Helping people with computers... one answer at a time.

Email Encryption - it should be easier. Much easier.

Listen:
Download the mp3

Transcript

I've been doing a little research into encryption, specifically using tools like Gnu Privacy Guard, or GPG, to encrypt email. The technology is very cool, very powerful, and in all honesty, I'd expect to see it used more than it is.

And that's what has me confused. I must be missing something.

While there are a lot of mail clients that support it, the email clients with massive market penetration don't seem to. Aside from the Enigmail add-in for Mozilla Thunderbird, integration of digital signatures and encryption into mainstream email clients seems to be either incompatible, unusable for the average user ... or missing completely.

Microsoft's Outlook and Outlook Express both seem to go into what I would call commercial overkill for the average user. The native encryption and signing support has you purchasing a digital certificate from a authority like Verisign to enable the feature. It's unclear if email clients other than Outlook or Outlook Express could even interpret the resulting signature or message. That's great if you have money to spend, and are running an Outlook-based shop. But what about the rest of us?

GPG public key encryption has been around for quite a while, and certainly in tech circles it's not uncommon to see signed email wrapped in the "PGP SIGNED MESSAGE" indicator. But if you're an Outlook user there's no real integrated validation, decryption, or for that matter creation of signatures or encrypted messages using this technology. Yes, I know, there's a plugin for Outlook that looks like it's headed in the right direction, but it hasn't been updated in over three years, and in my opinion still isn't ready for the non-technical user.

Now, many people bash Outlook and Outlook Express, and Microsoft for that matter, as being big, bloated and insecure and whatever negative adjectives you want to throw at them. But the fact is that for better or worse, a LOT of people use Outlook and Outlook Express. Telling them to move to another email client is simply not a realistic solution. Ain't gonna happen. Adding a simple, user friendly, open source interface for either or both would go a LONG way towards mass acceptance of encryption and digital validation of email across the board.

But I must be missing something fundamental. I don't get why that doesn't already exist.

Until it does, I'm afraid that encrypted email will remain, largely, in the realm of corporations willing to pay for the Microsoft approach, or the technical folks who's circle of correspondents use compatible tools. The rest are left out in the cold.

I'd love to hear what you think. Visit askleo.info, and enter 10001 in the go to article number box. Leave a comment, I read them all.

This is a presentation of askleo.info, a free on-line technical question and answer service. Hundreds of questions and answers are online and ready to help solve your computer problems.

That's askleo.info.

Article C2587 - March 9, 2006 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

11 Comments
Tijn
March 10, 2006 2:46 AM

For most users using the build in encryption capabilities of Outlook and other popular email clients is just too hard. Not to mention the fact that getting a certificate is in itself a problem. There are a number of solutions that makes email encryption easier for the mass market. One of these products is Izemail. Itís free to use, S/MIME compatible, supports various email clients, supports smartcards and USB tokens and a free email certificate is included. http://www.izecom.com/download/EN/download_izemail.html

DSU
March 10, 2006 3:21 PM

There are also services like Hushmail. I think they support PGP but I do know that any email sent to another hushmail subscriber is encrypted. The fairly view times I need that service I had my client get a free account at hushmail

dsu
March 10, 2006 3:23 PM

"view times I need "
err, "...fairly FEW times I NEEDED..."
NEED COFFEE........

Liridon
March 11, 2006 11:00 AM

can i get speed optimizer activiation code

Luke Tupper
March 13, 2006 7:48 PM

Thawte (a versign company) has free personal email certificates which work great in Outlook and Outlook Express. They also work well in Apple's Mail application. Actually I have to say the mail makes signing and encrpting messages a breeze.

Here is a link to the Thwate page:

http://www.thawte.com/secure-email/personal-email-certificates/index.html

I am in no way affilitated with Verisign other than I have used a number of their certificates both free and paid for.

Thanks

Luke

Leo
March 14, 2006 9:20 AM

Good info. I signed up for one to experimient with it, and it's a fine approach for applications that support it. Sadly it is not compatible with the GPG approach, but Thunderbird at least understands it when it's recieved.

Scott
March 20, 2006 12:20 PM

I agree that good email encryption options are sparce for Outlook users. Man, GPG and PGP are just beyond me, too difficult to setup and manage and share. I'll share my story. I just a need a "Good enough" solution: I'm not a terrorist or a spy. As a small businessman, I just wanted a cheap, quick and easy solution. I had tried a bunch, but I just bought the new MessageLock application. It's a symetric key product, no "special reader" is required by the receiver. I just type in a password and go. Authentication isn't that important to me, but then again, for my use if an email comes in encrypted, thats good enough for me. The url for a MessageLock trial is www.encryptomatic.com. I think messagelock.com also works.
Keep it up,

natasha
August 8, 2006 8:42 AM

Ever tried Secured eMail www.securedemail.com

Tord
December 16, 2006 4:18 AM

There is also GHOSTPHRASE that works with almost any email client, including Outlook. You can send from Outlook and receive with gmail, or vice versa. Very safe, and very easy to use.
www.ghostphrase.com

Paul
December 15, 2007 6:46 AM

From what I've seen on the internet, a lot of the talk about GPG is aimed at people using the command-line interface. As long as this is portrayed as the standard way of using GPG, then it will never take off outside of determined technical people (that was partly why Windows 95 was so popular - people could point-and-click to do things, without having to go anywhere near a daunting command-prompt!).

I have been using GPG for a couple of months and haven't even seen the command-line interface. I downloaded GPG4Win (http://www.gpg4win.org/) and FireGPG (http://firegpg.tuxfamily.org/). From GPG4Win, I use Windows Privacy Tray (to manage my keys) and GPGee (to sign etc files by right-clicking on them and choosing the option from the context-menu). I use FireGPG with FireFox to sign text-boxes before submitting them (this will work with Hotmail etc as well) - just right-click in the box, select FireGPG then the required function). FireGPG also integrates tightly with GMail - automatically telling you if a signature is valid and putting buttons on the interface for signing etc. There are a couple of bugs with FireGPG, but nothing that I haven't been able to workaround so far.

I believe it is this easy-to-use image that needs spreading. A few well-developed tools can give you all the (point-and-click) functionality you require.

Alex Miller
February 27, 2008 7:56 PM

Hi,
I work at Gwebs. We are working on a product called MailCloak which is a GPG shell for Gmail, Hotmail, Yahoo mail, and several other webmail providers. MailCloak will also have a desktop mail client add on, so it will be covering the full specturm of email encryption.

Currently we have a product out called WebmailSafety which does RSA encryption for Webmail.

You can learn more about MailCloak and WebmailSafety at blog.gwebs.com or www.gwebs.com

Cheers
-Alex

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.