Menu
homeTechnique

Email encryption: Computers. Corporate email protection

October 28, 2013 at 4:41 pm

How to encrypt messages via e-mail and will this make it “safer”

  • Information Security
Is information sent via email secure?
The honest answer to this question would be: “Yes. But no". When you visit most websites, HTTP is displayed in the address bar. This is an insecure connection. If you log into the account of one of the major email services, you will already see HTTPS. This indicates the use of SSL and TLS encryption protocols, which ensure the secure “journey” of a letter from the browser window to the mail server. However, this does not give anything in connection with, which comes into force on July 1, 2014. Moreover, absolutely nothing protects your correspondence from an unscrupulous employee of a postal service company, hacker attacks, an unclosed session on someone else’s computer, an unprotected Wi-Fi point, as well as any requirement of the special services - already now - and even the postal service itself, in accordance with their own privacy policy.


All letters arriving, leaving or stored on the mail service server are at the complete disposal of the company to which it (the server) belongs. By ensuring security during the transfer itself, the company can do whatever it wants with the messages, since, in essence, it receives the letters at its disposal. Therefore, you can only hope for the integrity of its (company) management and employees, and also for the fact that you are unlikely to seriously interest anyone.

When using corporate mail, correspondence is protected by the IT service, which can install a very strict Firewall. And, nevertheless, this also will not save you if an unscrupulous employee “leaks” the information. We are not necessarily talking about a system administrator - an attacker only needs to be “inside” the corporate network: if he is serious, the rest is a matter of technique.
Let's encrypt
Encrypting the text of the letter and attachments can somewhat increase the level of foolproof protection of your mail (they can also be placed in an archive with a password, for example, if the text itself does not contain confidential data, but the archive does). In this case, you can use special software.

The body of the letter itself can be encrypted with a third-party cryptographic program, let me repeat this a little in my own way. The most popular service for which an encryption program was specially created is Gmail. The SecureGmail extension is installed in Google Chrome, which supports this encryption, after which everything is quite simple - enter a password for the encrypted message and a hint question to recover it. The only drawback is that it is limited to use only for GoogleChrome.

There is an encoder that is suitable for almost any online mail, for example, mail.ru, yandex.ru, Gmail.com - for all mail services that you can open in a Mozilla browser window. This is an extension of Encrypted Communication. The principle of operation is the same as that of SecureGmail: after writing a message, select it with the mouse, then right-click and select “encrypt using Encrypted Communication”. Next, enter and confirm a password known to you and the recipient. Naturally, both of these clients must be installed on both the recipient and the sender, and both of these people must know the password. (It's worth noting that it would be reckless to send the password via the same email.)

In addition to plugins for the browser in which you open mail, there is an application for desktop clients that can also be used with online mail services - PGP (Pretty Good Privacy). The method is good because it uses two encryption keys - public and private. You can also use a number of programs both to encrypt data and to encrypt the text of a letter: DriveCrypt, Gpg4win, Gpg4usb, Comodo SecureEmail and others.

Sadly, advanced encryption technology, no matter how easy to use and beautiful it may be, will not help if, for example, a backdoor is installed on your computer, which takes screenshots and sends them to the network. Therefore, the best way to encrypt is not to write letters. The motto “We must meet more often” takes on a new meaning in this context.
We minimize risks
As noted above, the ideal method of encryption is not to write letters. Most often, you should not use free email services for work-related correspondence, especially if you signed a non-disclosure agreement. The fact is that if your messages are intercepted from corporate email, the company’s IT department will deal with the security gap. Otherwise, you are personally responsible. Remember: when using “external” mail, correspondence will definitely reach third parties, at least employees of the company providing the postal service. And they did not sign a non-disclosure agreement with your employer.
If you are an important person in a company, do not send key documents through open channels, or do not use e-mail to transmit them at all, but for work, use corporate mail and do not send important letters to addresses of free mail services.

In all other cases, for example, when concluding contracts, it is useful to use mail, since the electronic message contains the facts of your work agreements and can help you in the future. Remember that most information leaks are not due to the fault of hackers, but to the “human factor.” It may be enough for you to use complex passwords, change them regularly and prevent them from being lost. You should not forget to close your sessions on other people’s computers, do not use unsecured connections when working via Wi-Fi in public places, check the boxes in the mailbox settings “remember my IP address”, “track IP addresses from which sessions were opened”, “do not allow parallel sessions." And also do not create simple questions and answers to recover your password and do not lose your mobile phone if your account is linked to it.

This article describes how to configure Thunderbird to digitally sign, encrypt, and decrypt messages to make your communications more secure.

Introduction

When the email infrastructure we all use was designed, security was not built into it. While most people connect to email servers using a secure connection ("SSL"), some servers allow unsecured access. Moreover, as a message travels along the chain from sender to recipient, the connection between each server is not necessarily secure. This allows a third party to intercept, read, and spoof email messages while they are in transit.

When you digitally sign a message, you are embedding information that verifies your identity into the message. When you encrypt a message, it means that it will appear "scrambled" and can only be read by the person who has the key to decrypt the message. Digitally signing a message ensures that the message came from the stated sender. Encryption ensures that the message will not be read or modified during transmission.

To encrypt a message, you can use a public key cryptosystem. In such a system, each participant has two separate keys: public key And private key. When someone wants to send you an encrypted message, he or she uses your public key to generate an encryption algorithm. When you receive a message, you must use your private key to decrypt it.

Important: Never give your private key to anyone.

The protocol used to encrypt email is called PGP (Pretty Good Privacy). To use PGP in Thunderbird, you must first install:

  • GnuPG: (GNU Privacy Guard): a free implementation of PGP
  • Enigmail: add-on for Thunderbird

Both of these apps also provide the ability to digitally sign messages.

Installing GPG and Enigmail

To install GnuPG, download the appropriate package for your platform from the GnuPG download page. Follow the installer's instructions. For more information on installing PGP on a specific operating system, read:

To install Enigmail:

  1. In Thunderbird, select Tools > Add-ons.
  2. Use the search bar in the top right corner to search for Enigmail.
  3. Select Enigmail from the list of search results and follow the instructions to install the add-on.

Generating PGP Keys

Create a public/private key pair like this:

Sending and receiving public keys

Sending your public key via email

To receive encrypted messages from other people, you must first send them your public key:

Receive a public key by email

To send encrypted messages to other people, you must obtain and store their public keys:

Sending signed and/or encrypted email

Note: The subject line of the message will not be encrypted.

Reading signed and/or encrypted email

When you receive an encrypted message, Thunderbird will ask you to enter your secret password to decrypt the message. To determine whether or not an incoming message has been signed or encrypted, you need to look at the information bar above the message body.

If Thunderbird recognizes the signature, a green bar will appear above the message (as shown below).

If the message has been encrypted and signed, the text “Decrypted message” will also appear in the green panel.

If the message was encrypted but not signed, the panel shown in the figure below will appear.

Cryptographic services for email have been developed a long time ago, but even 25 years after the advent of PGP, they are not particularly in demand. The reason is that they are based on an outdated messaging infrastructure, are forced to use an untrusted environment (including a random set of mail servers), have limited compatibility, a growing number of known flaws, and are simply complex for the average user. You can easily understand the intricacies of cryptography, but your always busy boss will one day get confused in two keys and upload the secret one to the server, burning all your correspondence at once. Of course, you will be blamed.

The very concept of mail encryption is divided into many applied tasks, of which two main ones can be distinguished: protection from prying eyes of letters already received and prepared for sending (mail database) and protection of letters directly during their forwarding - from disclosure or modification of the text when it is intercepted .

In other words, cryptographic mail protection combines methods for countering unauthorized access and man-in-the-middle attacks, which have fundamentally different solutions. Unfortunately, they are often confused and attempts are made to use inappropriate methods. I offer you a short story about two famous cryptographic characters, which should put everything in its place and clearly demonstrate the problems with mail encryption. As they say, there is no story more secret to the grave than the story about Alice and Bob!

In two clicks, Bob encrypts it with a key known to Alice. He hopes he entered it correctly from memory when setting up CryptoData on a public computer. Otherwise, the important message will remain a jumble of characters that he inserted into the body of the letter, copied from the CryptoData window.

Alice receives a strange letter, sees in it the familiar beginning of S3CRYPT and understands that she must use CryptoData with the key that she once exchanged with Bob. But a lot has happened since then, and she may not remember what that key was.

Attempt to decipher the letter

If Alice performs the wonders of mnemonics and nevertheless enters the correct key, the message from Bob will take on a readable form.

The letter has been decrypted

However, the girl's memory is far from EEPROM, so Bob receives an unexpected answer.

Of course Bob knows how to use PGP. But the last time he did this was in the The Bat email client, which was installed on a blown-up laptop. How to check the sent key? What if Alice is being tortured right now, and they are answering him from her address and trying to find out her secrets? Therefore, Bob asks for additional guarantees of the key's authenticity. For example, you can ask Jack to check and sign it.

PGP web of trust

Alice reacts a little strangely. She breaks the news of Jack's sudden disappearance and offers an alternative method of verification. However, not very reliable. The simplest S/MIME digital signature will only confirm the sender's address, but not his identity. Therefore, Bob resorts to a trick: he asks to confirm the key via another communication channel, at the same time checking the secret shared with Alice, which only they knew.

Using a key fingerprint and a shared secret

After some time, he receives an SMS with the correct key print and a new letter from Alice.

Key fingerprint and answer to security question

The letter looks convincing, the fingerprint of the key matches, but Bob is a grated mess. After reading the answer to the secret question, he realizes that he is not talking with Alice.

Bob's last message to pseudo Alice

ENCRYPTION GEOMETRY

In this story, Alice and Bob were trying to use two fundamentally different types of cryptographic security. CryptoData uses the same key for AES encryption and decryption. Therefore, such a cryptosystem is called symmetric.

Unlike AES-CTR, PGP uses a pair of different but mathematically related keys. This is an asymmetrical system, designed on the principle of a lock with a latch: anyone can slam the door (encrypt a message), but only the owner of the key can open it (decipher the text).

In symmetric systems, it is easier to achieve high cryptographic strength with a relatively short key length, but in order to conduct encrypted correspondence, this key must first be somehow transmitted to the interlocutor via a reliable channel. If the key becomes known to outsiders, then all previously intercepted correspondence will be disclosed. Therefore, symmetric encryption is used primarily for local protection of email databases, but not for forwarding emails.

Asymmetric systems specifically solve the problem of transmitting a key through an untrusted medium using a key pair. The public key is used to encrypt messages sent to a specific addressee and verify the cryptographic signature in letters received from him. Secret - for decrypting the received letter and signing the sent one. When organizing secure correspondence, the interlocutors only need to exchange their public keys, and their interception (almost) will not affect anything. Therefore, such a system is also called public key encryption. PGP support has been implemented in email clients for a long time, but when using email via a web interface, browser add-ons will be needed.

We chose CryptoData as an example, since of all the known extensions at the time of writing, only it had an up-to-date status and a live Russian-language forum. By the way, using CryptoData you can not only encrypt mail, but also store local notes under AES protection and even create and view encrypted websites.

CryptoData is available for the Firefox browser as an add-on. It also supports Thunderbird and SeaMonkey email clients. The text is encrypted using the AES algorithm. Despite its block nature, in counter mode (CTR) it implements stream encryption.

The advantages of CryptoData include the well-known implementation of AES-CTR via JavaScript. The main disadvantage of CryptoData (as well as any symmetric system) is that it is impossible to securely exchange keys.

When using CryptoData in email, in addition to the encrypted text, you must somehow transfer the key to decrypt it. Doing this securely over the Internet is extremely difficult. It is necessary to create a trusted channel, and ideally, arrange a personal meeting. Therefore, it will not be possible to change keys often. If the key is compromised, it reveals all previously intercepted encrypted correspondence.

A less significant disadvantage is the recognizable beginning of all encrypted texts. After the standard beginning “S3CRYPT:BEGIN”, the algorithm used and the encryption mode (AESCTR or RC4) are indicated in clear text. This makes it easier to selectively intercept encrypted messages (usually all the most important things are written in them) and crack them.

CryptFire, Encrypted Communication and many other extensions worked similarly to CryptoData.

For the convenience of exchanging public keys and confirming them, specialized repositories are created. On such public key servers it is easier to find the one that is relevant for the desired user. At the same time, there is no need to register on dubious resources and risk exposing your secret key.

FROM ALGORITHMS TO MAIL ENCRYPTION STANDARDS

To work with encrypted correspondence, interlocutors must use the same cryptographic methods. Therefore, any mail protection at the application or service level uses some kind of cryptographic system within the framework of a generally accepted encryption standard. For example, the Thunderbird client supports the GnuPG fork through the Enigmail addon as an open implementation of the PGP cryptosystem according to the OpenPGP standard.

In turn, PGP and any other cryptosystem is based on several encryption algorithms that are used at different stages of operation. RSA remains the most common asymmetric encryption algorithm. It is also used in the original PGP cryptosystem by Philipp Zimmermann. It uses RSA to encrypt a 128-bit MD5 hash and a 128-bit IDEA key.

Various PGP forks (for example, GnuPG) have their own algorithmic differences. But if cryptosystems meet the requirements of the common OpenPGP standard, then they remain compatible with each other. Interlocutors can conduct secure correspondence using different versions of cryptographic programs, including those designed for different platforms. Therefore, a PGP-encrypted letter composed in Thunderbird for Linux can be read in The Bat for Windows and even through a browser with OpenPGP support at the add-on level.

ENCRYPTION OF MAIL USING OPENPGP

OpenPGP was proposed in 1997, but development of the standard was difficult due to the fate of the PGP algorithm itself. The rights to it were successively transferred from Zimmermann and PGP Inc. to Network Associates (McAfee), PGP Corporation and Symantec. Each of the new copyright holders changed the final implementation of the algorithm. It is possible that McAfee and Symantec weakened its cryptographic strength at the request of the authorities. For example, by reducing the quality of the pseudo-random number generator, the effective key length, or even introducing software bookmarks.

Therefore, in 1999, an open source implementation of GnuPG appeared. It is believed that the FSF is behind it, but in fact GnuPG was developed by only one person - the German programmer Werner Koch, who was once impressed by Stallman's speech and decided to make “a proper, open PGP.” Later, he repeatedly intended to abandon support for GnuPG, but at a decisive moment he found new incentives to continue it.

Koch is now 53 years old, unemployed and on the verge of poverty many times before he managed to raise more than $300,000 through various crowdfunding campaigns. He received money from the Linux Foundation and from ordinary users, and was given grants by Facebook and Stripe - simply because the fate of GPGTools, Enigmail, Gpg4win and many other popular projects in the open source world depends entirely on his desire to continue the development of GnuPG.

With such a shaky foundation, the OpenPGP standard still has known weaknesses. It was easier to declare them “not bugs, but features” than to eliminate them. For example, it has only one way to verify the sender of an encrypted message - a cryptographic signature. However, anyone can verify it with the sender's public key (that's why I used the "almost" clause to indicate the safety of intercepting the public key). Consequently, the signature, in addition to authentication, also provides the not always necessary non-repudiation of the message.

What does this mean in practice? Imagine that you sent Assange another piece of interesting data about the top officials of a strongly democratic country. The letter was intercepted, the IP was found out and they came for you. Even without revealing the contents of the encrypted letter, you attracted attention by the very fact of correspondence with a person who has been followed for a long time. It will no longer be possible to refer to the forgery of a letter or the machinations of a mail worm - the message was signed with your secret key. Without the same signature, Assange will not read the message, considering it a fake or a provocation. It turns out to be a vicious circle: cryptographic signatures make it impossible to deny the authorship of letters to third parties, and without signatures the interlocutors themselves will not be able to guarantee the authenticity of messages to each other.

Another disadvantage of PGP is that encrypted messages have a very recognizable appearance, so the very fact of exchanging such letters already makes the interlocutors potentially interesting to intelligence services. They are easily detected in network traffic, and the OpenPGP standard does not allow hiding either the sender or the recipient. For these purposes, along with PGP, they are trying to use steganography as additional layers of protection, but onion routing and methods of hiding files of one format inside another are full of their own unsolved problems. In addition, the system turns out to be too complex, which means it will also not be popular and will remain vulnerable to human errors.

In addition, PGP does not have a predetermined secrecy property, and keys typically have long expiration dates (usually a year or more) and are changed infrequently. Therefore, if the secret key is compromised, it can decrypt the lion's share of previously intercepted correspondence. This happens, among other things, because PGP does not protect against human error and does not prevent a clear text response to an encrypted message (even with a quote). Having an encrypted message, a decrypted text and a public key, it is much easier to calculate the secret one paired with it.

S/MIME

If OpenPGP has so many fundamental shortcomings, is there an alternative? Yes and no. In parallel, other mail encryption standards are being developed, including those using a public key. But for now they are eliminating some shortcomings at the cost of others. A striking example of this is S/MIME (Secure/Multipurpose Internet Mail Extensions). Since the second version, which appeared back in 1998, S/MIME has become a generally accepted standard. Its real popularity came a year later, when the third version of S/MIME began to be supported by such email programs as Microsoft Outlook (Express) and Exchange.

S/MIME simplifies the task of distributing public keys in an untrusted environment because the container for the public key is a digital certificate, which typically has one or more digital signatures. With Microsoft's heavy hand, the modern concept of public key cryptography is often implemented through digital certificates and chains of trust. Certificates are issued to a specific entity and contain their public key. The authenticity of the certificate itself is guaranteed (usually for money) by its issuer - that is, the issuing organization, which is initially trusted by all participants in the correspondence. For example, it could be Thawte, VeriSign, Comodo or another large company. The simplest certificate that confirms only your email address can be obtained for free.

In theory, a digital certificate solves two problems at once: it makes it easy to find the public key of the desired user and verify its authenticity. However, in practice, there are still serious vulnerabilities in the trusted certificate mechanism and the S/MIME standard that make possible additional attack vectors beyond those relevant to OpenPGP. Thus, in 2011, an attack was carried out on the DigiNotar and Comodo certification authorities, as a result of which hundreds of fake certificates were issued on behalf of the most popular network nodes: addons.mozilla.com, login.skype.com, login.yahoo.com, mail. google.com and others. They were subsequently used in various attack scenarios, including MITM, sending phishing emails, and distributing malware signed with certificates from well-known companies.

WEB MAIL ENCRYPTION AND MOBILE CLIENTS

More and more people are abandoning desktop email clients, preferring to work with email through the web interface or mobile applications. This is a complete game changer. On the one hand, with a web connection, connection encryption is already provided via HTTPS. On the other hand, the user has no control over the mail database on the server and the methods of transmitting letters from it. All you can do is rely on the company's reputation, which usually ranges from slightly tarnished to soaking wet.

Many people remember Hushmail - the first web-based email service with server-side OpenPGP encryption. I'm sure someone still uses it, considering it reliable. After all, all letters are allegedly stored in it on its own secure server and transmitted to external addresses through another server with SSL support. For almost ten years, the company insisted that it was impossible to decipher its customers' emails. However, in 2007, Hushmail was forced to admit that it has such a technical capability and provides it at the request of the authorities, and also logs the IP addresses of its clients and collects “other statistics” about them in case the competent authorities request it.

However, to hell with Hushmail. Most people today use Gmail, which is actively developing. “Very active,” says Matthew Green, a professor of cryptography at Johns Hopkins University. - It will soon be two years since Google promised to introduce end-to-end email encryption. So where is it?

It is curious that, in addition to Google, Yahoo, Microsoft and others promised to do this at different times. There is an obvious explanation for why companies with billions of dollars in annual revenue have yet to implement end-to-end encryption. It involves performing cryptographic operations in a trusted environment and transmitting messages through untrusted nodes only in encrypted form. It is almost impossible to implement this without control over devices.

The problem is that email encryption and decryption have to be done on completely different platforms. Each of them has its own vulnerabilities that nullify any application-level cryptographic protection. Critical vulnerabilities remain unpatched for months. Therefore, what is the point of encrypting letters if a copy of them can be secretly stolen in clear text, for example, from RAM or a temporary file?

This is exactly how the Italian Hacking Team was hacked: the attacker gained remote access to one of the computers on the company’s local network, and then simply waited for one of the employees to open the TrueCrypt container with all the secret correspondence and documentation. Without a trusted environment, whether you encrypt or not, you will still only get the illusion of protection.

Applications for encrypting email correspondence.

Mailvelope is one of the most advanced extensions for encrypting mail in Google Chrome. We already talked about it earlier, and even then it was a high-quality development.

Key management in Mailvelope

Other extensions promise basic PGP functionality in the browser, but they are full of their own shortcomings. The Pandor addon has a strange operating logic. By design, users register on the pandor.me website and generate PGP keys. All of them are stored on the server and are automatically used for encryption and decryption. There is no need to exchange keys. Comfortable? May be. However, those who sacrifice convenience for security end up losing both. The secret key is called that for a reason, and a pair of keys can only be generated securely locally.

Encrypting mail using Keybase.io

Public keys can not only be manually sent to all interlocutors, but also uploaded to a specialized server. This will make it easier to find and sign them, expanding the network of trust. We have already written about one of these public key repositories - Keybase.io. After a quick start, interest in the development of this public key server among its developers faded away. The repository has been in beta testing for two years now, but this does not prevent its use.

Keybase.io confirms not only the validity of the interlocutor’s public key and his email address, but also the URL of his personal website, as well as the user’s Twitter and GitHub accounts, if any. In a word, if your interlocutors upload their public keys to Keybase.io, then you can always find them there along with current contact information.

Email encryption is an extremely necessary thing that users rarely think about. They begin to think about and take measures to protect email only after they are attacked. Today I will tell you how to encrypt email and prevent the interception of important, confidential data.

1. Email service provider with PFS

Use the services of providers that already use the new Perfect forward secrecy (PFS) system to exchange keys between the sender and recipient.

In Russia, PFS is already offered by such services as: Web.de, GMX and Posteo.

2. Setting up Gpg4win

Install the installation package. Typically, the package is used from a Windows administrator account.


If you don't want to take the risk, you can still mitigate vulnerabilities by using a restricted user account for encrypted communications to deny access to account profile data.

3. Create encryption

Open the Kleopatra certificate manager, which will be installed on your computer along with Gpg4win, and click File | New Certificate... to launch the key generation wizard. Select here Generate a personal OpenPGP key pair and enter your name and email.


How to encrypt mail

By clicking Next, enter a code word that is easy for you to remember, containing uppercase and lowercase letters and numbers. Skip the last dialog box, click on the finish button, and your key pair is ready to use.

4. Setting up Thunderbird and Enigmail

Download and install for your email. If you use the services of large providers or Posteo, then for the installation wizard it will be enough to enter the email address and password that you have to log in through the service’s web client. When setting up the Enigmail add-on in Thunderbird, press Alt to display the menu and click on the tab Tools | Add-ons. In the search bar, type Enigmail and press Enter. The first entry should be the latest version of Enigmail. Click the Install button.


Encrypted mail

After installing and restarting Thunderbird, you will be greeted by the Enigmail wizard. In the settings of this wizard, select Convenient automatic encryption, Don't sign messages by default... And Change parameters: Yes. In the Select Key dialog box, click on your key that you created in step 3. Now your emails will be encrypted.

5. Encryption of emails and attachments

You can continue to send and receive unencrypted emails using Thunderbird or from your provider's web client. If you want to send an encrypted message, obtain its public key from the future recipient, save it to your hard drive and import it into the Kleopatra utility by opening it and selecting “Import Certificates”. To encrypt a letter, first write it and attach the necessary attachments. Then in the Write letter window, click on the Enigmail menu, where the current encryption and signature status of the letter will be displayed in the first two entries.


Encrypted mail

By clicking the arrow icon next to it, you can force emails to be sent encrypted or unencrypted. You must add a signature to encrypted emails so that the recipient can verify that you actually sent the email.

6. Receiving encrypted emails

To send you a cryptographically secure email, you need to use Enigmail (or another OEP-PGP-compatible solution, such as Claws Mail) and your public key, which you should send in an unencrypted email to the future sender. Click in mail on Enigmail | Attach my public key. When receiving an encrypted email, Enigmail will require you to enter a password.


That's all. With the help of the steps described above you will be able to reliably. If you liked the article, click on your social media buttons. networks and subscribe to site news on social networks.

Despite all the capabilities of antiviruses and browser plugins, email encryption is still relevant. necessary to protect your confidential information during transmission.

The relevance of email encryption is determined by the ability of an attacker to find out your confidential information, change it, or simply delete it. Imagine that you are mailing a contract, agreement or report to your business partner. An attacker can intercept your message and find out the transaction amount, change the information sent, or simply delete the message. None of these outcomes are beneficial to you.

Encryption of emails is mandatory, if you are sending important and confidential data. Spend a little time encrypting your correspondence and thereby reliably protecting it.

Mail encryption methods

There are various ways to encrypt mail. The most primitive ones are to agree with the recipient that you will replace some numbers with others or send the data in parts. All this is inconvenient and ineffective.

To effectively protect correspondence it is necessary to use special programs. Very popular and reliable way is to separately encrypt the data through special programs and attach this data as an attachment to the letter. For this you can use WinRAR, TrueCrypt, dsCrypt

Setting a password via WinRAR

WinRAR– a very common program for archiving data. When creating an archive, you can set a password for it. The method is very simple and quite effective. If you set a strong password for the archive, it will be extremely difficult to find out the information. A detailed description of how to put a password on an archive using WinRAR or 7-Zip.

Creating an encrypted TrueCrypt container

Data encryption via dsCrypt

dsCrypt is a free data encryption program that uses the AES encryption algorithm. dsCrypt is a lightweight program that does not require installation.

To encrypt, drag the encrypted document into the program window and set a password.


As a result, you receive a secure file in DCS format and attach it to the letter.

The recipient launches the dsCrypt program, switches to decryption mode (you need to click on the mode button), drags the encrypted file into the window and enters the password.

Everything is fast, easy and simple. dsCrypt has many different settings, including the Secure PassPad mode, which protects the password from keylogger programs.

Encrypted email client MEO File Encryption

– a free encryptor with the function of sending letters. It is very convenient to use if you communicate with a regular circle of business partners. Download MEO File Encryption

There are 3 buttons in the main program window: Encrypt files, Encrypt an email and Decrypt a file.

The encryption process, as in the programs discussed earlier, boils down to selecting files and setting a password.

To send a letter by mail, you need to specify an SMTP account in the program settings.

Now you can send letters like from any other email client, and specify in the attachment the files and folders that need to be encrypted and sent. Very convenient, good time saver.

Conclusion

Of course, there are many ways to encrypt emails, but the methods presented in this article are the easiest to use and can provide the proper level of email encryption.