Email Security: Email Encryption
Last month, due to recent events - the closure of the mail service with LavaBit encryption , Google's statements that Gmail does not guarantee data security , the transition of Germany’s largest email services to encrypt email , the Internet has increasingly begun to talk about ensuring the privacy of private correspondence. Let's start with simple solutions.
Most of us use mail from GMail, so it would be good to teach him to encrypt letters. Fortunately, there is already an extension for Google Chrome - SecureGmail .
')
It is easy to use - when creating a secure letter, you must specify a password and a hint, in case the password is forgotten:
One of the drawbacks of the extension is that the recipient needs to know this password in order to decrypt the letter:
So far there is only an extension for Google Chrome, which must be installed both on the recipient and on the sender. In addition, you can not answer the decrypted letter, you must create a new one, and the encrypted letter does not fall into drafts. But despite these shortcomings, SecureGmail is a good tool for ensuring secure correspondence straight from GMail.
For Firefox, there is a similar addon - Encrypted Communication . The principle of operation is the same, the plugin must be installed both at the sender and the recipient.
In addition to ready-made browser extensions, there is a more elegant solution using LifePack (Pretty Good Privacy) PGP (Pretty Good Privacy) encryption ( The article describes the configuration process in much more detail, somewhere too). It is suitable for desktop email clients Thunderbird and Postbox, as well as most web applications (Gmail, Outlook, Google Apps, Yahoo, etc.). This method uses two keys - public and private, with which the letters are encrypted and decrypted. The recipient must know the public key; for this, the sender can publish the Private key online, for example on his website, or send it in an ordinary letter to all potential recipients.
PGP encryption scheme:
To configure you will need:
First of all, you need to install GNU Privacy Guard , which will generate a pair of keys - private and public. Then you need to put Enigmail for your email client. After installation, the menu item "OpenPGP" will appear, where you can generate keys:
After that, you must export the keys, saving to a safe place. Now when creating a letter, you can select the item “Encrypt Message”:
To support web-based email applications, you need to configure Mailvelope, which is available as extensions for Chrome and Firefox . The process is described in the video:
This setting of encryption of emails takes more time, but by doing it once, you can feel all the advantages of the method: you can use one pair of keys in desktop clients and in web-mail, in addition, PGP encryption has proven itself from the positive side.
Securegmail
Most of us use mail from GMail, so it would be good to teach him to encrypt letters. Fortunately, there is already an extension for Google Chrome - SecureGmail .
')
It is easy to use - when creating a secure letter, you must specify a password and a hint, in case the password is forgotten:
One of the drawbacks of the extension is that the recipient needs to know this password in order to decrypt the letter:
So far there is only an extension for Google Chrome, which must be installed both on the recipient and on the sender. In addition, you can not answer the decrypted letter, you must create a new one, and the encrypted letter does not fall into drafts. But despite these shortcomings, SecureGmail is a good tool for ensuring secure correspondence straight from GMail.
Encrypted Communication
For Firefox, there is a similar addon - Encrypted Communication . The principle of operation is the same, the plugin must be installed both at the sender and the recipient.
PGP (Pretty Good Privacy)
In addition to ready-made browser extensions, there is a more elegant solution using LifePack (Pretty Good Privacy) PGP (Pretty Good Privacy) encryption ( The article describes the configuration process in much more detail, somewhere too). It is suitable for desktop email clients Thunderbird and Postbox, as well as most web applications (Gmail, Outlook, Google Apps, Yahoo, etc.). This method uses two keys - public and private, with which the letters are encrypted and decrypted. The recipient must know the public key; for this, the sender can publish the Private key online, for example on his website, or send it in an ordinary letter to all potential recipients.
PGP encryption scheme:
To configure you will need:
- GNU Privacy Guard (GnuPG), GPGTools (OS X) or Gpg4win (Windows)
- Thunderbird or Postbox mail clients
- Enigmail - OpenPGP addon for Thunderbird and Postbox
- Mail envelope for Chrome or Firefox and Gmail, Outlook, Yahoo, etc. web applications
First of all, you need to install GNU Privacy Guard , which will generate a pair of keys - private and public. Then you need to put Enigmail for your email client. After installation, the menu item "OpenPGP" will appear, where you can generate keys:
After that, you must export the keys, saving to a safe place. Now when creating a letter, you can select the item “Encrypt Message”:
To support web-based email applications, you need to configure Mailvelope, which is available as extensions for Chrome and Firefox . The process is described in the video:
This setting of encryption of emails takes more time, but by doing it once, you can feel all the advantages of the method: you can use one pair of keys in desktop clients and in web-mail, in addition, PGP encryption has proven itself from the positive side.
Source: https://habr.com/ru/post/190130/
All Articles