Email Encryption and Digital Signature

Quick guide to email encryption and email digital signatures in IWDC

Email encryption involves encrypting the content of an email message in order to protect potentially sensitive information from being read by anyone other than intended recipients.

Even when you use a secure network, messages can be intercepted by other users, including your login credentials. Encryption makes the content of your emails unreadable to everyone but the recipient, so even if someone intercepts your messages, they cannot access the content.

Digital Signature is a process that guarantees that the contents of a message have not been altered in transit. It is a digital code which is attached to your message to verify its contents and the sender's identity.

The main concept used for email encryption and digital signatures is public-key cryptography, also known as asymmetric cryptography. Both S/MIME and PGP protocols, which IWDC supports, use this concept.

In this encryption system, every user obtains two keys that are connected through user’s email address:

1. A Private key that should be kept secret and not revealed to anybody. It is used to digitally sign outgoing messages, or to decrypt incoming messages.

2. A Public key that is to be distributed to other users. Public key is used to validate the digital signature of incoming messages, or to send encrypted messages to other users.

This differentiation of keys makes the very foundation of message encryption and signing.

Why and when to use email encryption

Whenever you want to be sure no one without access to your private key (and the password to it) reads your messages, including on your own computer, use encryption. This applies to mailbox providers as well, as the encrypted message is secured during its entire journey.

Why use digital signatures in emails

Email digital signatures give your email recipients assurance that the messages received were sent from the proper sender and not tampered with. You can equally check the senders’ identity of signed received emails and be sure there were no changes made in transit. Digital signatures verify the communication parties’ identity, but do NOT make the emails encrypted as such.

What is PGP

PGP is one of the available cryptographic methods that can be used for encryption and email digital signatures. It stands for "Pretty Good Privacy" and was invented in 1991. Despite being connected mainly to the email communication, PGP can be applied to any texts or files.

PGP uses asymmetric cryptography and it contains two keys. The Private key used for digital signatures and decryption of incoming messages. And Public key used for encryption and validation of digital signatures.

Each PGP key features a unique Fingerprint consisting of a short string of numbers and letters. This feature allows users to easily verify keys sent via unsecured channels. Channels such as email itself. – It also allows you to be sure the keys were not altered on the road, which would threaten their future communication safety.

The fingerprints on sender’s and recipient’s side should be compared via a third channel, e.g. a phone call.

There are two ways to use PGP in emails:

1. PGP/MIME - a PGP standard that allows encryption and signature of the entire message, including formatted text and inserted pictures or attachments.

2. Inline PGP - a simpler standard that encrypts plain text only, with no attachments.

In order to maximize the compatibility, IWDC supports both PGP standards for sending and receiving messages.

How to set up PGP encryption in IWDC:

IWDC allows you to easily set up encryption for any account, whether you need to create a new PGP key pair or have one ready for import.

Set up an encryption

In the first step you can decide if you want to create a new key pair, import an existing key from your old app or continue without encryption.

You can create a new key pair or import anytime later in Menu > Settings > Signing and Encryption > Certificates and Keys section of IWDC.

Create New PGP keypair

To create a key pair you need to assign a password to it.

PGP uses a password to encrypt your Private key, so no one but you can use it. The password is needed to decrypt incoming messages or digitally sign your outgoing messages.

You can also specify a key size of your key pair.

Key size is the size of the key used in the cryptographic algorithm. A bigger key will be more secure but it will also take a bit longer to create. It will also take more time to encrypt or decrypt messages.

Save your private key

In this step you can save your Private key to a safe storage.

All encrypted messages you receive once you start using PGP can only be decrypted by using your Private key and password. If you lose your private key, you will not be able to decrypt the messages and read them ever again.

This also applies to the encrypted messages you sent via IWDC, as it encrypts your copy in Sent folder with your public key.

The key pair will be saved into an ASC file which you then need to save to a safe storage. You can save it to the Documents in your device. In case this device is stolen or damaged in some way, you should make an external backup as well. You can use a protected cloud storage, external USB drive or another device to make sure you can get it back at any time.

If you do not want to save the key right now, you can save it at any point in Menu > Settings > Signing and Encryption > Certificates and Keys section.

Share your public key

How to encrypt my message? To encrypt an outgoing email, you need a Public key of the person you are sending a message to. So if you want to receive encrypted messages, you need to distribute your Public key.

You can distribute this key yourself by sending it or bringing it over to your friends and contacts.

.

Key distribution

When you are set up, you will want to distribute your Public key to people you plan to exchange secured messages with.

My friend uses IWDC or a different program

In this case, you can send your key from Menu > Settings > Signing and Encryption > My certificates/keys section. Double-click the certificate to open the email encryption certificate detail. Click the “Send” button to distribute your keys to recipients of your choice. The recipients will get a message with an attached key. They can easily import the key into the IWDC PGP key storage or any other app.

 

Sending encrypted emails

After having exchanged PGP keys with your contacts, you can proceed by sending signed and/or encrypted emails. Icons for encryption (a lock) and digital signature (a stamp) should appear in the new message editor toolbar in IWDC.

Once you decide to send an encrypted message, IWDC will automatically select the proper encryption technology. Applying S/MIME or PGP based on the recipients’ public certificates and keys.

If there are no valid public keys available for selected recipients, a warning notification appears before the message is actually sent out.

The first detected key is used for your digital signature. It is possible to select a key manually, should you use more keys for the same email address.

Different PGP formats for encryption

When using the PGP technology, you can decide for PGP/MIME or Inline PGP format.

IWDC automatically selects the most fitting option, in most cases PGP/MIME that allows encryption of text formatting as well as attachments.

In comparison, Inline PGP is a simpler format that only encrypts plain text. It is a preferred choice if you wish to maximize compatibility with other applications.

The automatic selection of PGP format settings can be changed in Menu > Message > Format of PGP.

Reading of encrypted/signed messages

To open and read a signed and/or encrypted message is very simple in IWDC. The digital signature gets automatically validated upon opening the email. To enable the signature validation, you need to have the sender’s public key saved in IWDC or in the operating system. As long as the signature is valid, ergo the message was not tampered with, a notification with “This message was signed” would appear under the message header.

In order to read a message with encryption, IWDC requires your private password-protected PGP key. After entering the password, the message gets decrypted and you are free to read its content.