What, Why and How to encrypt an Email Conversation?
Email is one of the oldest and foremost used tools for formal or casual exchange of messages between two systems or persons through electronic devices. Earlier days, its development is intended for connecting other ends with a fast and accurate transfer of messages but now its development is focussed on securing the exchange of communication between two persons from being listening to it by a third person. But how far it is important for us to use secure tools for communication?. Here we discuss about how your email data is used to advertise on you and also some of the tools (or methods) to complete our job of securing our conversations.
This is based on a session talk given by me ( Praveen Gorla ) and Rajasekhar Ponakala at Kasetsart University , 2018 Barcamp on — Privacy, Surveillance ( Indian Biometric — Aadhar Surveillance) and Encryption (email)
“Encrypt — Your data is your privacy”. Securing your data is what it protects your privacy, for this, Cryptographic methods play a more role in securing everyone’s conversations. Unfortunately, these are only methods that everyone can rely on for securing trusted communication, and these methods are one of the oldest and powerful methods used to encrypt your data, means converting your data into other unreadable or untraceable form which cannot be intercepted by third party except the person or the system you intended for. So we will explore some of the trusted open source tools that secure your communications to protect your privacy.
When your friend asks you to encrypt your email — especially Gmail.
When you want to send an email and your friend asked you to encrypt it before sending but you don’t know why and how to encrypt!
When your friend explains how “Plain Texted Email” exchange works
In general, when Ani(you) sent a plain texted email via gmail.com, it can be intercepted by Google Gmail server(or other malicious systems). As it is a plain text, Google Gmail can analyse Ani’s and Bob’s conversation, and based on the behavioural analysis it can advertise on you and sell your data. — So there is no point of secure communication which protects your personal conversation.
When your friend explains you about how “Encrypted Email” exchange works
When Ani(you) sent an encrypted email via gmail.com to Bob. Google Gmail can’t read or analyse Ani’s and Bob’s conversation, because of encryption only Bob can read. It (Google Gmail) literally cries on you both(Ani and Bob). So, it can’t sell data or advertise on you both(Ani and Bob).
When you know the importance of encryption -especially email but don’t know how to encrypt.
Its far more simple, Here Ani (you) can use “GnuPG” tool to generate her public and private keys (RSA 4096 bit recommended, for more techinical documentation on key generation visit my Gitlab). The public key is sent to friends such as Bob (or to public key servers such as pgp.mit.edu) and Private Key is stored in a secure place( You should not let others know your private key, it is advisable to print it and not to store on any other digital means such as cloud servers).
Ani’s public key can be used by Bob to send an encrypted email or a message to Ani. When an encrypted email or a message is received by Ani, she can use her private key to decrypt it.
When you generated your public and private keys but don’t know how to use them to send an encrypted email.
Ani (you) needs to install Thunderbird (email client) in her computer(Linux OS is recommended) and then she needs to install “Enigmail”- Thunderbird addon. Use your Gmail login credentials in Thunderbird, and to send an encrypted email to Bob, “enigmail” in Thunderbird email client uses Bob’s public key in your system(or by fetching it from public keys). So Bob, who has his private key which is paired with is public key can only decrypt the received email.
Similarly in case of Ani, for decrypting a received email, “Enigmail” in Thunderbird email client uses her private key in the system (as generated in the previous step) to decrypt to plain text message.
When you find the process of sending an encrypted email is such a simple
You got to know that your conversations are protected and secured which in turn protects your privacy. And when you friends says that “Mailvelope” — a Firefox (also chrome) addon. As a webclient it can directly encrypts and decrypts your emails on the web, especially on gmail.com. It can do the same(previous step) while storing your private keys in the local system.
Note: This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License by Praveen Gorla . Which means that you(readers) can reuse, edit, attribute, share as long as you share alike with same license.
*GnuPg is a trusted free and open source tool by gnupg.org for generating pgp keys . GnuPG is Licensed under GNU GPL(A free license)
