Guides Tip of the Trade: E-mail Encryption

Tip of the Trade: E-mail Encryption




When you send a cleartext, unencrypted e-mail, you are saying “I don’t care who reads the contents of this message, I don’t care if someone possibly alters the contents, and I don’t care if someone else pretends to be me.” Doubtless it is not your intention to say these things, but it is an unfortunate fact of life that this is the result.

PGP and GPG ensure e-mail stays between the sender and its intended recipient.

Discuss this article in the ServerWatch discussion forum

Unsure About an Acronym or Term?
Search the ServerWatch Glossary

 

Ordinary cleartext e-mails can be intercepted and read by anyone with access to the wires between you and your recipient. This could be snoopy sysadmins, or anyone who has successfully compromised a server, router or network. Sometimes getting onto a network is easy — unsecured, poorly-secured and rogue wireless access points are big fat red welcome mats for all the wrong people. Did you know that inside jobs, just like in old-time industries like retail and manufacturing, represent the largest percentage of thefts and unauthorized snooping in computer networks? The numbers given vary, but it’s safe to say it’s a sizable majority.

The easiest and best way to secure your e-mail transmissions from end-to-end is to use Pretty Good Privacy (PGP) or its open source/free of cost sibling, Gnu Privacy Guard (GPG). PGP/GPG depend on encryption/decryption key pairs. You have a private key, which you guard zealously and never ever let anyone else get their hands on. Your public key can be distributed freely; many people even post their public keys on Web sites. The way it works is genius-simple: Anyone who wants to send a message to you encrypts it with a copy of your public key. Then you decrypt it with your private key. Your message is completely protected in transit and immune to eavesdropping and altering.

GPG works on any system on which it can be successfully compiled, which is most Linux and Unix systems. You may also compile and run it on Windows. Windows and Mac OS X users will probably want something a bit easier, such as GPG4Win and Mac GPG.

PGP costs money and comes in many different flavors. It has support, as well as some nice management tools. PGP and GPG are completely compatible, and in fact share the same code base. So you can encrypt and decrypt messages freely between the two programs. It’s the best of all worlds — a very easy way to protect your e-mail with very strong encryption.

Latest Posts

Compare HP’s iLo & Dell’s iDRAC Server Management Tools

Most servers shipped from the major manufacturers today come with some type of out-of-band management tool or baseboard management controller (BMC). Two of the...

Get-MsolUser PowerShell Attributes & Properties

This article has been updated for 2020. Please note that WAAD was retired in 2018, but the cmdlets listed in this article are still...

Microsoft Azure PowerShell Scripts and Commands

Using PowerShell scripts and commands for quickly executing tasks in Windows operating systems offers a number of benefits over traditional scripting languages, such as...

Microsoft Hyper V Review

Microsoft Hyper-V: The Bottom line Microsoft Hyper-V lagged behind VMware's virtualization tool, one of the most popular tools in the space, when it was first...

Best Cloud Based Services & Companies

Any company that’s delayed introducing cloud-based software into their infrastructure needs to consider leveraging these new technologies to reap all the benefits cloud computing...

Related Stories