I have the option of encrypting my outgoing email messages at 512-bit, 1024-bit, or 4096-bit 'military grade encryption'. Currently none have been selected. Is there any downside when encrypting emails? Anyone got some advice on this?
Email encryption...?
- Thread starter Goldy
- Start date
There is no downside other than usability, if you have the option of using 4096-bit keys then go for it 
You haven't mentioned who you are communicating with, but basically you will need the public keys of everyone you wish to send encrypted mail to, this is the main problem when using a public-key infrastructure for email encryption and why it often isn't used.
There are two ways to solve this key distribution problem one is called the Web of Trust and the other is to use a Certification Authority. There are good wiki articles on both of these if you need more information.
But if you just want to encrypt mail to one other person, get his public key (and ensure it is really his) and use 4096-bit. Things get harder and more complex if you want to start using encrypted mail for communicating with lots of people.
You haven't mentioned who you are communicating with, but basically you will need the public keys of everyone you wish to send encrypted mail to, this is the main problem when using a public-key infrastructure for email encryption and why it often isn't used.
There are two ways to solve this key distribution problem one is called the Web of Trust and the other is to use a Certification Authority. There are good wiki articles on both of these if you need more information.
But if you just want to encrypt mail to one other person, get his public key (and ensure it is really his) and use 4096-bit. Things get harder and more complex if you want to start using encrypted mail for communicating with lots of people.
I encrypt all my emails using a certificate in Thunderbird. Plus side, nobody will be spying on your terrorist plans, bestial porn exchanges and child trafficking. Down side, the recipient needs to have exchanged keys with you in order to be able to decrypt the message. Second plus side, exchanging keys is as simple as sending a signed (but not encrypted email) and receiving a reply.
How does this work? You're sending your public key out to someone, signed with your private key? All that signature will prove is that the sender of that email has a valid associated private key. I don't think it would stop a random person making up a key pair and spoofing it from your address. That's the reason for the whole requirement of a CA or trust model isn't it?. (Unless ive missed something)
All I can remember from setting this up in Thunderbird was as follows:
1) Obtain free Comodo email certificate.
2) Install certificate in Thunderbird's store.
3) Email the intended recipient.
4) Await their similarly signed reply so you can swap keys.
Thereafter, you can encrypt messages to each other. Perhaps you have to send encrypted (rather than just signed) messages for this to work. It's been a couple of years since I had to do this so my memory's not 100%.
EDIT: Yeah I was basically correct. Here's an excerpt from Comodo's support site.
Comodo said:How do I send my email certificate (Digital ID) to someone else so that they can encrypt emails they send to me?Solution When you first receive your email certificate you will need to distribute the 'Public Key' to
those people who you want to send encrypted emails to you.
To do this send them an email and digitally sign it, this attaches the Public Key certificate to the email.
They must store your email address with the certificate in their address book.
After this they can then decide to encrypt each email that is sent to you by setting the 'Security Options'.
Last edited:
Ah ok, in that case Comodo is essentially a Certification Authority
I was under the impression you were just doing it all custom.
Permabanned
- Joined
- 28 Dec 2009
- Posts
- 13,052
- Location
- london
Email is unsecure.
The only way to secure email properly is with pgp. But even then it is unsecure. If it is very sensitive data you shouldn't use email, but for most instances pgp would be sufficient.
link
The only way to secure email properly is with pgp. But even then it is unsecure. If it is very sensitive data you shouldn't use email, but for most instances pgp would be sufficient.
link
Last edited:
4096 bit encryption is pretty secure for virtually any purpose. If you're in a position whereby someone (or some organisation more like) is willing to crack your 4096 bit encryption you have WAY bigger things to worry about than your email...
Thanks that goods to know. Military grade encryption is a bit OTT for my needs so I went for 512-bit. Everything appears to be working normally
glad it's working. In case you do decide to use if for anything sensitive, a research team successfully factored a 768-bit key at the start of the year, so 512-bits is on the light side these days 
We use PGP at work, its not the only way to secure an email, it's a product that implements well established encryption standards. There are other products that do a similiar thing, but PGP is a good implimentation.
With any security measure you have to ask is it needed? What are you sending and what is the value of it? Is it worth the hassle of encrypting?
The person at the other end will need to be equiped to decrypt mails as well. The good thing about PGP is you can upload your pub key to global server which is automatically used for encryption when sending to you.
Encryption sounds great in theory, but in many cases it would be a million times easier to simply nick your computer!
Very true, reminds me of this
