Over the last few years, we have witnessed again and again that our communication mediums are no longer secure. Various examples can see that, be it the public disclosure of General Petraeus affair in 2012 or the Sony compromise in 2014, after which over 170,000 emails were released. In 2015, the Ashley Madison compromise led to the public release in which the CEO’s emails were unveiled.
However, we witnessed that the information extracted via these emails was destructive at worst and damaging at its best. That also reminds us that whatever we consider safe should not be perceived this way.
Emails are considered to be a hoard of information. Therefore, we should think a lot before putting the information in our emails. Or else we should spend a little time considering ways to secure our emails from prying eyes.
OpenPGP For Email Encryption
OpenPGP has been derived from the Pretty Good Privacy (PGP) protocol. Phil Zimmermann developed this protocol in 1991. This PGP protocol is a non-proprietary protocol that is used for encrypting email using public-key cryptography. In 1997, the IETF – Internet Engineering Task Force formed the working group, i.e., the OpenPGP, whose focus was to take the once proprietary PGP protocol, which Zimmermann developed. In 1997, it became an IETF which was proposed standard under RFC 4880. By doing so, it has become the preferred means of encrypting emails.
Mailvelope For Webmail Email Encryption
The only way email encryption would work for us is if we integrate it into our daily workflow. This would mean that we need to incorporate email encryption with our browser, which we preferably use.
Mailvelope has remarkably gained an appreciation for its easy-to-use interface as well as ease of integration. Mailvelope is a browser-based extension that works with many popular browsers like Firefox, Chrome, Opera, etc.
For security freaks, it is good to know that nothing is shared back with the networks as the keys are maintained client-side. However, there are some inherent risks associated with browser-based extensions. They retain things like an individual’s Private keys for different stuff such as GPG. Nonetheless, like other things related to security, it narrows down to an individual’s risk posture.
Configuring Mailvelope With Gmail
This tutorial will help you configure Mailvelope with Gmail. So, if you are interested in giving Mailvelope a try, then this tutorial will help you get started with:
- Install the Extension
On a Mac, you can navigate to Windows. Then click on Extensions > Get More Extensions. Use the search function to search for Mailvelope.
- Navigate to the Mailvelope Options Panel
The extension will automatically add a menu option to your preferred browser, like the one shown below:
By clicking on the lock with a key, you will navigate to the Options. Here you will see the options button on the menu:
- Create Your Private/ Public Key Pair
You will be directed to the Options page thus if you have existing keys then you will be able to upload it. However, it that is not so then you can easily create a new pair:
The Generate Key option is the one that you get you started and you will see a page like this one:
The email is that email for which you want to have the key for, whereas if you have various emails then you will be able to create the key for all your emails. The password is what you need in order to decrypt the encrypted emails. This is why it is of crucial importance that you do not forget the password. However, the password formed should be a complex, long as well as a unique one rather than a simple and easy-to-guess password.
The key will be generated once you click on Submit. A success message will be shown if the key is successfully generated. Just like the one depicted below:
You will find the keys in your Key Manager. You will be able to locate it as Display Keys in the Mailvelope menu options:
- Add and Share Your Public Key
The only issue you will encounter would never be with configuration rather in order to make Mailvelope work you will require the participation of people. However, if it is not so then you can have PGP configured and read but there will be not a single person to use it with. The key details will help you to share your public key:
Only the Public key is the one that would be shared. The Private Key will be kept to your own and you are asked not to share it at all cost. In order to import, you will navigate to Import Keys in the menu options and the recipient’s public key will be uploaded.
- Send your First Encrypted Message
You will be able to send your first email once you have someone to communicate with. Once you open your email client, a new option will be seen in the email that will allow you to encrypt. By clicking the new editor button in the email and through the new pop up form, you can now type in your message.
In the image below you can see that it will carry your existing email signature along with.
When you are done with the message, click on Encrypt. After that select the individuals whom you want to encrypt for (Note that you will need a public key of someone else to make this work). It is of prime importance that you select your email and then your recipient’s email as well because if you don’t then you won’t be able to read your own email.
A mess will appear after you click on Ok.
This mess will be pushed to the email once you click on Transfer. The email is now ready to be sent to the recipient(s).
Once an email message is decrypted, the recipient receives the message. This is how it looks like when a recipient gets something through the Gmail web client.
The Importance Of Privacy
The original meaning of the word “privacy” seems to be long forgotten. Going online with a mindset of browsing privately is no longer possible. The various communication mediums we trust in providing us the promised security rarely stand by their promise. It would help if you kept this thing in mind that whatever you share is likely to be consumed by some other person rather than the one you intend to share your stuff with.
However, with advanced technologies like OpenPGP, we can assure privacy to our shared content. Mailvelope not just assures us with privacy but makes it practical as well.
With the rise of IT vulnerabilities and threats, we can no more stress the importance of taking privacy more seriously. The different examples of compromises seen over the past few years, have drawn huge impacts on business and online security. The various email compromises led to the release of emails that were comprised of sensitive data. Some emails also contained inappropriate/embarrassing content, which was supposed to be shared privately.
Therefore, it is essential to employ encryption for various dire functions within a company or an organization. Since encryption, or rather the importance of privacy, has footholds far beyond just emails, it is an excellent place to start.