Over the last few years, we have witnessed again and again that our communication mediums are no longer secure. This can be seen by various examples be it the public disclosure of General Petraeus affair in 2012 or the Sony compromise, in 2014, after which over 170,000 emails were released. Recently in 2015, the Ashley Madison compromise led to the public release in which the CEO’s emails were unveiled.
However, in all these cases we witnessed that the information extracted via these emails were destructive at worst as well as damaging at its best. This reminds us that whatever we consider as safe should not be perceived this way.
Emails are considered to be a hoard of information. Therefore, we should think a lot before putting in the information in our personal emails. Or else we should spend a little time in thinking ways to secure our emails from prying eyes.
- 1 Mailvelope for Webmail Email Encryption
- 2 Configuring Mailvelope with Gmail
OpenPGP for Email Encryption
OpenPGP has been derived from the Pretty Good Privacy (PGP) protocol. This protocol was developed by Phil Zimmermann in 1991. This PGP protocol is a non-proprietary protocol which is used for encrypting email using public key cryptography. In 1997, the IETF – Internet Engineering Task Force, formed the working group i.e. the OpenPGP whose focus was to take the once proprietary PGP protocol which was developed by Zimmermann. In 1997, it became an IETF which was proposed standard under RFC 4880. By doing so it has become the preferred means of encrypting emails.
Mailvelope for Webmail Email Encryption
The only way email encryption would work for us is if we integrate it into our daily workflow. This would mean that we need to integrate email encryption with our browser which we preferably use.
Mailvelope has remarkably gained appreciation for its easy-to-use interface as well as ease of integration. Mailvelope is a browser based extension which works with many popular browsers like Firefox, Chrome, and Opera etc.
For the security freaks, it is a good thing to know that nothing is shared back with the networks as the keys are maintained client side. However, there are some inherent risks associated with browser-based extensions. They maintain things like an individual’s Private keys for different stuff such as GPG. Nonetheless, like other things related to security, it narrows down to an individual’s own risk posture.
Configuring Mailvelope with Gmail
This tutorial will help you configure Mailvelope with Gmail. So, if you are interested in giving Mailvelope a try then this tutorial will help you get started with:
Install the Extension
On a Mac, you can navigate to Windows. Then click on Extensions > Get More Extensions. Use the search function to search for Mailvelope.
The extension will automatically add a menu option to your preferred browser, like the one shown below:
By clicking on the lock with a key, you will navigate to the Options. Here you will see the options button on the menu:
Create Your Private/ Public Key Pair
You will be directed to the Options page thus if you have existing keys then you will be able to upload it. However, it that is not so then you can easily create a new pair:
The Generate Key option is the one that you get you started and you will see a page like this one:
The email is that email for which you want to have the key for, whereas if you have various emails then you will be able to create the key for all your emails. The password is what you need in order to decrypt the encrypted emails. This is why it is of crucial importance that you do not forget the password. However, the password formed should be a complex, long as well as a unique one rather than a simple and easy-to-guess password.
The key will be generated once you click on Submit. A success message will be shown if the key is successfully generated. Just like the one depicted below:
You will find the keys in your Key Manager. You will be able to locate it as Display Keys in the Mailvelope menu options:
The only issue you will encounter would never be with configuration rather in order to make Mailvelope work you will require the participation of people. However, if it is not so then you can have PGP configured and read but there will be not a single person to use it with. The key details will help you to share your public key:
Only the Public key is the one that would be shared. The Private Key will be kept to your own and you are asked not to share it at all cost. In order to import, you will navigate to Import Keys in the menu options and the recipient’s public key will be uploaded.
Send your First Encrypted Message
You will be able to send your first email once you have someone to communicate with. Once you open your email client, a new option will be seen in the email that will allow you to encrypt. By clicking the new editor button in the email and through the new pop up form, you can now type in your message.
In the image below you can see that it will carry your existing email signature along with.
When you are done with the message, click on Encrypt. After that select the individuals whom you want to encrypt for (Note that you will need a public key of someone else to make this work). It is of prime importance that you select your email and then your recipient’s email as well because if you don’t then you won’t be able to read your own email.
A mess will appear after you click on Ok.
This mess will be pushed to the email once you click on Transfer. The email is now ready to be sent to the recipient(s).
The email message will be decrypted once the recipient receives the message. This is how it looks like when a recipient receives something through the Gmail web client.
The Importance of Privacy
The original meaning of the word “privacy” seems to be long forgotten. Going online with a mindset of browsing privately is no longer possible. The various communication mediums, which we trust on providing us the promised security, rarely do stand by their promise. You need to keep this thing in mind that whatever you share is likely to be consumed by some other person rather than the one you intend to share your stuff with.
However, with the advanced technologies like OpenPGP we can assure privacy to our shared content. Mailvelope not just assures us with privacy but makes it practical as well.
With the rise of IT vulnerabilities and threats, we can no more stress the importance of taking privacy more seriously. The different examples of compromises, seen over the past few years, have drawn huge impacts on business and online security. The various email compromises led to the release of emails which were comprised of sensitive data. Some emails also contained inappropriate/embarrassing content which was supposed to be shared privately.
Therefore, it is highly important to employ encryption for various dire functions within a company or an organization. Since encryption, or rather the importance of privacy has footholds far beyond just emails but it is a good place to start for most businesses.