The state of email encryption
Encrypting with Webmail
Some webmail systems are behind the times in providing comprehensive encryption. The Mailvelope browser plugin [7], which is available for Chrome, Edge, and Firefox, adds secure OpenPGP communication to webmail. It runs locally in the user's web browser and detects when the provider's webmailer contains a PGP-encrypted email. It then decodes the contained email, exchanges the contents of the web page for the unencrypted message, and displays the message.
Mailvelope can also send encrypted email. Before a message written in plaintext is sent on its way, Mailvelope encrypts it locally and only then transmits it to the provider's webmail system. The process seems good at first glance, because decoding occurs locally on the user's computer. However, security experts have complained about the implementation of Mailvelope as a browser plugin: it leads to the sensitive PGP key material being stored in the browser's plugin area, which cannot be 100 percent protected. In addition, JavaScript is not considered suitable for implementing secure cryptography.
Implementations such as the Guard system of the Open-Xchange groupware solution [8] take a somewhat different approach. These solutions store the key securely on the provider's server, and a password entered by the user protects it against unauthorized access. The server takes care of encryption and decryption, removing the need for a browser plugin. This means that users can access their own mailboxes from other computers at any time, even when if they are on the road.
Conclusion
Cyber snoopers are more sophisticated than ever, which means there has never been a better time to get familiar with email encryption. However, as this article has shown, you can't just install SSL/TLS or PGP and expect a safety guarantee. It pays to consider the details and look closely at what you need to ensure your messages remain private.
Whether trusting your email provider offers you more security, or whether you are better off keeping your own key on your private PC, is a matter for every user to determine. But either way, in view of the recent gamut of virus and ransomware attacks, it pays to be cautious.
Infos
- DANE: https://datatracker.ietf.org/doc/html/rfc6698
- TLSA generator: https://ssl-tools.net/tlsa-generator
- WKS/WKD: https://wiki.gnupg.org/WKD
- S/MIME: https://en.wikipedia.org/wiki/S/MIME
- Volksverschl¸sselung: https://volksverschluesselung.de [In German]
- Fraunhofer Institute: https://www.fraunhofer.de/en.html
- Mailvelope: https://mailvelope.com/
- Open-Xchange: https://www.open-xchange.com/
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
News
-
An All-Snap Version of Ubuntu is In The Works
Along with the standard deb version of the open-source operating system, Canonical will release an-all snap version.
-
Mageia 9 Beta 2 Ready for Testing
The latest beta of the popular Mageia distribution now includes the latest kernel and plenty of updated applications.
-
KDE Plasma 6 Looks to Bring Basic HDR Support
The KWin piece of KDE Plasma now has HDR support and color management geared for the 6.0 release.
-
Bodhi Linux 7.0 Beta Ready for Testing
The latest iteration of the Bohdi Linux distribution is now available for those who want to experience what's in store and for testing purposes.
-
Changes Coming to Ubuntu PPA Usage
The way you manage Personal Package Archives will be changing with the release of Ubuntu 23.10.
-
AlmaLinux 9.2 Now Available for Download
AlmaLinux has been released and provides a free alternative to upstream Red Hat Enterprise Linux.
-
An Immutable Version of Fedora Is Under Consideration
For anyone who's a fan of using immutable versions of Linux, the Fedora team is currently considering adding a new spin called Fedora Onyx.
-
New Release of Br OS Includes ChatGPT Integration
Br OS 23.04 is now available and is geared specifically toward web content creation.
-
Command-Line Only Peropesis 2.1 Available Now
The latest iteration of Peropesis has been released with plenty of updates and introduces new software development tools.
-
TUXEDO Computers Announces InfinityBook Pro 14
With the new generation of their popular InfinityBook Pro 14, TUXEDO upgrades its ultra-mobile, powerful business laptop with some impressive specs.