Howto Encrypt Your E-Mail

To encrypt email communication can be really simple. If you  want to communicate in a  secure way to your friends you can achieve this in only a few minutes. It does not have to be complicated.

There are some good technologies you can use for this task. The most common are PGP and X509 certificates. Both are public key systems and consist of two parts. One is public and the other is secret (and kept on your own computer). If you want to send someone else a encrypted mail you need to have the public part of that person. Here comes the problem: you need to have the public part of the other person. For that reason there is the “Web of Trust” in PGP and Trust Center in X509 to verify the owner of a special public part to ease the key exchange.

BUT if you only want to communicate with a few friends in a secure way that infrastructure is not necessary at all. Generate your keys, exchange with your friends, communicate.

Here are the basic steps to achieve this with X509 certificates.

  1. Download and Install OpenSSLfor your platform. (if not already installed on your computer. Many linux systems have it installed by default)
  2. Create your certificate with following command:
    openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 356
    and answer all questions. The only important field is the EMail Adress. This has to be the address which is used for this certificate. All other you write whatever you want.
  3. Congratulation! Now you have a so called self signed certificate.

What next? You have to install this certificate to use it with your mail program. Yes, it also mean you need a mail program and cannot you web mail. How to install depends on your mail program and operating system and is another story. Check the manual of your mail client and follow the steps to install.

Now you are ready but for communication at least two persons are involved. Export the public part of your shiny new certificate and bring it to your friends. The best way is by visiting them and give it to them in a private meeting. Why? To be sure the have right key. We have created our own certificate and do not use a trust center as “trusted” third person which everybody trust.

About trust. We do not use a trust center in this setup. So not root certificate proofs that our certificate is valid. Sounds insecure? Not really. Why? Because we exchanged our keys by ourself. Thats the most secure way exists. All other “Stuff” like root certificate from trust center around certificate (and web of trust in case of PGP) have the only purpose to verify that a key belongs to the person which name is stored in the certificate (remember the information from step 2).

Encrypting your communication is the best way to protect your privacy.  It is a tool to help improve security but it is no solution to solve the problem of illegal communication surveillance. Only the content of your mail is encrypted. The destination cannot be secured and it is still possible to monitor which people you write to.