Email encryption involves encrypting the content of an email message in order to protect potentially sensitive information from being read by anyone other than intended recipients.
Even when you use a secure network, messages can be intercepted by other users, including your login credentials. Encryption makes the content of your emails unreadable to everyone but the recipient, so even if someone intercepts your messages, they can’t access the content.
Digital Signature is a process that guarantees that the contents of a message have not been altered in transit. It’s a digital code which is attached to your message to verify its contents and the sender's identity.
The main concept used for email encryption and digital signatures is public-key cryptography, also known as asymmetric cryptography. Both S/MIME and PGP protocols, which Hancom Mail supports, use this concept.
In this encryption system, every user obtains two keys that are connected through user’s email address:
- A Private key that should be kept secret and not revealed to anybody. It’s used to digitally sign outgoing messages, or to decrypt incoming messages.
- A Public key that is to be distributed to other users. Public key is used to validate the digital signature of incoming messages, or to send encrypted messages to other users.
This differentiation of keys makes the very foundation of message encryption and signing.
Why and when to use email encryption
Whenever you want to be sure no one without access to your private key (and the password to it) reads your messages, including on your own computer, use encryption. This applies to mailbox providers as well, as the encrypted message is secured during its entire journey.
Why use digital signatures in emails
Digital signatures give your email recipients assurance that the messages received were sent from the proper sender and not tampered with. You can equally check the senders’ identity of signed received emails and be sure there were no changes made on the road. Digital signatures verify the communication parties’ identity, but do NOT make the emails encrypted as such.
What is PGP
PGP is one of the available cryptographic methods that can be used for encryption and digital signatures. It stands for "Pretty Good Privacy" and was invented already in 1991. Despite being connected mainly to email communication, PGP can be applied to any texts or files.
PGP uses asymmetric cryptography so it contains two keys – Private key used for digital signatures and decryption of incoming messages and Public key used for encryption and validation of digital signatures.
Each PGP key features a unique Fingerprint consisting of a short string of numbers and letters. This feature allows users to easily verify keys sent via unsecured channels – such as email itself – and to be sure the keys were not altered on the road, which would threaten their future communication safety.
The fingerprints on sender’s and recipient’s side should be compared via a third channel, e.g. a phonecall.
There are two ways to use PGP in emails:
- PGP/MIME, a PGP standard that allows encryption and signature of the entire message, including formatted text and inserted pictures or attachments, or
- Inline PGP, a simpler standard that encrypts plain text only, with no attachments.
In order to maximize compatibility, Hancom Mail supports both PGP standards for sending and receiving messages.
How to set up PGP encryption in Hancom Mail:
Hancom Mail allows you to easily set up encryption for any account, whether you need to create a new PGP keypair or have one ready for import.
Set up encryption
In the first step you can decide if you want to create a new keypair, import an existing key from your old app or continue without encryption for now.
You can create a new keypair or import anytime later in the Menu > Settings > Signing and Encryption > Certificates and Keys section of Hancom Mail.
Create New PGP keypair
To create your keypair you need to assign a password to it.
PGP uses a password to encrypt your Private key, so no one but you can use it. The password is needed to decrypt incoming messages or digitally sign your outgoing messages.
You can also specify a key size of your keypair.
Key size is the size of the key used in the cryptographic algorithm. A bigger key will be more secure but it will also take a bit longer to create. It will also take more time to encrypt or decrypt messages with.
Save your private key
In this step you can save your Private key to a safe storage.
All encrypted messages you receive once you start using PGP can only be decrypted by using your Private key and password. If you lose your private key, you will not be able to decrypt the messages and read them ever again.
This also applies to the encrypted messages you sent via Hancom Mail, as it encrypts your copy in Sent folder with your public key.
The keypair will be saved into an ASC file which you then need to save to a safe storage. You can save it to the Documents in your device, but in case this device was stolen or damaged in some way, you should make an external backup as well - you can use a protected cloud storage, external usb drive or another device to make sure you can get it back at any time.
If you don’t save the key now, you can do so any time later by saving the key in the Menu > Settings > Signing and Encryption > Certificates and Keys section.
Share your public key
To encrypt a message, you need a Public key of the person you're sending a message to. So if you want to receive encrypted messages, you need to distribute your Public key.
Sending encrypted emails
After having exchanged PGP keys with your contacts, you can proceed with sending signed and/or encrypted emails. Icons for encryption (a lock) and digital signature (a stamp) should appear in the new message editor toolbar in Hancom Mail.
Once you decide to send an encrypted message, Hancom Mail will automatically select the proper encryption technology to apply – S/MIME or PGP – based on the recipients’ public certificates and keys.
If there are no valid public keys available for selected recipients, a warning notification appears before the message is actually sent out.
The first detected key is used for your digital signature, but it is possible to select a key manually, should you use more keys for the same email address.
Different PGP formats for encryption
When using the PGP technology, you can decide for PGP/MIME or Inline PGP format.
Hancom Mail automatically selects the most suitable option, in most cases PGP/MIME that allows encryption of text formatting as well as attachments.
In comparison, Inline PGP is a simpler format that only encrypts plain text and is a preferred choice if you wish to maximize compatibility with other applications.
The automatic selection of PGP format settings can be changed in Menu > Message > Format of PGP.
Reading of encrypted/signed messages
To open and read a signed and/or encrypted message is very simple in Hancom Mail. The digital signature gets automatically validated upon opening the email. To enable the signature validation, you need to have the sender’s public key saved in Hancom Mail or in the operating system. As long as the signature is valid, ergo the message was not tampered with, a notification with “This message was signed” would appear under the message header.
In order to read a message with encryption, Hancom Mail requires your private password-protected PGP key. After entering the password, the message gets decrypted and you are free to read its content.