How do You Encrypt an Email?
Sensitive information such as usernames and passwords, credit and debit card numbers, social security numbers, medical info, contact information, etc. is very vulnerable when sent via email.
This is why it’s important to encrypt your email to protect your sensitive information from data breaches and ensure your online privacy.
In this blog post, we’ll explain in detail how do you encrypt an email, so be sure to read so you can learn to protect your emails.
What is Email Encryption, How Does it Work and What are the Types of Email Encryption?
Email encryption means disguising (encrypting) the contents of your emails. This is done to ensure that your potentially sensitive information can only be read by the intended recipients.
What are the types of email encryption?
There are two main email encryption protocols:
- TLS encryption – or encryption in transit
- End-to-end encryption – encryption at rest
We’ll explain both next.
What is TLS Encryption?
TLS, or Transport Layer Security, like its name suggests, provides email encryption “in transit”, meaning, as the emails travel from the sender to the recipient.
In other words, TLS protects emails after you send them, but before they reach the intended recipient. Once they are delivered, the emails are considered “at rest” on email servers and that is where end-to-end encryption takes over.
TLS encryption is the standard for popular free email platforms such as Gmail and Outlook.
While Transport Layer Security encryption undoubtedly keeps your emails safe from bad actors that would intercept them (so-called “Man-in-the-Middle” attackers), your emails are still vulnerable at end-points.
That is why it’s important to use end-to-end encryption in your email communications.
What is End-to-End Encryption and How Does it Work?
With end-to-end encryption, the sender encrypts the email message, before sending it to the recipient, who then needs to decrypt the email to read the message.
This is all done via a process using a pair of keys – a private and a public key. These keys are mathematically related.
The encryption process works as follows:
- Let’s imagine you want to send a private email message to someone
- They need to generate a pair of encryption keys -public key and private key and send you the public key
- Using the recipient’s public key, you can encrypt your email message so that it becomes unreadable to anyone but the person with the private key
- When the intended recipient gets the email, they can decrypt its contents using the private key in their possession.
There are two types of end-to-end encryption that we will cover in this blog post:
- S MIME
S MIME Encryption
S MIME stands for “Secure Multipurpose Internet Mail Extension” and is an end-to-end email encryption protocol based on asymmetric cryptography (using public and private keys) and S MIME certificates, where:
- The keys ensure that only the intended recipients can read emails and not the unauthorized third-party
- The email messages and attachments cannot be tampered with by an unauthorized third-party
- The S MIME certificate authenticates the sender and the recipient so they both know who they are communicating with
The other type of end-to-end email encryption is PGP encryption.
PGP stands for “Pretty Good Privacy” and also uses asymmetric cryptography like S MIME.
However, unlike S MIME, PGP does not rely on a digital signing certificate for exchanging the keys. Rather, the users exchange keys between themselves.
That’s why S MIME is primarily used by businesses, while PGP can be used by both individuals and businesses
Okay, now that we’ve covered things like “what is email encryption”, types of email encryption and how email encryption works, we can answer the most important question:
How Do You Encrypt an Email?
There are myriad encryption options available, so we’ll try our best to answer the “how do you encrypt an email? question in this next part.
Encrypting Emails in Gmail
To use S MIME in Gmail, both the sender and recipient must enable it. If only one does, then the email won’t be encrypted.
Here’s how it’s done:
- First, the user needs to enable hosted S MIME. Read Google’s instructions on how to do enable hosted S MIME
- Once you’ve done this, compose your message as usual
- To the right of the recipient, you should see a lock icon. Click on it
- As you do, you’ll see several options. Click on “view details” to change the encryption level.
There are three email encryption levels in Gmail, represented by different colors:
- Red – There is no email encryption
- Gray – Email is protected with TLS
- Green – Email is protected by S MIME
Encrypting Emails in Outlook
To encrypt emails in Microsoft Outlook, you’ll need to:
- Enable S MIME encryption (here’s how to do it in Outlook)
- Go to the gear menu and click on S MIME settings. From here, you can encrypt email contents and attachments in your message or add a digital signature to sent messages
- Select more options (three dots) to encrypt messages and select Encrypt this message (S/MIME)
Encrypting Emails on Mac
To enable email encryption with Apple Mail:
- Go to Finder > Applications > Utilities > Keychain Access (or search “Keychain Access”
- Open Keychain Access and open Certificate Assistant from the menu above
- Click Create a Certificate
- In the next window, name your certificate (use a descriptive name to remember it) and click the Create button
- Back in the Keychain Access find your new certificate and right-click on it
- Clickon New Identity Preference and add your email address
- Make sure to allow access to the new certificate from your Apple Mail account
- From here, send the S MIME certificate to the recipient by clicking on the padlock next to their name and email address
Encrypting Emails on iPhone and iOS
For iPhone and other iOS devices, email encryption is quite easy:
- In the Settings tap Accounts & Passwords
- Select an email account you want to encrypt and tap Advanced
- Find S MIME and switch it On
- Select Yes next to Encrypt by Default
- Now when you want to send an encrypted email, you’ll see a lock icon next to the recipient. Click it to enable email encryption. If you see a red lock, that means that the recipient needs to turn on S MIME in their security settings, while the blue lock means they’ve done so and you can send anencrypted email
Encrypting Emails on Android
Unfortunately, Android doesn’t have a built-in email encryption solution like iOS, so you will have to use a third-party PGP app like Mailvelope and give it permission to set up S MIME on your email client if you’re using Gmail or Outlook email platform.
As you can see, there are several methods to do this depending on the email service you use or the type of encryption.
Unfortunately, today we know that regular email has significant security vulnerabilities and popular email platforms do little to solve them.
This is why you need to know how to encrypt your mail.
Without this, your protection from hackers and phishing attacks is almost non-existent.
Sign up for CTemplar secure email service to get your free encrypted email account, protect your sensitive information from would-be attackers and ensure your privacy.