These days, a significant amount of sensitive communication is sent and received through email, such as bills, bank statements, business transactions, or just simple greetings from a friend or family member. Unfortunately, email at its core is a very insecure way to communicate and the result is that our most sensitive information is easily accessible. Emails can easily be intercepted by a hacker, or an employee at an ISP or email service can read messages as they pass through their servers. Consequently, email is incredibly easy to intercept, leaving the user's information and identities at risk.
Securing your email with public key encryption prevents snooping and therefore protects you and your information. Email encryption doesn't prevent interception from happening, but it does prevent anyone but the intended recipient from reading it. Email encryption also has features that ensure the integrity and authentication of the message to ensure you're receiving the message from the actual sender and that nothing has been altered in the message.
When you encrypt a message, only the intended recipient can read it. Anyone else who sees the message will only see gibberish and random characters. Email encryption is done with a type of encryption algorithm which ensures that there is no feasible way that the actual message can be derived from the gibberish; if someone gets a hold of a message, there's no feasible way for them to ever know what the content of the message is.
Email encryption can be done manually through encryption software like GnuPG, or through a secure email service (see idcloak for more information on secure email service). When done manually, there are several steps to follow for each message to become encrypted, authenticated and signed for integrity. On the other hand, when using a secure email service all of the encryption, integrity and authentication processes are done automatically, without any user intervention. Furthermore, if done properly, even the secure email service provider cannot read your email.
Whether or not you want to encrypt your email messages yourself or use an encryption service, the following describes the fundamental steps of email encryption.
Email encryption, whether done manually with GPG or through an email encryption service, is most commonly done with Public Key Cryptography. Simply, public key cryptography encrypts and decrypts data with a key pair: a public key and a private key that correspond with one another. Email encrypted with the public key can only be read by decrypting the message with the corresponding private key.
With this technique, the user has to generate a key pair before they can begin sending and receiving secure communication. For example, Bob and Alice, before sending or receiving encrypted email, have to generate their own key pair; they both need a public key and a private key. They generate this key pair through a key generation program as shown in Figure 1.
Part III: How to Encrypt Messages
Copyright © 2014 idcloak Technologies Inc. - All Rights Reserved