PGP and S/MIME - are not widely used until today.
There is a lot of discussion going on in the Internet on the subject of S/MIME vs. PGP or encryption of emails in general.
A contribution from the Internet blog "Gizmodo", that we would like to quote at this point, portrays very vividly why the leading technologies for encryption of emails - PGP and S/MIME - are not widely used until today.
"No wonder, when I see what is necessary until I'm ready to send an encrypted mail:
- Download and install Thunderbird
- Download and install GnuPG
- Download and install * EnigMail
- Create a key pair of public key and private key and a revocation certificate.
- Store the revocation certificate well protected.
- Keep the private key well protected.
- Upload the public key to a key server or share with all communication partners.
- Get the Public keys of all mail recipients.
- Write email, encrypt with the public key of the recipient.
... And now explain this to the average email sender and its average email recipients. Encryption can only work if it is extremely easy for the user – or ideally is fully transparent in use."
(Translated from source: www.gizmodo.de/2014/07/02/verschluesselung-sicherer-e-mail-versand-ist-die-grosse-ausnahme.html)
This complexity is the reason why many implementations fail - if not already at the administrators, then no later than at the end users. The effort that is portrayed by this blog entry - even if it may vary in detail, depending on the encryption software and email client software used - is too high, the requirements to technically and thus the user acceptance too low.
We have recognized this problem and consequently designed a solution that takes a different approach that does not require this level of complexity. S/MIME vs PGP? No thanks, Cryptshare makes it possible to communicate securely and bi-directionally in an ad-hoc manner without installing software on the client side, without having to exchange certificates, without having to set up user accounts and with no prior encryption know-how required.
Cryptshare thus represents an interesting alternative to traditional email encryption solutions and is consistently designed for ease of use, leading to very high user acceptance.
In the business world it is often not so much the email text itself, containing the confidential information, but the files that we are trying to send by email: presentations, photos, videos, CAD files, assessments, reports, documentations, calculations, draft contracts, etc. We quickly get it to the point where the files are too large for email.
A solution that neither encrypts the reference to the contents of an important file, nor the file itself, but in the worst case only the friendly greetings to the recipient does not help very much.
Cryptshare therefore not only enables the bi-directional, encrypted transmission of emails. Cryptshare also allows bidirectional encrypted transfer of files of any size and bidirectional transfer - including virus scan. In any case, the content of the messages and files is always encrypted.
As suggested by the above-cited blog entry, a solution for encrypted communication must be extremely easy to use so. Ideally, however, it offers more than just a completely invisible encryption. User acceptance is achieved by offering extra value at no extra effort for the user. This extra value is often not recognizable for users in pure encryption solution, or especially if it works invisibly. Because that means, conversely, that it comes only to the user's face when it fails.
Users want to control, and users want a sense of achievement. With Cryptshare users have a perception that their data has been transferred safely without to burden them. The integrated features to track the status of the transfer of files and messages up to the point of reception, create a sense of confidence and control with the users. This ensures the user acceptance, as the daily operations can be supported efficiently. Especially as it applies to communication with any communication partners - both internal and external - and not just with those who have an existing installation of the same technology.
To learn more about how Cryptshare makes your business more secure, please contact us!
We as a software manufacturer often speak with companies that have failed in the introduction or widespread use of solutions for secure email traffic, such as S / MIME or PGP. Often, the solutions are simply too complex for users, too expensive for the business or both to succeed in wide scale use. If you have the need to communicate with changing communication partners, a solution is needed that works ad-hoc with any outside party, without the prior need to exchange certificates, purchase licenses or set up user accounts. The time pressure, which every employee is exposed today, often outweighs the concern over possible risks.
If this happens even a user with S / MIME or PGP remains liable to send sensitive files via insecure routes. People will tend to find creative alternative methods, such as the transmission of data using media sent by post. Again, the potential risk for a data breach is not far away: "55% of companies stated not to protect their IT when connecting with portable storage devices at all. Securing data with passwords is even a downward trend - from 26% (2011) to 21% (2014). Only the encryption of data is increasing by 5 percentage points – to now 24%."
However, secure email communications and encrypted data transmission don’t need to be complicated. Cryptshare solves the challenges listed above in a very simple manner and can make a significant contribution to making your electronic communication safe, reliable and comprehensible, without overwhelming users and administrators.
The solution is so simple in concept that users with IT skills of all levels can easily use it without previous knowledge or training with the system. Neither a software installation, nor the exchange of certificates or the setup of user accounts are required. Also any number of external participants are included in the license fees - regardless of whether these participants appear as a sender or as a receiver.
If the information you want to share is too large for email transmission, Cryptshare is also the solution. Cryptshare, besides securing emails also transfers files of any size - up to several gigabytes.
The uncomplicated design of Cryptshare makes it easy not only for end users but also the administrator and the running cost are minimal. Once installed no regular maintenance needs to be carried out, as no users must be managed and cleanup of the files and emails on the server happens automatically. The know-how that must be established for running the solution is minimal.
Experience the high level of user acceptance of Cryptshare yourself! We are happy to provide your company with a free and non-binding access to our demo system. This is where your users can experience for themselves how easy secure communication can be. No software installation, user account setup or training is required.
Today many international clients across diverse industries and company sizes already rely on Cryptshare. We are convinced that Cryptshare can revolutionise your electronic communications as well.
Let PGP die!
Heise Security chief editor said in 2015
The chief editor of the Security branch of the German IT publisher “Heise Verlag”, Jürgen Schmidt, calls for new approaches to encryption of emails and the need for a more modern successor to PGP in an editorial. Is there already a more suitable alternative for everyday use though?
The desire to encrypt the content of emails is almost as old as email itself. Since the beginning of the 90s PGP has been available as a technology for this purpose however the use of PGP is minimal as compared to the proliferation of email. This is due to the relatively hight complexity and cost of handling this technology leaving users without a deep understanding of IT in trouble. Today electronic communication by e-mail is not just for IT experts but for many if not all critical business processes and in all areas of a company, requiring fast, easy and secure electronic exchange of information.
PGP is technically obsolete, it is hard to use on PCs and an almost hopeless case on smartphones.
There are also other problems. In practice PGP communications often fail due to the uncontrolled risk of somebody intentionally uploading the wrong public keys for existing email addresses to PGP key exchange servers and due to a lack of quality of many PGP implementations.
Even if a PGP connection between two work stations is successfully established, PGP provides no capability for sharing of large files and yet files become more frequent, more important and constantly larger in corporate communications. Despite these known issues many IT experts still advocate the use of end-to-end encryption based on PGP as the panacea for spying and surveillance in all forms partly because they do not know of an alternative.
If you try to follow this advice you will quickly find that this form of encryption between sender and recipient is not practical for business use. Common barriers to end-to-end encryption include being prevented from checking contents in the DMZ including checks for malicious code or fulfilling legal requirements to archive contents in a usable form. The use of PGP is currently only viable in the form of a gateway solution, which automatically performs the encryption in the DMZ of the company and provides encryption site-to-site between businesses or site-to-end point from a business to known private users.
Using a gateway solution, the necessary skill and effort required to manage PGP keys is shifted away from the staff to the administrator who needs to be trained for this purpose. As communication always involves two parties, the use of PGP requires that the other party also uses a compatible solution. Here, however, the lack of market penetration will quickly turn into a show stopper, especially when communicating with individuals.
Cryptshare is an attractive and modern alternative to PGP allowing the encryption of emails and files of any size to be shared with anybody, ad hoc and without great technical knowledge. Cryptshare is typically deployed on a server installed in the DMZ of the company making it accessible to all email users in a domain that may need greater security. Offering an easy-to-use Web interface that enables the bi-directional exchange of sensitive messages and files between the company staff and its clients, business partners or customers Cryptshare requires no specialist skill or training. Only a browser and an e-mail address are required on the side of the external communication partner and even more convenient than using the web interface is the use of the Outlook add-in, or HCL Notes integration.
Using the add-in staff create their message as usual in email and by clicking on the Cryptshare button any size limits for attachments are eliminated and the message along with the files can be sent encrypted to any recipient outside the company. For this purpose, one-time passwords are used that can be entered by the user or can be generated automatically. Rule-based operation is recommended, so that Cryptshare will automatically process messages that meet certain policy criteria.
The recipient receives a download link. An email message that is sent encrypted by Cryptshare is delivered as a file that opens in the email program of the recipient who can then store it in the regular email folders just like any regular message. A future version of the add-ins will allow the direct import of received messages into the Inbox of Outlook without having to go through the browser.
The password required to retrieve the data can be set up in many ways for example it could consist of a pre-shared secret or be generated manually be the sender or automatically by the Cryptshare server. In each case the recipient receives the contact details of the sender, so that they can get in touch with the sender and ask for the password if required. In these days soft validation is often more secure than automated. It does mean however that each and all messages shared have a unique encryption key removing the risk faced by PGP that the private keys held on end point devices may have been breached and users would be unaware of this.
For end users, this means that secure communication is possible at any time without fulfilling complex technical preconditions and without building up specific know-how. However, security is just one important gain. The ability to overcome file size limits of email ensures that not only messages but all of the contents that are relevant for business communication today can be exchanged. This benefit guarantees high user acceptance.
Cryptshare can easily compete with PGP for security. The exchange of data between sender/receiver and the Cryptshare server takes place directly via https secured connections that support Perfect Forward Secrecy (PFS) and correspond with the latest standards for protection against eavesdropping. This direct connection significantly reduces the number of potential points of attack as compared to email-based approaches, where messages pass an unpredictable number of mail servers of different operators on their way from A to B. By using the standard protocol https maximum interoperability is ensured at the same time. In addition, all meta-data of the email is encrypted.
Cryptshare makes secure communication as easy as email.