When using Gmail, understanding how the email service protects your privacy and information is important.
This is done through encryption.
Encryption is a process that takes the readable text and alters it into a ciphertext. The ciphertext appears random and can only be read by someone with the right decryption key.
We already explained what it means to encrypt an email, so feel free to read that article if you need to refresh your memory.
Gmail Encryption
The standard encryption available to all Gmail users is TLS or Transport Layer Security.
TLS is an Internet protocol that simplifies data security and privacy over Internet communications. It can encrypt different types of communications over the Internet, such as:
- VoIP (Voice over Internet Protocol)
- Messaging
- Communication between web applications and servers
- Etc.
In other words, TLS protects from point A to point B, meaning in “transit”.
That does not mean the message is safe from prying eyes once it reaches its destination or “at rest.”
Once at the destination mail server, there’s no guarantee that the message will stay private. If anything, TLS protocol has repeatedly shown that it is not without vulnerabilities. Although the latest version(TLS 1.3) is more secure from most vulnerabilities plaguing older versions, it’s still prone to force downgrade.
Here are just a few vulnerabilities and attacks that you should keep an eye on with TLS (especially older versions):
- POODLE (Padding Oracle ON Downgraded Legacy Encryption)
- CRIME (Compression Ratio Info-leak Made Easy)
- BEAST (Browser Exploit Against SSL/TLS)
Again, these are just the best-known exploits and most of them work with older TLS (TLS 1.1 and 1.2), but it’s still something to be wary of.
Upgrading Gmail Encryption
If anything, Gmail encryption is “token” at best and won’t do much to keep your conversations private or secure from bad actors.
First, let’s define who these “bad actors” might be.
That’s pretty much anyone looking to get information about you that they can use for something.
This can be your ISP selling your browser information, a web service, or the government collecting your metadata and online information.
Google itself is often one of these bad actors because they are very interested in your emails and what’s inside them.
That’s not just because they want to help you fight malware (although there’s that as well), but primarily so they could see your interests and then sell that information to advertisers.
Let’s say you don’t want that, so you need to upgrade your Gmail encryption from TLS to OpenPGP mail, and we’ll show you how.
What is OpenPGP Mail and How to Encrypt Your Gmail With it?
You might have heard of PGP. That’s short for “pretty good privacy.
PGP is a hybrid cryptosystem that uses a combination of symmetric and public key cryptography.
In other words, PGP encrypts plaintext data and compresses it. Then, a one-time session key is created, which converts the now compressed plaintext into a ciphertext. Finally, the session key is encrypted to the public key that goes to the recipient and ciphertext.
To decrypt data, the recipient needs a private key (that only he should have). This first decrypts the session key, which is then used to decrypt the ciphertext.
Now, you’re probably wondering, “Okay, what’s the difference between PGP and OpenPGP?”
PGP itself is a trademarked term Symantec Corp uses, while OpenPGP is a standard for defining encryption keys and message formats.
In other words, PGP is a proprietary software, while Open PGP is its open-source version.
You can learn more about OpenPGP here
Okay, so how do you encrypt your Gmail with OpenPGP?
There are a couple of ways to do this.
One way is to install an offline email client like Mozilla Thunderbird (for Windows users) or Apple Mail (for those looking to encrypt their mail on a Mac using OpenPGP).
Once you install the mail client, you can install GPG4win (for Windows users) or GPG Suite (for Mac users), allowing you to encrypt your emails with OpenPGP.
The problem with this method is that you need to install an offline mail client, which might not be the most elegant solution. Instead, what you can do is use a browser-based webmail.
You can also use the Mailvelope add-on for Chrome or Firefox.
- Download and install the right add-on for your browser:
- For Chrome: https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke?hl=en
- For Firefox: https://addons.mozilla.org/en-US/firefox/addon/mailvelope/
- Once you download and install the add-on, it will appear on your extensions list and now you need to configure it to use your keys.
If you don’t have the key pair already, you can generate one by selecting the Mailvelope in the Add-ons toolbar > Mailvelope Options > Generate Keys > Filling in the information > Submit.
In case you already have the keypair, you can go to Mailvelope in the Add-ons toolbar > Mailvelope Options > Display Keys > Import Keys > Paste keypair text > Submit.
You can see the imported key pair in the Display Keys with either method.
Once you’ve done that, you can encrypt your message in Gmail. To do this:
- Select “Compose” to create a new email message normally.
- Select the Mailvelope icon in the body of your email.
- Type your message and select the lock icon.
- From the list of contacts, select the ones you want to send an encrypted message to and click OK.
- Finally, click Transfer, and you can now send your encrypted message.
The best option here is to use Postorius, an email encryption service available for desktop and mobile (see why Postorius is the best anonymous email provider for Android).
Postorius attachments are secure.
Remember that by default, only email content will be encrypted, so if you want to enable other encryptions, go to Settings > Security and then select Enabled for that category.
For example, to encrypt contacts in Postorius:
- Go to Settings > Security.
- Select Contact Encryption: Enabled.
- Read the pop-in and click Confirm.
Looking to make your emails secure? Start encrypting them with Postorius’s help.