How to Encrypt Emails

April 16, 2019

10:00-11:00AM PST

Email encryption software is an important security tool that everyone should utilize, yet the use of email encryption remains fairly uncommon. In part, the slow uptake of email encryption comes down to difficulty finding and activating the features required to ensure your emails are encrypted. If you have tried to turn your standard email provider into a fully-encrypted email platform, you have probably run into some setbacks.

The fact is, although encryption has been around for some time, it isn’t exactly easy to access or use on standard mail clients like Outlook and Gmail. Widespread adoption of email encryption has also lagged due to a lack of understanding about what encryption is, how it functions, and why it is important. For some individuals and businesses, ensuring your email communications are encrypted may be entirely optional. For others, adopting an end-to-end encryption solution is a mandatory requirement for compliance with relevant regulatory structures. How you interact with and transmit personally identifiable information (PII) or electronic protected health information (e-PHI) can have a significant impact on whether you are compliant with regulatory requirements.

In this article, we’ll break down how to encrypt an email. We’ll look at what encryption is, how to send encrypted emails, and why you might want to encrypt your emails. While it is possible to encrypt your emails using common web-clients such as Outlook, it is not as convenient or seamless as many would like. For this reason, if you are considering adopting an end-to-end encryption solution, a third-party service may offer the right combination of ease of use and accessibility for both your staff and your email recipients. Gaining a better understanding of how to encrypt emails will empower you to make an informed decision about whether your current encryption efforts are sufficient for your data security needs.

What is Encryption?

To put it simply, encryption is the process of obscuring the contents of an email and allowing those contents to only be readable if one has a key to unlock the outgoing messages. Encryption is based on cryptography, which has roots reaching back long before the modern computer age. The basic principle is the same, however. Before computers, if individuals didn’t want a message read, they would scramble the contents according to a predetermined pattern or code. So long as the recipient also had access to this pattern, referred to as a cipher,  they could understand the message. To an outside observer that didn’t have access to the cipher, the message would appear to be meaningless.

Modern email encryption works much the same way, except older style ciphers have been replaced with algorithms. Instead of having to decode your message, your computer does it for you, provided you are able to unlock it. The core purpose of encryption is to obscure the contents of data during the time that it is between the sender and recipient. In this sense, encryption bolsters privacy. This should be distinguished from security during transmission, in the sense that someone could feasibly still steal an email or document in-transit to its destination. However, if that email or document is encrypted they can’t actually open it and read the contents.

How Does Encryption Work?

Here's how email encryption works. Encryption has a couple of moving parts that are important to grasp. The first is that alongside the encryption that obscures the contents of an email, you must have a key that allows the intended recipient to open the email and read the contents. The encryption component provides the privacy you are looking for, while the key authenticates the recipient. To understand this, consider how many emails arrive in your Junk inbox with a sender address that has the name of a trusted sender, but upon closer inspection, the sender is actually different. This is known as spoofing and is relatively easy to do. So, how do both the sender and recipient of encrypted email ensure that the other party is who they say they are? They do so through keys.

There are two broad categories of encryption that exist today. The first is symmetric-key encryption, and the second is public-key encryption.

Symmetric-Key Encryption

Symmetric-key encryption requires both the sender and recipient to have the key saved on their computer or device in order to open an email. The strongest type of symmetric-key encryption today is AES 256 bit, a standard currently in use by U.S. Military and Government Agencies. Symmetric-key encryption is so strong that it is literally impossible to break unless you have the correct key.

Public-Key Encryption

The second, more common method that emails are encrypted with is through a system known as public-key encryption. With this method, emails are encrypted and decrypted through a combination of public and private keys. A private key is stored on your computer, and a public key that can be readily accessed by anyone is stored publicly. The process governing the management of these public keys is known as Public Key Infrastructure (PKI). This method also requires a sender to adopt a digital signature, which is essentially a validation by a trusted third-party, referred to as a Certificate Authority, that verifies you are who you say you are. These expire periodically and must be renewed.

How Does Email Encryption Work?

At this point, you are probably curious how email encryption works on a day-to-day basis. Here’s how:

  1. The sender finds a public key for the recipient. Using this public key they encrypt the email and send the message.
  2. The recipient must authenticate the sender. They find the sender’s public key, verify the digital signature on the message, and decrypt the email.

The above example is assuming an email encryption method that utilizes PKI, which includes the encryption methods built into many email clients. Nearly anyone can set-up encryption for their favorite email platform, yet most people don’t. The reason why is because it is a confusing process that requires actions on behalf of both the sender and recipient. In some cases, there are other barriers standing in the way of easy encryption.

The process for encrypting emails in Outlook reflect this. If you want to encrypt emails in Outlook you’ll need an Office 365 subscription. From there, you’ll need to be assigned a digital ID or digital signature. This is usually provided by your organization or can be managed by an external Certificate Authority such as DocuSign. Once you have a digital signature, you’ll have to enable one of two encryption methods in Office 365 and be sure to sign your email with your digital signature because the recipient must have access to this digital signature in order to decrypt the email contents. Once the email is sent, the recipient compares the digital signature with the public key to authenticate the sender, and can then safely open the email.

For a comprehensive breakdown of how to add encryption to Outlook, check here. In summary, the process isn’t as simple or as streamlined as either the sender or recipient would like. While it is possible to set up, it just isn’t convenient. It also requires an Office 365 subscription. Outlook is not a favorable choice for businesses (even SMB) because it’s not designed for companies who are looking to adopt or manage company-wide security policies. This is because there is no oversight and it’s not convenient for employees won’t add encryption if recipients find it a hassle to decrypt. It should be noted that to enable enhanced encryption for Gmail is only available for certain accounts. Users must have either G Suite for Education or G Suite for Enterprise accounts in order to enable enhanced encryption with Gmail.

Alternative Encryption Methods

While it is possible to have your email set-up to be encrypted within your native email platform, it is far easier to utilize 3rd-party software solutions like Trustifi to automate the process. Encryption software such as Trustifi uses military-grade encryption while also making the entire process as streamlined as possible.

When using a standard email platform’s built-in encryption you must receive a digital signature, encrypt the message, and send the email along with the digital signature. In order to authenticate that the sender is actually who they say they are, the recipient must compare the digital signature with the public key for that sender. Once they have authenticated the sender they can open the email. If they wanted to reply to an encrypted email they would have to repeat the process. So, in order for a sender and recipient to send an encrypted email back and forth from one another, they would have to each have a digital signature on file and know the public key of the other party.

If this sounds like a hassle, that’s because it is. Solutions like Trustifi make the entire process much more streamlined. Trustifi encrypts the email on the sender side. Multi-factor authentication is used to ensure that the recipient is the one intended to receive the email. Once authentication is complete, they can open the email and even reply with a second encrypted communication. At no time does the recipient need to have Trustifi installed to be able to receive and reply to encrypted emails. At the same time, the sender has numerous ways to verify that the email was sent to the correct recipient, and can even note when and where it was opened.

Closing Thoughts

In today’s digitally driven world, data security is a paramount concern. While we spend time and resources hardening our network assets and infrastructure against external penetration, we seldom look at the email platform we use on a daily basis as a security risk. The reality is that email is rarely encrypted, and is therefore vulnerable to theft or unwanted access. In order to ensure that only the intended recipient has access to your email, you’ll need to rely on a platform that provides end-to-end encryption services. If you are interested in integrating end-to-end encryption into your emails, please contact Trustifi today.



Try Trustifi Today


See if Trustifi Is Right for Your Organization