As promised in my post on email threat models, today I am going to begin a series on DIY encrypted email. As I discussed in the email threat modeling post, this is the most secure email encryption available. Before we get into the “how to” portion of this, it is important to first understand asymmetric encryption. Email encryption relies on a wholly different encryption model than that used to protect data-at-rest. Encrypting email and web traffic relies on asymmetric encryption (also known as public key cryptography). One of the classic problems with encryption for communications is “key exchange”. It would be simple to encrypt a PDF and email it to someone. However, it would be difficult to exchange the password for that file without sending it unencrypted. Sending it plaintext leaves the password vulnerable to interception. This compromises the integrity of the entire system. But there is a better way.
Public Key Cryptography
Asymmetric encryption solves the key exchange problem elegantly. Instead of a single key that both encrypts and decrypts, a key pair is used. One key in the pair is an encryption key. It is used to encrypt messages or files. It can also be shared freely because it cannot be used for decryption. The encryption key is called the public key because it can be shared publicly. My public key is posted on my “Contact” page. The other key in the pair is the decryption key. It can be used to decrypt messages that have been encrypted with the public key. This key is called the private key. Because it can decrypt (and compromise the content of your communications) it should be protected and never shared.
So how does this work in practice? Let’s say I am communicating with Mary. If I want to send Mary an encrypted email, I will need her public key to encrypt it. If she has it posted on a key server or on her website, I can download it or copy it into my clipboard. If not, I can ask her to email it to me. Once I have her key I will import it and use it to encrypt the message. When she recieves my message, she must have the corresponding private key. She must also have the password assigned to the private key. She will be able to decrypt the message and read it. If Mary wishes to encrypt her response to me, she will need my public key. If she does not already have it, she must repeat the process I just described.
Implementing DIY Encrypted Email
In the past I have talked about the insecurity of in-browser crypto. Systems like ProtonMail and Mailvelope are great for defeating mass surveillance, but are less than ideal if maximum security is desired. This is because the messages are encrypted and decrypted in you (vulnerable) web browser. The whole point of going through this process yourself is to make the crypto magic happen locally on your machine. This will require the installation of two applications, an add-on, and some patience on your part.
If all of this sounds complicated, don’t worry. While it is a little complicated, it isn’t as bad as it seems right now. Over the next several posts, I will break down the DIY encrypted email process, step-by-step. We will walk through installing the correct programs and add-ons and importing email accounts. The last post (or two) will discuss using DIY encrypted email in practice. My hope is that by tackling only one small piece of this puzzle every couple of days, I can make it somewhat approachable. By the end of this series you should have to knowledge to set this system up for yourself and help others set it up. And as anyone knows who has contacted me, I am more than happy to help talk you through the process.
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.