Close

Dec 31, 2021

(+) How to Send Email Messages Safely and Securely

The following is a Plus Edition article written by and copyright by Dick Eastman. 

Biographical note: Dick Eastman spent four years as a crypto technician with the U.S. Air Force. As such, he received a Top Secret security clearance and handled secret and top secret messages daily.

For years, security experts have advised everyone to never send email messages containing sensitive private information. They say you should never send credit card numbers, checking account information, Social Security Numbers of living people, or other sensitive information through email messages. The reason is that normal email messages are sent in plain text, and network sniffers can be used to spy on that email traffic.

In addition, anyone with system administrator privileges at the company that you use for email or at the company your recipient uses can read all normal, unencrypted email messages. Using Secure Sockets (SSL) helps when the message is being sent, but there is no guarantee that the recipient is taking the same precaution. Secure Sockets also provides no protection from snoopy system administrators.

I agree entirely with what most security experts say about NORMAL email messages, but the keyword there is “normal.” If you want to send sensitive information, never open up an email program and start typing away. However, I will point out that there are several ways of sending information securely through email messages. You can safely send credit card numbers, bank account information, information about Christmas presents you are about to purchase, and more, all via encrypted email.

Encryption is very popular amongst governments, military, law enforcement agencies, drug dealers, and organized crime members. If it is good enough for them, it is good enough for you and me. You can be assured that no unintended person will ever see your message – not even the family member who shares the computer with you.

You can find several methods to send secure messages. Some are easy to accomplish while others are a bit more complex. One method is especially easy, and it is highly secure. In fact, it is far more secure than sending the same information in a sealed envelope via the U.S. Postal Service.

I never send credit card numbers through the post office, but I will send them via encrypted email. The method I use can be used on Windows, Macintosh, Linux, and even on handheld computers, as long as they have an Internet connection and can use a web browser with an SSL connection. All of today’s smartphones can do that. Best of all, some methods of sending secure email messages are available free of charge.

First, a bit of background about encryption.

Encryption is the conversion of data into a scrambled form called ciphertext, which cannot be understood by unauthorized people. If you look at an encrypted message with a text editor or word processing program, all you will see is a mass of seemingly random letters, numbers, and punctuation marks, all meshed together. Actually, it is not random, but you won’t know that from simply looking at the encrypted message. It certainly looks like random “garbage.”

If a hacker or other unauthorized person does manage to obtain access to your encrypted message, all he or she sees is something that looks like this:

dh.#85%0nfgfk[;mcydbvfpofjn5=652147454s

Decryption is the process of converting encrypted data back into its original form so that it can be understood. Encryption and decryption normally require an encryption key, similar to a password, but generally longer. Anything that has been encrypted can only be decrypted by someone who has the correct key.

Encryption is great for most uses but you should be aware that nothing is ever 100% safe. Given enough time and enough computer power, any encrypted message or file can eventually be decoded by skilled hackers, even those who do not have access to the encryption keys. However, a properly-encrypted file using modern encryption technology may require several thousand years to be decrypted by someone using a standard PC. Using a super computer can reduce the time required to “only” 10 or 20 years.

In short, today’s encryption methods will serve the needs of most of us.

Billions of dollars are safely transferred online every day by banks, credit card companies, the Federal Reserve, and by all the governments in the world. They use encryption to send their information. That same level of security is easily available to you and to me. Military and diplomatic communications are usually sent with even stronger encryption methods that will not be discussed here as many of the techniques used in advanced encryption are classified. I am familiar with some methods of classified encryption and I suspect that the U.S. government’s National Security Agency and other users of super-secure encryption have even more advanced methods that I am not familiar with.

I will first describe several of the better-known encryption methods available to the public, but will save my favorite method of sending and receiving secure email messages until last.

Probably the most popular method of sending secure email messages is to first write your message in a text file, then use a separate program to encrypt the file. You then send the encrypted file as an attachment in normal email. The recipient receives the email, including the attached file, saves the file locally, then decrypts it with the required encryption/decryption program. This method provides excellent security. There are dozens of encryption/decryption programs available for Windows, Macintosh, and Linux, and many of them are available free of charge. With most commonly available forms of encryption, you and the intended recipient must agree on an encryption key in advance. (Never send the encryption key in a normal email message!)

Anyone who intercepts the encrypted message or file along the way will be unable to decrypt the attached file without the appropriate encryption key. System administrators will only be able to see the seemingly random series of letters, numbers, and punctuation marks described earlier. The intended recipient, however, can decrypt the file by using the same encryption/decryption program you used to create the encrypted file and by entering the required encryption key. Once the file is decrypted, the recipient sees exactly the same text that you created.

PGP (Pretty Good Privacy) is probably the best-known data encryption and decryption computer program, and it works well. It is one of the few programs that work on multiple platforms, including Windows, Macintosh, and Linux. PGP is popular amongst dissidents in totalitarian countries, civil libertarians all over the world, news reporters, and “communications activists” who call themselves cypherpunks. However, installing and configuring PGP will require some computer expertise. I would not recommend PGP to computer novices.

In its earliest days, PGP always was a free program, and those early versions still remain available for download from various web sites although they have been removed from the pgp.com web site. If you obtain one of the early versions, you can legally keep it and use it for as long as you wish, without payment.

NOTE #1: I might suggest that TrueCrypt is a good replacement for PGP for some purposes. TrueCrypt is open source software, available free of charge. However, it is primarily aimed at encrypting an entire partition or disk drive, not a single file at a time. TrueCrypt is no longer recommended by the program’s creators. You can learn more at http://www.truecrypt.org/

NOTE #2: Windows XP and later versions of Windows include something called Encrypting File System (EFS). Don’t be misled. EFS is great for encrypting files on a hard drive, but it is not suitable for sending encrypted files via email. EFS is also not available on the Home Editions of Windows but is available on the higher-priced Pro Editions. Don’t waste your time trying to make Encrypting File System work for email messages.

NOTE #3: ZIP files can be encrypted by some, but not all, ZIP programs. The popular WinZIP program can create encrypted ZIP files, but the encryption is weak. WinZIP will keep files safe from casual prying eyes, but encryption experts will probably be able to crack your WinZIP-encrypted file quickly. WinZIP is shareware; you are supposed to pay for it if you keep it and use it. A better solution can be found with 7-ZIP, a totally free program that can create stronger encryption. 7-ZIP is available for Windows, Macintosh, inux, BSD Unix, and ReactOS. You can learn more at http://www.7-zip.org/

The ZIP software included with Windows does not create encrypted ZIP files.

There are other encryption/decryption programs available but I haven’t tried all of them and cannot make recommendations.

The idea of sending encrypted files is a simple concept but becomes a bit complicated in practice. First, you and the intended recipient must install the same encryption program on both of your computers. This can be a problem if your recipient isn’t familiar with downloading and installing programs. The recipient also needs to know how to save files and then use the encryption/decryption program. That will be a problem for computer novices. Next, if one of you uses Windows and the other uses Macintosh, the problem becomes a bit more complex. A few programs are available for different operating systems, but most encryption/decryption programs (except 7-ZIP) are only available for one operating system.

Luckily, there is a solution that is even easier than any of the above solutions and requires no technical expertise. All you need is a web browser. Almost anyone can use it. There is no software to install, and it works equally well on Windows, Macintosh, Linux, and handheld computers.

The remainder of this article is reserved for Plus Edition subscribers only. If you have a Plus Edition subscription, you may read the full article at: https://eogn.com/(*)-Plus-Edition-News-Articles/12228676.

If you are not yet a Plus Edition subscriber, you can learn more about such subscriptions and even upgrade to a Plus Edition subscription immediately at https://eogn.com/page-18077