The state of email encryption
Encrypting with Webmail
Some webmail systems are behind the times in providing comprehensive encryption. The Mailvelope browser plugin [7], which is available for Chrome, Edge, and Firefox, adds secure OpenPGP communication to webmail. It runs locally in the user's web browser and detects when the provider's webmailer contains a PGP-encrypted email. It then decodes the contained email, exchanges the contents of the web page for the unencrypted message, and displays the message.
Mailvelope can also send encrypted email. Before a message written in plaintext is sent on its way, Mailvelope encrypts it locally and only then transmits it to the provider's webmail system. The process seems good at first glance, because decoding occurs locally on the user's computer. However, security experts have complained about the implementation of Mailvelope as a browser plugin: it leads to the sensitive PGP key material being stored in the browser's plugin area, which cannot be 100 percent protected. In addition, JavaScript is not considered suitable for implementing secure cryptography.
Implementations such as the Guard system of the Open-Xchange groupware solution [8] take a somewhat different approach. These solutions store the key securely on the provider's server, and a password entered by the user protects it against unauthorized access. The server takes care of encryption and decryption, removing the need for a browser plugin. This means that users can access their own mailboxes from other computers at any time, even when if they are on the road.
Conclusion
Cyber snoopers are more sophisticated than ever, which means there has never been a better time to get familiar with email encryption. However, as this article has shown, you can't just install SSL/TLS or PGP and expect a safety guarantee. It pays to consider the details and look closely at what you need to ensure your messages remain private.
Whether trusting your email provider offers you more security, or whether you are better off keeping your own key on your private PC, is a matter for every user to determine. But either way, in view of the recent gamut of virus and ransomware attacks, it pays to be cautious.
Infos
- DANE: https://datatracker.ietf.org/doc/html/rfc6698
- TLSA generator: https://ssl-tools.net/tlsa-generator
- WKS/WKD: https://wiki.gnupg.org/WKD
- S/MIME: https://en.wikipedia.org/wiki/S/MIME
- Volksverschl¸sselung: https://volksverschluesselung.de [In German]
- Fraunhofer Institute: https://www.fraunhofer.de/en.html
- Mailvelope: https://mailvelope.com/
- Open-Xchange: https://www.open-xchange.com/
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.