Ever since the NSA leaks the debate has started once again over privacy, encryption and security. People from all walks of life now wonder how much privacy they truly have online and try to find out ways to protect themselves — for the first time in many cases. Perhaps the most obvious type of communication is email, yet it is also the least secure. The mailing system was never designed to be secure or private, with everything being completely open and with no security or authentication whatsoever. Servers would communicate over insecure links, addresses could be spoofed endlessly, and servers would accept messages from anyone who said HELLO.
Since the early days of the Internet we’ve had some improvements in email security. While early clients would connect to mail servers using POP or IMAP, both of which were plain text by default, now the vast majority of servers support SSL encryption over these protocols. At least your user name and password aren’t sent in plain text anymore. While SMTP, the protocol used to send mail, also has an encrypted version, most servers do not use it when talking to each other. So while your messages may transit over an encrypted link for the last bit of their voyage, the previous connections were likely open for all to see.
The chance that e-mails can be seen over the wire is not the only issue either. The law governing these things is very old, and the way the US government interprets it means that anything older than 180 days is seen as abandoned. This means if you leave messages in your Gmail or Hotmail account, or even on your business hosted Exchange server, they become available for any law enforcement agency without a warrant, or even probable cause. All they need to do is ask, since those messages are no longer yours. Of course, even newer emails barely need any kind of judicial process to access. A FISA court can submit a secret order to Google, Microsoft or Apple, and all your messages will be sent to the government without you ever finding out about it. That is, if they hadn’t already intercepted them on those insecure connections.
So why is it that email encryption isn’t more widely used? It would solve all of these problems in one go. The issue, of course, is convenience. Right now, it’s fairly annoying and not that obvious to start encrypting all of your messages. But if you want to do it, here’s how.
There are two ways to encrypt or sign messages. The first one is using S/MIME, a very similar method to SSL connections. The way this works is with a digital certificate that is issued to you by a trusted authority. The actual protocol is derived from the PKCS #7 data format, and most email clients support S/MIME. Once you get a certificate, many of which are free from firms like Comodo or InstantSSL, you download a file ending with a .p7s extension and you add it to your e-mail application. Then, you gain the ability to sign messages to prove that they come from you, at which point the recipient will receive a message with an attachment. This attachment is your signature and can be read by any email reader which supports S/MIME.
This whole process is typically fairly straight forward and makes S/MIME the most transparent way to get started with email encryption. When you go to one of the Certificate Authorities (CA) you can download the certificate directly from the site, add it to your email software, and start using it right away.
If you don’t know how public key cryptography works, I highly suggest checking out the Wikipedia article, but basically once someone receives a message with this attachment, they get your public key. This is what they use to then encrypt messages that only you can decrypt using your private key. If you want to send encrypted messages, then you need the public key of the people you write to. Getting these certificates is a major hurdle to email encryption. S/MIME is mostly used inside of corporations. If you have a Windows-based network for example, you can use your Active Directory infrastructure to automatically distribute the certificates to all employees, so everyone can send encrypted emails to each other. But over the Internet, that’s a different story.
The more popular form of encryption over the net is called PGP or Pretty Good Privacy. Strictly speaking, the protocol is OpenPGP, and PGP is a commercial program that is sold to take advantage of email encryption. Most people instead use GPG, the open source version of PGP made by Gnu.
In many ways, PGP is similar to S/MIME in that both use public key cryptography. However, with PGP you don’t rely on a central authority. Instead, you create your own private/public key pair using the PGP software. This makes it a bit more involved to get started. You need to go to the GPG web site where source code and binaries are available for various platforms. Once installed, you have to generate your own key. However, PGP also has the concept of key servers to allow the distribution of keys. You can upload your public key to a key server and others can then search for it, then download it, in order to send you encrypted messages. However, because you basically self-signed your own keys, there is no way to know whether a particular key is valid or not. You could make up a key pair for any email address, and no central authority can validate it. This is why PGP has the concept of key-signing parties. You can contact friends who will validate your key and sign them.
I, for one, wish email encryption was ubiquitous, but we’re far from there still. Does your organization use email encryption software? Tell us about your solution.