Tip of the Trade: E-mail Encryption

Tuesday Dec 11th 2007 by Carla Schroder

PGP and GPG ensure e-mail stays between the sender and its intended recipient.

When you send a cleartext, unencrypted e-mail, you are saying "I don't care who reads the contents of this message, I don't care if someone possibly alters the contents, and I don't care if someone else pretends to be me." Doubtless it is not your intention to say these things, but it is an unfortunate fact of life that this is the result.

Discuss this article in the ServerWatch discussion forum

Unsure About an Acronym or Term?
Search the ServerWatch Glossary

Ordinary cleartext e-mails can be intercepted and read by anyone with access to the wires between you and your recipient. This could be snoopy sysadmins, or anyone who has successfully compromised a server, router or network. Sometimes getting onto a network is easy — unsecured, poorly-secured and rogue wireless access points are big fat red welcome mats for all the wrong people. Did you know that inside jobs, just like in old-time industries like retail and manufacturing, represent the largest percentage of thefts and unauthorized snooping in computer networks? The numbers given vary, but it's safe to say it's a sizable majority.

The easiest and best way to secure your e-mail transmissions from end-to-end is to use Pretty Good Privacy (PGP) or its open source/free of cost sibling, Gnu Privacy Guard (GPG). PGP/GPG depend on encryption/decryption key pairs. You have a private key, which you guard zealously and never ever let anyone else get their hands on. Your public key can be distributed freely; many people even post their public keys on Web sites. The way it works is genius-simple: Anyone who wants to send a message to you encrypts it with a copy of your public key. Then you decrypt it with your private key. Your message is completely protected in transit and immune to eavesdropping and altering.

GPG works on any system on which it can be successfully compiled, which is most Linux and Unix systems. You may also compile and run it on Windows. Windows and Mac OS X users will probably want something a bit easier, such as GPG4Win and Mac GPG.

PGP costs money and comes in many different flavors. It has support, as well as some nice management tools. PGP and GPG are completely compatible, and in fact share the same code base. So you can encrypt and decrypt messages freely between the two programs. It's the best of all worlds — a very easy way to protect your e-mail with very strong encryption.

Mobile Site | Full Site