Outlook has built-in cryptographic security features based on digital certificates generated by the software. Before users can send encrypted messages to each other, they need to digitally sign messages and exchange certificates. Once done, it’s a matter of opening up a new message and selecting “Encrypt message contents and attachments” under the Options menu.
If you have years of history on Gmail, Yahoo, Hotmail, or other services, it’s a hard sell to move to a new email provider in the name of security. One option is to use Hushmail or GhostMail for sensitive communications, and keep going with the existing service for normal messages. But that works against the goal of encryption ubiquity.
Managing private/public keys
Until email providers decide to set up a universal encrypted email system, the onus of security falls on the sender and recipient. The sender has to generate a public/private key pair and publicize the public key. The recipient has to know how to use the public key to decrypt the message. For many tools that make use of public/private keys, public/private key management is transparent. That's not the case with email.
Services such as Keybase.io and Android apps such as K-9 and OpenKeychain attempt to make key management simpler. With Keybase.io, you use Twitter, GitHub, Reddit, or a handful of other tools to publish the public key. You can store the private key with Keybase or store it somewhere else, for example, OpenKeychain on your phone. When you want to sign your messages with your key or encrypt a whole text message, you can use Keybase’s built-in tools, then cut and paste the generated block of text into your email message. Because Keybase uses PGP (Pretty Good Privacy), the recipient can decrypt or verify the signature using any key manager that handles PGP keys. Mailvelope is a Chrome app that can encrypt and decrypt messages using your PGP keys in popular webmail services.
Encrypting personal email still has a long way to go before it is easy enough to be used by everyone, but it’s getting there.
Encrypting your hard drive
Microsoft built file and disk encryption into some versions of Windows with BitLocker, as Apple has done so for Mac OS X with FileVault2. Unfortunately for Windows users, BitLocker doesn’t come with standard versions such as Windows 7 Home or the core versions of Windows 8 and 8.1.
For Windows users who don’t have BitLocker, there is TrueCrypt and its successors. TrueCrypt ceased development in 2014, and though it is no longer actively maintained, the last stable version of this file encryption program is still widely regarded as secure and effective. VeraCrypt is a fork and successor to TrueCrypt. It is under active development and supports multiple encryption ciphers, including AES, TwoFish, and Serpent.
Sign up for MIS Asia eNewsletters.