What is email encryption?
If you want to ensure that the information in emails is secure from sender to recipient's mailbox, you need email encryption. It makes sure that the contents of the email cannot be read by third parties during transmission.
However, as soon as you start dealing with the topic of email encryption, you will immediately be confronted with terms such as "private key", "public key", "certificates", "signing", "S/MIME", "PGP", "revocation certificate" and many more.
Once you have understood these terms and successfully mastered the time-consuming process of implementing traditional email encryption methods, you will probably start looking for alternative methods to encrypt emails.
User-friendly email encryption solution
We have recognized this problem and have designed a solution right from the start that takes a different approach without this complexity. Our add-in makes it possible to communicate ad-hoc bidirectionally without the installation of software on the client side, without the exchange of certificates, without the creation of user accounts and even without any previous knowledge.
Cryptshare represents an interesting alternative to traditional email encryption solutions and is consistently designed for user-friendliness, which leads to very high user acceptance.
Email is insecure and readable for everyone - Just like postcard
How does email encryption work with PGP?
An encryption software like PGP ("Pretty Good Privacy") creates a key pair.
A public key and a private key.
What is a public key?
The public key is available for anyone on the internet and can be used to send encrypted emails to you. You should send your public key to all communication partners and publish it on so-called public key servers. These keyservers are public machines where you can search for public keys of email addresses.
Why should I share my public key?
The more people know your public key, the more likely they are to send you emails encrypted.
What is a private key?
The private key is top secret and must only be available to you.
With this private key only you can decrypt what others have sent you encrypted with your public key.
The private key is stored with a password so that it still remains protected, even in case of publication.
What is it about the signing of email?
In addition to email encryption, you can sign your emails. The email is provided with a digital signature based on your private key. This allows your recipients to check whether the email really comes from you and to be sure that it has not been manipulated.
How are PGP encrypted emails transported?
After the email has been encrypted in the sender's e-mail client, the transmission is usually TLS-secured (Transport Layer Security) to the outgoing mail server using SMTP (Simple Mail Transfer Protocol). The email is then routed over an unknown number of servers until it arrives at the recipient's destination server. The transport of the email from the mail server to the email client of the recipient is then usually TLS-secured via IMAP or POP3.
This means that the transmission is done via public servers and can be copied anywhere.
Is email communication secure with PGP?
Yes and no. The text of an email is very secure with PGP. It is a so-called "end-to-end encryption" (E2EE). Since only the communication partners (i.e. the respective end points of the communication) can decrypt the messages. This generally promises a high level of security.
For technical reasons, so-called metadata such as sender, recipient and the subject of the message cannot be encrypted.
If one day someone gets access to your private key, they will be able to read all encrypted emails in plain text - even decades later.
In 2018, security researchers bypassed the encryption of email systems and published details about security vulnerabilities in the two encryption methods PGP and S/MIME. The security vulnerabilities went around the world under the name EFAIL. Under certain conditions, emails can be decrypted with it.
Why has PGP not become established in companies?
Although PGP integrations such as Gpg4win for Outlook and Enigmail for Thunderbird on Windows or GPGtools for macOS make the setup and everyday life with PGP easier, the implementation still causes considerable effort.
The following steps are necessary for each individual email address in a company:
- Install and configure PGP-integration for email client
- Create public key and publish it on key server
- Create password for private key and store it securely in local IT environment (password manager)
- Create private key, store it securely in local IT environment
- Training of all employees in handling this email encryption method
- Sensitization & training of external communication partners for PGP
All this means a lot of work for the IT department of a company. And only the information within the email is secured. The issue of large and sensitive file attachments is not solved.
With email encryption using Cryptshare, we have made it easier for administrators and users.
How does email encryption with Cryptshare work?
Cryptshare has a completely different approach to secure email communication than PGP & S/MIME. No private and public keys or certificates need to be generated for individual email addresses. We have even avoided the transmission of confidential emails via SMTP for the reasons mentioned under PGP.
Each company has its own Cryptshare server, which is operated in its own DMZ or by the web hosting or cloud provider of choice. Users create their emails as usual in the email client and add attachments of any size if necessary. Now the user selects an email classification to determine the vulnerability of the information contained in the email or clicks directly on the "Send with Cryptshare" button.
Now a dialog window opens. There, depending on the previously selected classification, he can choose an individual retention period for the message on the server, a unique password and settings such as "Encrypt email subject" or "Recipient's language". The password can be transmitted in different ways - for example, by telephone, letter, fax, SMS or in person. It is up to the user to decide what level of security is applied.
How are Cryptshare encrypted emails transported?
The message and attachments are transferred to the Cryptshare server via an HTTPS connection with TLS encryption. There they are scanned for viruses and stored AES-encrypted (Advanced Encryption Standard). A different key is used for each communication process. The cryptshare server then sends a notification to the recipient(s), which provides the download link and contact information of the sender.
With a simple click on the download link and after entering the password, the recipient can now access the data via an HTTPS connection with TLS encryption. At the same time, the cryptshare server informs the sender that the data has been retrieved by the recipient.
Cryptshare eliminates attachment size limitations and fully logs all send and receive operations. Clear notifications to the sender when emails and files have been sent and delivered to the intended recipient helps companies comply with policies and compliance requirements such as the GDPR. This also makes it easier to detect conspicuous activities in connection with email communication. Further advantages of our solution.
Does a new password have to be created manually for each email?
No. Our revolutionary Cryptshare QUICK technology generates system-generated one-time keys in the background.
How does Cryptshare work? The answer in 2 minutes!
Email encryption in enterprises
In order to protect businesses and their clients, there are laws, regulations and internal compliance standards that have to be followed.
- the European General Data Protection Regulation (GDPR)
- the California Consumer Privacy Act (CCPA)
- the Australian Privacy Principles (APPs)
are just three of many examples in the field.
Aside from such general regulations there are also topic- and industry-specific laws like the US Health Insurance Portability and Accountability Act (HIPAA) that makes sure that patients’ data are handled in a secure way or in the real estate business, the Consumer Financial Protection Bureau (CFPB) regulates the privacy of clients, the NTA 7516 for the WvGGZ in the Netherlands.
While these are only a few examples there is an increasing tendency for more laws and specific regulations to come.
While employees are used to the convenience of consumer grade technologies, those tools rarely comply with carefully established security standards and privacy regulations. Current available technologies such as S/MIME or PGP are often too complicated to install and use, leave metadata vulnerable and do not solve the problem of exchanging large file attachments. Professional solutions that try to resolve those issues can be very costly and are typically complex.
Despite the eroding myth of regular email as a secure communication tool for messages and files, most emails are sent unencrypted, and business emails are certainly no exception to that.
A closer look reveals that for most users the majority of encryption solutions are simply not an option because their implementation requires too much (technical) effort.
The prime example: S/MIME and PGP.
Putting aside the complicated implementation of S/MIME and PGP, all communication partners who did not go through this complex process fall by the wayside and continue to be excluded from encrypted communication.
Cryptshare, however, works without any hurdles and offers many additional beneftits.
Advantages of securing email with Cryptshare
- Encryption of email
- Encrypted subject line
- Encryption of attachments of any size
- Self explanatory and intuitively to use
- No exchange of certificates or keys needed
- No user accounts needed
- No software installation needed
- Documentation of all activity for compliance
Email encryption made comfortable
Cryptshare QUICK Technology combines security for data in transit with convenience for users
Usability has always been a key aspect, so effort for users is kept to an absolute minimum. Newly released Cryptshare QUICK Technology takes this one step further and combines security for data in transit with convenience for users.
Once activated with just a few clicks, it makes protecting regular exchanges between communication partners effortless. All transfers are secured with unique and system-generated one-time keys, not just one key pair as is the case with S/MIME and PGP.
Since these keys are automatically generated by the system and meta data such as subject lines can be sent encrypted as well, the risk of social engineering attacks is reduced dramatically.
In conclusion, while S/MIME and PGP may be the first things that come to mind when thinking about email encryption, they are certainly neither the most user-friendly nor the securest solutions.
For users who want to use encryption to protect their data in transit, they present too many obstacles for successful implementation.
For secure business communication, a reliable solution is needed that is transparent, removes barriers, and can be used by anyone straight away.
Only then can email encryption truly go mainstream.
Pros and Cons of the email
Click on the panels to learn more
Universally available but insecure and can't handle large files. Click on the following panels to learn more.
Email is already the backbone of communications in most companies it is established and effective and so unlikely to change and it is paid for already. Cost increases when very large data stores are allocated for each user and when policies for use are breached so these need to be managed.
Unless supplemented by expensive and complex encryption email is not secure. Beyond enterprise boundaries loss of confidential information in email is one of the most common security and compliance breaches.
Good governance demands some level of incremental security above that provided in email. This may be though classification of data such that inly the least secure need is handled by email and all other transactions are through a stronger specialist mechanism.
Email is very easy to use which is its strength and its weakness. It is easy so it is used by us all, all the time. But we sometimes assume it is secure and so use it for the wrong kinds of communication.
Secure but expensive. Never available when you need it. Doesn't solve the problems of large files.
Complex and expensive and suited better to security between known senders and recipients encrypted email is very expensive to buy to install to administer and to run. Whilst the cost is high there is no doubt of the strength of security offered albeit with lost flexibility.
Encryption of emails and file attachments is end to end and so highly secure. By not helping the ad hoc transfers there is a risk of breach by use of removable media when this demand arises.
Because of the high cost, inflexibility and slow execution encrypted email is often not deployed in favor of greater flexibility. In particular the fact of needing a client to exchange files creates a significant weakness as real world needs extend into third party companies.
For the user inside the domain ecrypted email is simple to use once set up. However if the requirement is to exchange files or emails beyond the firewall things are not so easy. Furthermore first set up is very complex and time consuming.
Comparison of Email Encryption methods
|Requirement||S/MIME & PGP||Cryptshare|
|Use without prior knowledge|
|No technical prerequisites for recipients required|
|Easy to set up and configure (1h)|
|Sending files of any size|
|Protective email classification|
|Encryption of subject line|
|Definable retention period of files on the server|
|Complete audit trail for all transfers|
|Available for anyone to use|
Email Security Insights
Email security resources you may be interested in: