Showing posts from June, 2012

A Complete Guide to Encrypting and Signing Emails

A friend of mine recently asked how PGP email encryption works, and I remember how hard it was for me to understand how it all works, so I decided to write this guide to email security.

If you just need to know how to sign and encrypt emails, go to headline 3.1 to use OpenPGP or headline 3.4 to use S/MIME
1. Email Security - An OverviewWhenever you write an email, it is sent to the receiver in clear text. Email sevices like Gmail support TLS (Transport Layer Security) that encrypts the message in transition, but the email is still stored in clear text on the end user machine. In information security, we have something called the CIA triad that consists of 3 areas: Confidentiality, Integrity and Availability. In this post, we will only focus on the first 2 areas, and we will start with a subsection of integrity called authenticity.
1.1 Email AuthenticityWhen you receive an email from someone, how can you be sure of the following:

1. The email was not altered in transition.
2. The em…