The chief editor of the Security branch of the German IT publisher “Heise Verlag”, Jürgen Schmidt, calls for new approaches to encryption of e-mails and the need for a more modern successor to PGP in an editorial. Is there already a more suitable alternative for everyday use though?

The desire to encrypt the content of e-mails is almost as old as e-mail itself. Since the beginning of the 90s PGP has been available as a technology for this purpose however the use of PGP is minimal as compared to the proliferation of email. This is due to the relatively hight complexity and cost of handling this technology leaving users without a deep understanding of IT in trouble. Today electronic communication by e-mail is not just for IT experts but for many if not all critical business processes and in all areas of a company, requiring fast, easy and secure electronic exchange of information.

Jürgen Schmidt says: "PGP is technically obsolete, it is hard to use on PCs and an almost hopeless case on smartphones." There are also other problems. In practice PGP communications often fail due to the uncontrolled risk of somebody intentionally uploading the wrong public keys for existing e-mail addresses to PGP key exchange servers and due to a lack of quality of many PGP implementations.

Even if a PGP connection between two work stations is successfully established, PGP provides no capability for sharing of large files and yet files become more frequent, more important and constantly larger in corporate communications. Despite these known issues many IT experts still advocate the use of end-to-end encryption based on PGP as the panacea for spying and surveillance in all forms partly because they do not know of an alternative.

If you try to follow this advice you will quickly find that this form of encryption between sender and recipient is not practical for business use. Common barriers to end-to-end encryption include being prevented from checking contents in the DMZ including checks for malicious code or fulfilling legal requirements to archive contents in a usable form. The use of PGP is currently only viable in the form of a gateway solution, which automatically performs the encryption in the DMZ of the company and provides encryption site-to-site between businesses or site-to-end point from a business to known private users.

Using a gateway solution, the necessary skill and effort required to manage PGP keys is shifted away from the staff to the administrator who needs to be trained for this purpose. As communication always involves two parties, the use of PGP requires that the other party also uses a compatible solution. Here, however, the lack of market penetration will quickly turn into a show stopper, especially when communicating with individuals.

Cryptshare is an attractive and modern alternative to PGP allowing the encryption of e-mails and files of any size to be shared with anybody, ad hoc and without great technical knowledge. Cryptshare is typically deployed on a server installed in the DMZ of the company making it accessible to all e-mail users in a domain that may need greater security. Offering an easy-to-use Web interface that enables the bi-directional exchange of sensitive messages and files between the company staff and its clients, business partners or customers Cryptshare requires no specialist skill or training. Only a browser and an e-mail address are required on the side of the external communication partner and even more convenient than using the web interface is the use of the MS Outlook add-in, or IBM Notes integration.

Using the add-in staff create their message as usual in e-mail and by clicking on the Cryptshare button any size limits for attachments are eliminated and the message along with the files can be sent encrypted to any recipient outside the company. For this purpose, one-time passwords are used that can be entered by the user or can be generated automatically. Rule-based operation is recommended, so that Cryptshare will automatically process messages that meet certain policy criteria.

The recipient receives a download link. An e-mail message that is sent encrypted by Cryptshare is delivered as a file that opens in the e-mail program of the recipient who can then store it in the regular e-mail folders just like any regular message. A future version of the add-ins will allow the direct import of received messages into the Inbox of Outlook without having to go through the browser.

The password required to retrieve the data can be set up in many ways for example it could consist of a pre-shared secret or be generated manually be the sender or automatically by the Cryptshare server. In each case the recipient receives the contact details of the sender, so that they can get in touch with the sender and ask for the password if required. In these days soft validation is often more secure than automated. It does mean however that each and all messages shared have a unique encryption key removing the risk faced by PGP that the private keys held on end point devices may have been breached and users would be unaware of this.

For end users, this means that secure communication is possible at any time without fulfilling complex technical preconditions and without building up specific know-how. However, security is just one important gain. The ability to overcome file size limits of e-mail ensures that not only messages but all of the contents that are relevant for business communication today can be exchanged. This benefit guarantees high user acceptance.

Cryptshare can easily compete with PGP for security. The exchange of data between sender/receiver and the Cryptshare server takes place directly via https secured connections that support Perfect Forward Secrecy (PFS) and correspond with the latest standards for protection against eavesdropping. This direct connection significantly reduces the number of potential points of attack as compared to email-based approaches, where messages pass an unpredictable number of mail servers of different operators on their way from A to B. By using the standard protocol https maximum interoperability is ensured at the same time. In addition, all meta-data of the email is encrypted.

Cryptshare makes secure communication as easy as email. To learn more about how Cryptshare makes your business more secure, please contact us!