How to Encrypt Your Emails to Protect Your Sensitive Information: A User-Friendly Guide for Mobile and Desktop Devices

Email encryption is a critical aspect of modern communication, ensuring privacy and security. It safeguards sensitive personal and business information from unauthorized access, mitigating the risk of cyber threats such as eavesdropping, man-in-the-middle attacks, and data tampering. By employing email encryption, organizations can protect their intellectual property and maintain the integrity of their communications, fostering trust and credibility among clients, partners, and stakeholders. Moreover, encrypted emails offer authentication features, such as digital signatures, which help verify the sender's identity and the message's integrity, further reducing the likelihood of phishing attacks and impersonation attempts. Email encryption plays a vital role in preserving the confidentiality and security of electronic communications.

In this article I am going to cover:

• Some of the terminology you will encounter when setting up email encryption.
• All in one E-Mail services that do the work for you.
• How to manually enable encrytion in common mobile and desktop clients.

Terminology:

Public vs. Private Keys

In the context of email encryption, public key and private key refer to a pair of cryptographic keys used in asymmetric encryption algorithms, such as PGP (Pretty Good Privacy) or S/MIME (Secure/Multipurpose Internet Mail Extensions). These keys are essential components of public key cryptography, which allows secure communication and data exchange between parties without having to share a common secret key.

Public key:

• The public key is intended to be shared openly with others. It is used to encrypt messages or data sent to the key owner. For example, if someone wants to send you an encrypted email, they will use your public key to encrypt the message. Once encrypted with the public key, the data can only be decrypted with the corresponding private key.

Private key:

• The private key is meant to be kept secret and secure by its owner. It is used to decrypt messages or data that have been encrypted with the corresponding public key. In the email encryption context, you would use your private key to decrypt encrypted emails sent to you by others. Additionally, the private key can be used to digitally sign messages, providing a way to authenticate the sender and ensure the integrity of the message.

When using email encryption, it's important to manage and protect your private key carefully. If someone gains access to your private key, they can read your encrypted emails and forge your digital signature. On the other hand, your public key should be shared as widely as possible, allowing others to send you encrypted messages and verify your digital signature.

End-to-end encryption (E2EE)

is a security protocol that ensures that only the sender and the intended recipient of a message can read its contents. This means that the message is encrypted on the sender's device and decrypted only by the intended recipient's device, with no intermediary or third-party being able to access the message contents.

In communication apps, end-to-end encryption is used to protect messages, voice and video calls, and other forms of communication from being intercepted, read, or tampered with by hackers, cybercriminals, or government agencies. E2EE is often considered the gold standard of communication security because it offers the highest level of protection for users' privacy and sensitive information.

3rd Party Encrypted E-Mail Services

I will start with one of the simplest ways to get start with encrypted email, that is using a third party service. Most have a free plan available, and its as easy as signing up and start using them.

Keep in mind, unless your sending emails to recipients using the same email platform, such as you are both using Proton Mail, your emails will revert to being un-encrypted. Most of these platforms do offer a way to encrypt your emails sent to other platforms as well, but you will most likely need to manually enable such features. Be sure to follow any documentation provided by the service you choose to use.

Proton Mail

Host Country: Switzerland
Proton Mail offers an End to End Encrypted email service starting with free plans available and paid accounts start at $3.99/month.
They Also offer Proton VPN, Drive (cloud storage), and a Calendar.
From Proton Mails website:
"Proton provides free and open-source technology to millions of people and organizations to expand access to privacy, security, and freedom online."
https://proton.me/

Tutanota

Host Country: Germany
Tutanota offers an End to End Encrypted email service starting with free plans available and paid accounts start at around $1.30/month. (their website lists the price in Euro's)
They also offer a calendar and contacts with the service.
From Tutanota's website:
"Privacy is the foundation of everything we do. To fight for our right to privacy - to protect journalists, whistleblowers and human rights activists as well as citizens around the world - this has been our mission since we have started building the encrypted email service Tutanota."
https://tutanota.com/

StartMail

Host Country: The Netherlands
StartMail offers an End to End Encrypted email service, but does not offer a free plans. Plans Start at $6/month.
From StartMails Website:
"StartMail is a complete private email solution - protecting your data, activity, and privacy. It includes features like extra-secure data storage, disposable alias email addresses, and an ownership that will resist unwarranted intrusion. It has easy‐to‐use one‐click encryption, a very clear privacy policy, and is quickly gaining in popularity."
https://www.startmail.com/

Mobile Devices

Encryption on iOS Mail App

Apple Provides instructions on setting encryption in their mail app.
Here's a summary from there help page:

To send encrypted messages, install an S/MIME certificate for your email account. You can get S/MIME certificates from a certificate authority (CA) or, if you're using an Exchange account, from your organization. You also need the recipient's certificate (public key).

• Enable message encryption
• When you configure S/MIME for your account, you can choose to "Encrypt by Default" when you compose new messages:
• Open the Settings app.
• Choose Mail > Accounts.
• Select the account that has messages that you want to encrypt by default.
• Choose Account > Advanced > Encrypt by Default, then turn on Encrypt by Default.

When you reply to or forward a message, the encryption state of your message matches the state of the incoming message rather than your system default setting. You can also use the blue Lock button

in the address field to change the encryption state of an outgoing message.
View the help article from Apple here: https://support.apple.com/en-us/HT202345

Encryption on Android/Gmail

You can setup S/MIME encryption with gmail if your on an enterprise account following these instructions from google: https://support.google.com/a/answer/6374496?hl=en

Google doesn't support end to end gmail encryption by default, but this article gives a good overview of was it can be accomplished. https://www.comparitech.com/blog/information-security/pgp-encryption-gmail/

You can also search the Play Store for mail apps that support PGP Encryption

Windows

Encrypting E-mail in Outlook

Microsoft has a help article outlining how to enable encryption in Outlook
Here's a summary from there help page:

Encrypting with S/MIME
Before you start this procedure, you must first have added a certificate to the keychain on your computer. Once you have your signing certificate set up on your computer, you'll need to configure it in Outlook.

1. Under the File menu, select Options > Trust Center > Trust Center Settings.
2. In the left pane, select Email Security.
3. Under Encrypted email, choose Settings.
4. Under Certificates and Algorithms, click Choose and select the S/MIME certificate.
5. Choose OK

If you are an Office Insider with Microsoft 365 subscription, here's what is new to you:

In an email message, choose Options, select Encrypt and pick Encrypt with S/MIME option from the drop down,

You'll see an Encrypt with S/MIME if you have an S/MIME certificate installed on your computer.

For Outlook 2019 and Outlook 2016,

In an email message, choose Options, select Permissions.

1. Finish composing your email and then choose Send.

Read the Full Help Article Here: https://support.microsoft.com/en-us/office/encrypt-email-messages-373339cb-bf1a-4509-b296-802a39d801dc#:~:text=In message that you are,message%2C and then click Send.

Mac

Apple Provides instructions on setting encryption in their mail app.
Here's a summary from there help page:

Send digitally signed and encrypted emails
A digitally signed message lets your recipients verify your identity as the sender; an encrypted message offers an even higher level of security. To send signed messages, you must have a personal certificate in your keychain. To send encrypted messages, the recipient’s certificate must be in your keychain.

• In the Mail app
  on your Mac, choose File > New Message.
• Move the pointer over the From field, click the pop-up menu that appears, then choose the account for which you have a personal certificate in your keychain.
• A signed icon (containing a checkmark) is shown in the message header and indicates your message will be signed when you send it.
• Address the message to recipients.

An encrypted icon (containing a closed lock) is shown if your keychain contains a personal certificate for every recipient. If you don’t have a certificate for every recipient, click the encrypted icon in your message; an open lock replaces the closed lock, indicating the message will be sent unencrypted.

Some mailing lists reject digitally signed messages because the signature is treated as an attachment. If this happens, click the signed icon in your message; an x replaces the checkmark, indicating the message will be sent unsigned.

Note: If for some reason your certificate isn’t associated with your email address, or if you want to use your certificate with a different email address, Control-click the certificate in Keychain Access, choose New Identity Preference, and provide the requested information.

Read the Full Help Article Here: https://support.apple.com/guide/mail/sign-or-encrypt-emails-mlhlp1180/mac

Conclusion

There is no shortage of ways to encrypt your email, the biggest hurdle you will face is getting others to adopt a method as well. For beginners looking to adopt a new email encryption method, I would start by signing up with a service like the ones outlined above, and then encourage your friends and family to do the same. Doing so will lessen the burden of having to properly configure each device you use, and will help ensure the upmost security for your data.