How to encrypt email (Gmail, Outlook iOS, OSX, Android, Webmail)

Email was one of the earliest forms of communication on the internet, and if you’re reading this you almost undoubtedly have at least one email address. Critics today decry the eventual fall of email, but for now it’s still one of the most universal means of communicating with other people that we have.

One of the biggest problems with this cornerstone of electronic communication is that it isn’t very private. By default, most email providers do not provide the means to encrypt messages or attachments. This leaves email users susceptible to hackers, snoops, and thieves.

So you want to start encrypting your email? Well, let’s start by saying that setting up email encryption yourself is not the most convenient process. Not only must the sender have the means to encrypt an email, but the recipient of your encrypted email must have the means to decrypt it. You don’t need a degree in cryptography or anything, but it will take a dash of tech savvy. We’ll walk you through the process in this article.

How email encryption works
Encryption, put simply, is no more than scrambling up the contents of a message so that only those with a key can decrypt it. Sort of like those puzzles you did in school where every letter of the alphabet had to be converted to some other letter of the alphabet so as to decode the final message. Computers make the scrambling far more complex and impossible for a human to crack by hand. When you encrypt an email, its contents are scrambled, and only the recipient has the key to unscramble it.

To make sure only the intended recipient can decrypt the message, email encryption uses something called public key cryptography. Each person has a pair of keys–the digital codes that allow you to encrypt and decrypt messages. Your public key is stored on a key server where anyone can find it, along with your name and email address. Conversely, you can find other people’s public keys on keyservers to send them encrypted email.

When you encrypt an email, you use the recipient’s public key to scramble the message. Due to the technology behind this type of cryptography, the public key cannot be used to decrypt it. The email can then only be decrypted by the recipient’s private key, which is stored somewhere safe and private on his or her computer.

Note that you cannot send encrypted email to someone without access to their public key. We’ll talk about a couple different types of email encryption and explain how key sharing works in each.

Types of email encryption
There are two main types of email encryption methods you need to know exist: S/MIME and PGP/MIME. In order for the recipient to decrypt an email encrypted by the sender, both parties must use the same type of encryption.

S/MIME is built into most OSX and iOS devices. When you receive an email sent from a Macbook or iPhone, you’ll sometimes see a 5-kilobyte attachment called “smime.p7s”. This attachment verifies the identity of the receiver so only he or she can read the email.

Recipients must be in sender’s organization or have received at least one signed email from the sender in the past
S/MIME relies on a centralized authority to choose the encryption algorithm and key size
Easy to maintain
Harder to set up with web-based email clients like Gmail
More widely distributed thanks to Apple and Outlook built-in support
The other heavyweight in email encryption is PGP/MIME, which is what we’re going to focus on in the latter part of this tutorial.

Recipient must have both public and private encryption keys, and the public key must be available to sender
Relies on a decentralized, distributed trust model
Fairly easy to use with web-based email clients
Free to get a certificate, which S/MIME is usually not (you buy an S/MIME certificate when you buy an iPhone or Macbook)
Choose how you encrypt and how well-encrypted the messages you receive must be
Not widely supported by email clients, so requires third-party tools
This makes PGP/MIME cheaper and more flexible, but before we get into that, we’ll look at the S/MIME encryption features built into Outlook and Apple products.