Tag Archives: openpgp

Encrypting email sent with webmail

Webmail is very popular and there are a lot of services out there … gmail … outlook.com, any many others. Your email is easily accessible from any computer. No wonder why so many people uses it. However, when you need to send email securely, most webmail providers have no solution. I am not talking about using SSL to encrypt your webmail session, because that has zero impact on the email you send and received unless those are using encryption. SSL only protects your browser traffic, nothing else. Your emails are basically postcards and visible to anyone who happens to be listening, either on your network or along the way the email travels. So, dont use email for trade secrets, simple as that.

If you are going to send trade secrets using email, do use encryption tools. Myself, I use a Macbook at home, but I also use Gmail. So, how can I send and receive encrypted email, as well as digitally sign my emails? I use a free toolkit called GPGTools to aid me in my efforts.

One thing is extremely important to remember when using encryption with webmail and that is, never write cleartext in the webmail interface. If you do, the webmail most likely saves or cache the information in cleartext even if you encrypt it in a later step.

Instead, use a text editor like TextWrangler and write your email and then simply mark all -> Application Menu -> Services -> OpenPGP: Encrypt as seen below.

OpenPGP_Encrypt

You will then have to select your recipients key to encrypt the message, and only after the text has been encrypted, copy the contents into your webmail composer window. That way, no cleartext has been submitted to the webmail provider. All the encryption has happened on your client. If you do not see OpenPGP in your text editor menu, open system preferences -> keyboard -> shortcuts -> services, and make sure OpenPGP is enabled for text handling.

This is of course not ideal, but if you have information worth protecting, it is worth the extra effort to encrypt your message offline. To learn how to setup your public/secret key and other things related to GPGPTools, visit the knowledgebase.