Not just for spies or whistleblowers
Need to send someone some very sensitive data in an encrypted email message? Of course, you can always send it via normal email channels, but you run the risk of having your email read by someone who knows how to capture email messages as they are sent across the Internet. When it comes to encrypting email, you have to encrypt the connection and encrypt the email itself.
The first problem is partially taken care of by the email provider. For example, when you use Gmail, the connection is encrypted using SSL and you’ll notice the HTTPS in the address bar.
This means anything you send from your computer to Gmail servers will be encrypted. However, once the email leaves Google’s servers and goes across the Internet, it may not be encrypted all the way to its final destination. At that point, you have to ensure the email itself is encrypted, so even if it were to be intercepted by someone, it would just be gibberish.
Implementing encryption inside of your current email client, whether it be Gmail or Outlook, requires initial setup and a few extra steps for the recipient to read it. Unfortunately, no email provider provides in-built encryption that works transparently between sender and receiver. Google has said it’s testing end-to-end encryption for Gmail via a Chrome extension, but as of the writing of this post, it hasn’t yet released the tool.
So basically your only choices are installing complicated encryption programs on your computer or into your browser via extensions and then exchanging public keys with the person you want to send the email too or simply using an online service for sending encrypted messages. The latter option is far easier and basically only requires the recipient to enter a password that you provide to them separately via email, phone, text, etc.
In this article, I’ll list out a couple of tools for sending encrypted emails without the major hassles of installing encryption software and using your actual email client for sending encrypted email. I’ll make sure to update this post when Google releases their end-to-end encryption tool for Gmail. The only caveat that there will probably be that the service won’t work unless both sender and receiver are using Google Chrome and Gmail. I guess it’s still better than nothing.
If you’re only interested in sending encrypted email to a small number of people who also don’t mind setting up encryption on their end, then follow this guide here which explains how you can setup encryption in an email client like Thunderbird or Postbox or even in Gmail or Yahoo, but with the same restriction that the recipient will need to use encryption software also.
Setting up your own encryption is also a good idea if you’re sharing highly sensitive information and you can’t trust any third-party entities. All the services I mention below are private companies subject to US law, which means that a government agency could force them to decrypt anything on their servers if presented with a warrant. Even if they can’t decrypt the data for police, they will be required to give up the encrypted data. If the police can then crack the encryption, you’re out of luck.
Secure Mail for Gmail
As I mentioned earlier, Google is going to release an encryption extension for Chrome soon, but in the meantime, you can check out Secure Mail for Gmail, which does pretty much the same thing. Once you install the extension, you’ll notice a new lock icon next to the Compose button.
If you click Compose, you’ll get the normal compose window in Gmail, but if you click the lock icon, you’ll get a secure email form as shown below with a red heading and the words “Secured” at the top.
Type your message in normally and then click on the Send Encrypted button. A new dialog will pop up that will ask you to enter the encryption password.
The recipient will receive an email with a bunch of encrypted text with a link to download and install the Secure Gmail extension. As mentioned before, it’ll only work if the recipient is using Gmail and Chrome, otherwise, they won’t be able to read the contents of the email.
Overall, it’s a great solution for one specific purpose and since I use Gmail a lot and most of the people I email also use Gmail, it ends up working out well. Sometimes I just have to convince them to use Google Chrome, but that’s about it. Hopefully, this extension will be extended even further in the future with version for different browsers in addition to support for other email services.
Lockbin does all of the dirty work of encrypting the data for you using a strong encryption algorithm, etc, so all you have to do is think of a password and click Send.
Here’s how it works: when you want to send a message, you first need to think up a secret word or password, which will be used by their cryptographic algorithm to encrypt and store the email on their servers. Then you need to transmit this password to the person who will be receiving the email via phone, text message, IM, or via unprotected email!
Then the receiver visits Lockbin and enters his password to decrypt the email in his/her local browser. The actual decryption does not take place on the server and hence no data is being transferred across the Internet during the decryption process. As soon as the email is opened, the encrypted message is deleted from the Lockbin servers forever; no copy or backup is kept. Here’s how my message “I have a secret” is stored on Lockbin servers.
When the user opens the encrypted email, it can be printed or exported as a PDF by the recipient. If no one ever views the message, it will remain encrypted on Lockbin servers for up to 6 months before being deleted.
Sendinc Email Encryption
Sendinc has a couple of solutions to the secure email problem that I really like. Firstly, the free service they offer lets you send 20 messages per day with up to 10MB attachments. The other two features I really like are the free smartphone app and the free Outlook add-on. This allows you to send secure emails from your phone or from Outlook without having to worry about encryption keys.
On the recipients end, all they need is a web browser to be able to view the emails. In order to use the service, you have to create an account and the same is true for the recipient if they want to read the message. Sendinc doesn’t require you to create a password because any recipient who gets the email will be able to decrypt the contents as long as they create an account. That’s more convenient, but you have to be more careful that the link does not get into the wrong hands.
Overall, it works just fine and I like the fact that they have mobile apps and an Outlook add-in. To receive encrypted emails back from the recipients, they will have to use the service in the same way. In all of these cases, it’s basically like using a new email provider just for sending secure emails.
There are a bunch of other sites that pretty much do the same thing as mentioned above, so I won’t list those out since these work extremely well and have the most features, etc. Again, email is inherently insecure and until someone comes with a better way to do email, you’ll be stuck with these half-baked solutions that require using third parties for sending emails or requiring you to install fairly complex software on your machine and the recipients machine. If you have questions, post a comment. Enjoy!