of security fanatics, Infoencrypt will work just fine for those needing simplistic email encryption.

c1_infoencrypt_2.png

4. Mymain Crypt for Gmail

Mymail Crypt for Gmail is a Gmail-specific extension for Google Chrome that makes encrypting your Gmail as easy as a few mouse clicks. Once you've installed the extension all you have to do is go to the Mymail Crypt options (from with the Chrome Extensions window), generate your key, import your friend's keys, and then open up Gmail. From within the Gmail compose window you will find three new buttons (bottom right corner): Encrypt and Sign, Encrypt, Sign. With those buttons you've got all the encrypting power you need for Gmail. Mymail Crypt is my favorite encryption tool for Gmail.

d1_mymail_crypt_1.png

5. Gpg4Win

Gpg4Win doesn't actually handle the encryption of email, but if you're going to use an encryption plugin for Thunderbird (or any other email client besides Outlook), this application is a must-install. Gpg4Win not only can generate keys for you, but also help you encrypt files. The installation of this software will install both the GPG system as well as Kleopatra, an easy to use GPG certificate manager. From Kleopatra, you will generate your own keys as well as import keys from others. With Gpg4Win installed, you will find tools like Enigmail not only possible on Windows, but far easier to use.

e1_gpg4win_1.png

Bottom line

If you're looking to get quick and easy email encryption up and running, you cannot go wrong with any of the above tools. Not only are they free, they are far easier than trying to get encryption working with Outlook and they won't bog you down with having to purchase and install certificates. Give one of these a try and see if it doesn't meet your email encryption needs.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

13 comments
OFD11
OFD11

"... only problem is that none of the people on my address list is using it. The problem is more one of raising awareness rather than dificulties in using the tools."


Agreed.  Not much good unless your correspondents are also using encryption, which is a problem/issue/challenge for me, too.  


"... The emails to and from these specific family email addresses would be automatically encrypted and decrypted at each end, and not encrypted if sent to other email addresses.  But this easy setup doesn't seem to exist."


Yeah, I wish there was something like that fairly easy to implement for people besides IT gurus and that would also work across platforms;  you'd think someone would have been working on this for a while by now. My own setup for the times when I want a little more security is to use encrypted files (TrueCrypt) if I'm sending files, and to run an offshore mail client from within a Linux vm on a dedicated Linux machine, with Tails and the Tor browser off a "hardened" router.   But this doesn't come up often;  mainly would be nice to have what glnx also wants to see.

dpcrn
dpcrn

It appears that several of these would be adequate for most of what I do.  However, will any of them meet the encryption requirements for the HIPAA and HITECH acts in the US?  

isteve
isteve

I would also add to the list www.securencrypt.com it's free, it works with any webmail, has android app, also works for files and sms.

javaluva2
javaluva2

Virtru (www.virtru.com) is very good too - very seamless

andyB9988
andyB9988

This is a very good article, 

I have been using a product called Galaxkey, it works really well, I was using PGP but had to reinstall and then looked for something easier.


I kept getting an invite from a friend and installed and lad I did its easy :D.

Their site is www.galaxkey.com they have iOS apps and android too :D


its great when things are easy.


Andy Birch 

dirkbraun
dirkbraun

This PGP based encryption is all very nice. The only problem is that none of the people on my address list is using it. The problem is more one of raising awareness rather than dificulties in using the tools.

This has changed a lot since a few years ago when PGP tools were much more difficult to use.

One Tool I also use and which is very comfortable is PGP desktop. It's paid for but with limit functionality you can install the file encryption and the important file wiping (secure deletion of files) for free.

artchris0002
artchris0002

As I read thru the list I found that Enigmail is not a solution as I don't use Thunderbird, Mailvelope will not work with the current version of Chrome and is in development for FIrefox. I could not find the Infoencrypt.com web site. I will try Mymain Crypt for Gmail soon. The last suggestion: Gpg4Win is not available to me as I use a Mac. Other suggestions?

Joy Phillip
Joy Phillip

I've used MyMail-Crypt for Gmail for some time.  Got my wife on it too and it was easy enough to talk her through doing on the phone while I was on my break at work.  The only problem is that it is specific to the email address.  If you have multiple addresses feeding into one on gmail or if you have sending privledges on multiple accounts, they won't be able to decrypt it at the other end.  You will have to generate keys for those email addresses too.  But once done, easy.  Also it DOES NOT encrypt attachments, only the text.

Chris Linstruth
Chris Linstruth

If PGP/GPG/OpenPGP is so awesome, why is it not built into every email client out there? Plugins are bad, mkay?

glnz
glnz

Nice article!  

Not familiar with encrypting email, maybe because it's still too limited as to the email programs at each end and not easy enough to use.  Would like to encrypt family small business email sent to and from a wide variety of email apps, like Outlook Express 6, Outlook (various versions), Apple's mail, and the native email programs in iPhone and iPad.  Each family member would have the password or key in advance.  The emails to and from these specific family email addresses would be automatically encrypted and decrypted at each end, and not encrypted if sent to other email addresses.  But this easy setup doesn't seem to exist.