how practical is it to use email encryption.

just wondering how practical is it to use email encryption and how people go about it here..

from my understanding the recepient of the sent mail needs to be running the same encryption software as the sender has on his/her machine.

this seems very unlikely and would need prior contact between the sender and recepient to arrange to set up the same service.

even if they did so how could the public key be delivered privately

 

Another media - other than email ... piece of paper, usb key, cd rom, postal mail, phone ...
Mrk

 

AxCrypt (and others) allow you to create an encrypted .exe file.
Recipient, upon running the .exe, is presented with a "Enter Passphrase" window.
This seems to work well (assuming recipient has ability to run executables).

 

For the most part, encrypted e-mail is exchanged between people who have previously arranged to do this. As for the public key, it doesn't have to be delivered privately. Some post their public key on their websites. Others use key servers. The public key is made freely available so that anyone can use it to send you and encrypted message that only you can decrypt with your private key. PGP has used this method for many years. There's no way that your public key can be used to decrypt a message and it can't be used to figure out your private key. The only drawback to a public key is that it's obvious to anyone who sees it that you encrypt at least some of your communications. In todays political climate, that can draw attention from those who want to spy on everyone.

Some versions of PGP can also make exe's described by Bob D. They're also called SDA's (self decrypting archives). They are not as secure as standard PGP but can be read by anyone that you've given the password to. What you use depends on who you're trying to keep from reading your communications. Assuming a reasonably good password, SDA's are plenty good enough to thwart nosy family members. If your communications contain evidence of government corruption, human rights violations, or something equally severe, SDA's are not strong enough. For info that sensitive, PGP or an equal.

 

And will run executables received by mail
Mrk

 

Exactly.
I felt it noteworthy to add that caveat.
Recipients in some business environments will (understandably) be frustrated.

 

Dear Magenta,
technically speaking, the use of encrypted email is extremely simple and userfriendly. If you are interested in it, I would advise the use of Thunderbird with the extension enigmail and the use of gnupg. If you are a windows user, you will find it quite easy to setup and use. Just try to google for "Enigmail" and you will find complete documentation on it.

On the other hand, I suppose that if you are asking on here about encrypted email, nobody that you correspond with uses encrypted email; so here is the hard part: get all your friends/family/coworkers to use encrypted email. You will do a great favour to yourself and to the whole Internet community.

About the communication of your public key, as already said, the public KEY is public, so you can spread it in any unsecure way.

 

thanks markoman, how can I safely contact friends abroad to ask them to set up encryption?
if i use a cell phone or regular mail it automatically tells who im talking to

When using thunderbird or any mail client do i have to have an account with an email service provider or can i just mail away from the client?

do i have to get my mail routed to the client from the email provider? pardon my ignorance on this but i have always just used webmail

 

Encryption software is legal in most places so there's nothing unsafe about asking them to install PGP. After they install it, just exchange public keys. The public keys are basically text files so they're easy to send through e-mail. I haven't tried the new versions of PGP but the version I use can encrypt the contents of a browser window and works fine with webmail. Encrypted e-mail is no different than regular e-mail as far as sending and receiving is concerned.

 

I just came across http://www.encryptomatic.com product "MessageLock" for e-mail encryption in Outlook; I have no need to test it myself so I cannot vouch for usability.

I found it because another of their products is on a discount at http://www.bitsdujour.com this week.

 

Just use GPG with FireGPG extension in firefox. Makes decryption as easy as point, click, passphrase, and encryption the same. It is very practical to encrypt your own email, I suggest you do provided you talk about things you want to keep private.

 

How is the other person supposed to know the password. Plus the password is the key.

 

By prearrangement, I was thinking about speaking to the bank about prearranging a password it could be a list of changing passwords according to what day of the week or what week. 7-Zip AES encryption is 256bit AES .

 

In theory, there is no need to contact them PRIVATELY. Encryption doesn't hide the fact that you talk to someone, it just hides the contents of the communication. So it would be pointless to setup encryption privately, because the first time you send that person an encrypted message, ISP and the others that are "listening" on the wire will know you contacted that person. Sure, they won't know what you said, but they know you talked.

 

Microsoft Outlook natively supports the use of encrypted email, provided the sender/receiver have digital IDs (such as a VeriSign Class 1 Digital ID – see http://www.verisign.com/authentication/individual-authentication/digital-id/).

 

Why even use email? At drop.io you can create private "drops" with any address you like and then upload whatever you want.

Here's an example I just set-up:

http://drop.io/wilderstest

There is nothing there now but an encrypted text message. I encrypted the notepad file with SecureZip AES 256 bit encryption. Go ahead and download the file and see how easy this is. The password is thisisawilderstest . It will extract to a plain text file in a folder. Go ahead, I've been a member here for five years and I'm not going to infect you. It's a simple text file to show how easy sharing encrypted communications can be.

If you're really paranoid, you can even set a password for your private "drop" and share it only with your recipient. Drop.io is a great service and FREE for up to 100MB. You can set it to destruct on a certain date as well.

We're all so caught up in thinking email, email. There's better ways to communicate without messages sitting on ISP or Gmail's mail servers for God only knows how long.

Oh, do this from some wifi coffee shop or other public place and nobody's none the wiser for your efforts.

 

Certainly, there are a number of options beyond email if a user wishes to transmit information confidentially—e.g., it’s easy to encrypt a Word document (with the built-in encryption feature) and use, for example, the free YouSendIt (https://www.yousendit.com) service or any FTP site. The difficulty, however, with this approach and the analogous “drop.io” scheme is not the encryption—it is the transmission of the password. In contrast, by using a public key cryptography approach (e.g., Outlook with a Digital ID), neither individual needs knowledge of a common password. The sender uses the receiver’s public key for encryption, and the receiver uses her/his private key for decryption. It sounds complicated, but in practice it’s trivial and transparent.

If your email is encrypted, it is encrypted all the way from the sender to the receiver—the ISP does not have visibility to the contents of the message or to any file attached to the email.

 

Everything you wrote is true. I used PGP for years and gave it up after too many hadn't a clue as to how to configure it. To each his own, I suppose.