Encrypting emails
Thread Starter
Encrypting emails
I use Thunderbird as my email client, and v. good and stable it has proved over the years. Just had an email from them doing a bit of trumpet-blowing and telling of enhancements coming in 2020, including
- New Address Book
- Enhancements to Calendar
- A Better Dark Mode
- Built-in Encrypted Email Support
and that got me thinking: how useful would encryption be to the average punter like me? I don't use an online banking app, and ignore phishing - or at least I've managed to do so, so far! If I do need to discuss others' secrets (still do some times) it's nearly always word-of-mouth, or tracked postage, never email.
But suppose I decided to start encrypting the odd stuff... presumably this means that my communicat-ee would also have to have the same package and key? Is this how it works? And would my package work with others out there?
Where could I start doing a bit of research - in addition to anything I find within these hallowed walls, that is
And would it be worth it in the end?
But suppose I decided to start encrypting the odd stuff... presumably this means that my communicat-ee would also have to have the same package and key? Is this how it works? And would my package work with others out there?
Where could I start doing a bit of research - in addition to anything I find within these hallowed walls, that is
And would it be worth it in the end?
Spoon PPRuNerist & Mad Inistrator
JTR,
There's an excellent description here of how it works: https://blog.mailfence.com/end-to-end-email-encryption/
SD
There's an excellent description here of how it works: https://blog.mailfence.com/end-to-end-email-encryption/
SD
Join Date: Sep 2019
Location: leftcoast
Posts: 2
Likes: 0
Received 0 Likes
on
0 Posts
careful of this link because . . .
JTR,
There's an excellent description here of how it works: https://blog.mailfence.com/end-to-end-email-encryption/
SD
There's an excellent description here of how it works: https://blog.mailfence.com/end-to-end-email-encryption/
SD
Suggest you be careful of the link posted above here is why
and check your email at this site
https://haveibeenpwned.com
if it shows up- the best one can do is change password two or three times within about a week
and lie a bit re names of pets, family, birthdate, etc for non critical items when you set up security questions
Last edited by Grebe; 31st Dec 2019 at 04:41. Reason: clarity
I can't think of a method more likely to attract what my Russian colleagues call "The Organs of the State" than sending encrypted emails TBH - they almost certainly have a filter at GCHQ to pick them up ASAP
That's NOT a list I would want to be on, personally..............
PS I Send anything "secret" after a dozen pictures of cats...............
That's NOT a list I would want to be on, personally..............
PS I Send anything "secret" after a dozen pictures of cats...............
Last edited by Asturias56; 31st Dec 2019 at 11:46.
Spoon PPRuNerist & Mad Inistrator
Grebe, there's no problem with the certificate for the link I posted.
The screenshots you posted suggest that your browser doesn't recognise Gandi as a legitimate CA, which it is. I'm using Firefox 71.0, and there's no indication of anything amiss with the certificate.
SD
The screenshots you posted suggest that your browser doesn't recognise Gandi as a legitimate CA, which it is. I'm using Firefox 71.0, and there's no indication of anything amiss with the certificate.
SD
Join Date: Jan 2008
Location: US/EU
Posts: 694
Likes: 0
Received 0 Likes
on
0 Posts
Not unusual for journalists to employ this. If I had to, which I don't, I'd probably look at Proton Mail, sort of an encrypted version of Gmail, web-based, no local client necessary. All you need is a browser. Then there are the tin foil hat wearers....
Join Date: Mar 2010
Location: In the twilight zone
Posts: 252
Likes: 0
Received 0 Likes
on
0 Posts
But you need the other party to use Proton Mail, don't you? I have a Proton account, but hardly use it because no other people that I communicate to use it.
Join Date: Sep 2019
Location: leftcoast
Posts: 2
Likes: 0
Received 0 Likes
on
0 Posts
Grebe, there's no problem with the certificate for the link I posted.
The screenshots you posted suggest that your browser doesn't recognise Gandi as a legitimate CA, which it is. I'm using Firefox 71.0, and there's no indication of anything amiss with the certificate.
SD
The screenshots you posted suggest that your browser doesn't recognise Gandi as a legitimate CA, which it is. I'm using Firefox 71.0, and there's no indication of anything amiss with the certificate.
SD
G
Join Date: Jul 2002
Location: 40N, 80W
Posts: 233
Likes: 0
Received 0 Likes
on
0 Posts
At the same time, I sometimes wonder how many of these encryption systems are actually written with back-doors by security organizations. TED talks recommending them make me doublely suspicious.
Isn’t the Apple mail system already end-to-end encrypted?
Spoon PPRuNerist & Mad Inistrator
Where you are using a client to communicate (send / receive) with your mail server and as long as you are communicating over https (webmail) or secure SMTP / POP3 / IMAP (thick client) then the email is encrypted in transit. Assumming that communication between your mail server and the target mail server is also encrypted, as is the communication between the target mail server and the final recipient, then the email is effectively encrypted in transit over the internet. However, the contents of the email are probably not encrypted on the mail servers themselves, so possibly vulnerable to access by 3rd parties (whether by hackers or government / security agencies).
If you use an encrypted email system, then the content is encrypted at all times (doubly so in transit), so it is only accessible by the sender and the recipient with the correct encryption key. In theory, PKI should be an open standard, so that as long as the sender has the recipient's public key they should be able to send an encrypted message to the recipient who decrypts it with their private key. However, in practice it is a lot harder to get interoperability unless both parties are using the same email system.
If you use an encrypted email system, then the content is encrypted at all times (doubly so in transit), so it is only accessible by the sender and the recipient with the correct encryption key. In theory, PKI should be an open standard, so that as long as the sender has the recipient's public key they should be able to send an encrypted message to the recipient who decrypts it with their private key. However, in practice it is a lot harder to get interoperability unless both parties are using the same email system.