Did you know that email is one of the most insecure forms of communication on the Internet?
Most people are not aware of this fact. If you’re a Yahoo user, you may have learned this the hard way. Yahoo email has been hacked numerous times, resulting in billions of user accounts being compromised.
While technology has come a long way and providers have taken steps to make it as secure as possible, the best thing you can do to ensure your privacy as a user is to start encrypting your email.
We’ve done another article on how to email files securely, but in this article I’m going to show you how to encrypt your email step-by-step, across multiple operating systems and email services. It doesn’t matter which email provider you use and you don’t have to be an expert coder to start encrypting your emails.
What Is Email Encryption?
Email encryption relies on something known as public-key cryptography. The mathematics behind this process are complex and I won’t delve into the inner workings here, but I will give a brief explanation to help you understand how it works and why you can trust it.
Public-key cryptography relies primarily on two “keys,” which are nothing but files generated by a cryptography program. One key is called the private key and the other one is called the public key.
The private key, as the name implies, is the one you keep secret. Do not store it on a computer you don’t trust. Your private key will be protected by a passphrase so in the event someone does get a hold of it they will still need your passphrase.
To make sure you do not lose this key I suggest you back it up to multiple places. You can copy it to a flash drive, an external hard drive and even burn it to a CD-ROM so that you never have to worry about losing it. If you want to back it up to the cloud, choose a secure provider that enables encryption, and preferably uses zero-knowledge technology. If you want to know more, we’ve compiled a list of the best zero-knowledge cloud services.
The public key will be shared with everyone that you wish to communicate with via secure, encrypted email. It will be uploaded to keyservers, which are a network of servers for the sole purpose of sharing public keys and allowing users to search for and verify the keys of anyone they wish to communicate with. An easy way to share your public key and find the public keys of other users is to use the popular service Keybase.
How Difficult Is Encrypting Your Email?
If my explanation above has you worried this may be too complicated, relax. Modern tools have made encryption almost painless to use.
After generating your private and public keys, the setup can be automated. You don’t have to know obscure commands to encrypt your email. It’s as simple as clicking a few buttons.
What Do I Need To Encrypt Email?
Whether you use Microsoft Windows, MacOS or Linux is irrelevant. I’m going to show you how to encrypt your email on all three platforms. Neither does it matter whether you use Gmail, Hotmail, Yahoo or any other email service.
There are three things you need to easily and securely encrypt your email:
- An email client, such as Microsoft Outlook, Apple Mail, or Mozilla Thunderbird
- An encryption program, such as GNU Privacy Guard, or GnuPG for short. This free, open-source program is what we will use in this guide
- A plugin for your email client. This integrates GnuPG with whatever client you use and makes the process seamless
There are many modern programs that we could use to encrypt our email, but GnuPG is the most secure and widely used software for email encryption. There are a few alternatives to GnuPG, for more ideas check out our article on 99 free tools to protect your privacy:
Why You Need to Encrypt Your Email
If you wrote a letter to someone, you probably wouldn’t be comfortable if you knew every postal worker read it as it made it’s way to the recipient: however, this is something that could very well happen with email.
Your emails travel across the Internet, hopping along multiple servers until it is delivered. Even if these servers use TLS/SSL, a method to securely transfer data, there is always the chance one of those servers will be compromised.
One of those mail servers may have been hacked. The NSA and other intelligence agencies may be wiretapping one or all of those servers. Even if you think you have nothing to hide, encrypting your email is an easy step you can take to protect yourself online, whether it’s from unconstitutional wiretapping, potential blackmail, bored teenage hackers or ISPs legally spying on you.
With that out of the way, let’s go the steps to encrypting your email.
Step 1: Download GNU Privacy Guard.
You can download GNU Privacy Guard here.
For Windows users, click here. This presents a donation screen, but if you do not wish to donate simply select the $0 button.
For OS X or MacOS users, click here.
If you are using Linux then GnuPG is probably included in your distribution’s packages. You can install it by either by searching in the software center, by following the appropriate links at the GnuPG website or by using the terminal (sudo dnf install gnupg -y, if you’re interested).
GnuPG was already installed on my machine in this case, but regardless of your flavor of Linux it should be a similar one-liner to install.
Step 2: Install a plugin for your email client.
The three clients we will focus on are the most popular clients people use: Outlook, Mail and Thunderbird.
If you use Microsoft Outlook, the plugin you will use, GpgOL, is already included when you download GnuPG for Windows.
If you use Apple Mail, the GPG Suite you download will also include the plugin for Apple Mail.
For users of Mozilla Thunderbird, Enigmail is the plugin that integrates GnuPG with Thunderbird. Enigmail works across Linux, OS X and MacOS, as well as Windows.
My recommendation is Enigmail, as it works across all platforms and is reliable and easy to use. If you don’t use Thunderbird, however, don’t worry — each mail client has an easy-to-use plugin as well.
Step 3: Configuring GNU Privacy Guard and Plugins
Now that you have the software you need we’ll focus on installing and configuring the software, how to generate your keypair (public and private keys), sharing your private key, and encrypting/decrypting email.
Since this guide focuses on how to encrypt email for multiple operating systems, I’m going to direct you to some walkthrough videos on YouTube. These videos will act as interactive, step-by-step guides to using GnuPG and show you some of the basic steps involved in using it across each operating system.
For Windows Users
You can watch an interactive walkthrough here. If you’d prefer reading a step-by-step guide, the GnuPG project recommends this introduction to GNU Privacy Guard in Windows.
If you use Microsoft Outlook, be sure to check the box for GpgOL during the installation, as that is the plugin you’ll use to integrate GnuPG and Outlook.
Users of Mozilla Thunderbird should download Enigmail from Step 2 and install Enigmail with Thunderbird’s built-in Add-on manager. The documentation for Enigmail includes screenshots and directions for both MacOS and Windows, available here.
For OS X or MacOS Users
The team behind GPGTools have released their own interactive walkthrough on YouTube. If you prefer a more narrative, explanatory video, I recommend this one. For those of you who prefer written documentation, GPGTools has an excellent write-up in their knowledgebase to walk you through the process.
GPGTools provides a plugin for Apple Mail, but if you use Mozilla Thunderbird you will need to install Enigmail.
For Linux Users
The steps to install and configure GnuPG on Linux will depend on your distribution.
- If you use Fedora, there is an excellent guide in Fedora Magazine.
- For Ubuntu users, read this guide from the official Ubuntu documentation.
- Debian users can follow this step-by-step guide from the Debian wiki.
Of course, nothing beats the official GNU Privacy Handbook for GnuPG. It is quite a tome, but covers everything you could want to know about GnuPG.
Step 4: Review the Process
Let’s take a quick look at the process of encrypting your email regardless of your operating system.
You install GnuPG for whichever operating system you use, as mentioned in step 1.
You use GnuPG to generate a keypair. The default options are fine here, but if you want a stronger key you can select a keysize of up to 2048 bits. If you’re curious how secure a 2048 bit key is, cryptographer Dan Bernstein estimates that it would take about one year — if hackers could build a computer capable of harnessing all of the power Earth receives from the sun in that same year.
When creating your keypair, you need to provide a user ID. You cannot edit this after you create it, so make sure you’ve entered your name and email correctly.
Select a strong passphrase. This cannot be emphasized enough. Your private key is only as strong as this passphrase. I recommend following this guide to generate a password even the NSA can’t guess. If you are worried about losing it, write it down and store it in a safe location.
Publish your public key to keyservers using GnuPG or a site like Keybase so that users can look you up by name or email. You can save your public key as a .asc file, a type of file used by GnuPG, and send it as an email attachment or publish it on your website.
If you use Facebook you can also publish your key on your profile. This is an easy way to share it with friends, family, and coworkers, and you can share this article on Facebook to help them learn how easy it is to encrypt email.
Lastly, import the public key for whomever you wish to email. Your mail client now has the option to use your contact’s public key to encrypt emails with just a few clicks.
Encrypting your email is easy. The hardest part is installing and configuring the software, but after that securing your email is simply a matter of clicking the “encrypt” button.
Remember: you never know who could be reading your emails. Email is not private without encryption. Encourage your friends, family, coworkers, or employers to use encryption.
Feel free to share this article on social media and help others learn how to encrypt email. Once you set it up it’s easy to use every time you send or receive email and you never have to worry about someone invading your privacy.
As always, we encourage you to leave comments and reach out to us with any feedback or questions. We’re here to help you every step of the way, whether you’re searching for the best VPN providers, how to easily encrypt your email or the best online storage and backup solutions (our chart can help you compare cloud services).