End-to-end email encryption. What is it and how does it work?

What is end-to-end email encryption?

End-to-end email encryption is a method of transmitting data where only the sender and receiver can read email messages. With end-to-end email encryption, the data is encrypted on the sender’s system. Only the intended recipient will be able to decrypt and read it. Nobody in between can read the message or tamper with it. End-to-end email encryption provides the highest level of confidentiality and protection to your email communication.

What is not end-to-end email encryption?

For a better understanding of what end-to-end email encryption is, we must first understand what is not end-to-end encryption.

  • SSL/TLS – When you visit https://www.gmail.com, the HTTPS in front of the URL denotes that SSL/TLS protocol has been used to encrypt the data transferred between your computer and the Gmail servers. This protocol is much more secure than HTTP (without “S” = not secure). Most websites adopted SSL/TLS to protect against malicious intermediaries. The downside to relying solely on HTTPS, is that data is only encrypted between your device and the Gmail servers. Gmail has the keys to decrypt that data.
  • SMTP over TLS (STARTTLS) – Lets take the case of a Yahoo mail user that sends an email to a Gmail users.  When you send an email with SMTP over TLS between these two mail services, the message between the two servers is encrypted. Consequently on a condition that the recipient server also supports SMTP over TLS (which Gmail does). Using STARTTLS is a good practice, however several attempts are made to ‘portray’ this as the ultimate email security and privacy solution. In our opinion STARTTLS is not good enough since both the sending and receiving server have access to the message content. Moreover, not all receiving servers support STARTTLS.

Because of the imperfections of SSL/TLS and STARTTLS, end-to-end encryption remains the only secure way for your email communication.

How does end-to-end email encryption work?

end-to-end email encryption

Source: https://en.wikipedia.org/wiki/Pretty_Good_Privacy

End-to-end email encryption requires both sender and recipient to have a pair of cryptographic keys. There is one private key and one public key. The sender encrypts the message locally on his device using the recipient’s public key. The receiver decrypts it on his device using his private key. The process works as follows:

  1. Alice (sender) and Bob (recipient) both generate their key pairs and share their public keys with each other. They keep their private key ‘private’ as the name suggests. You only need to generate your keys once when creating an encrypted email account.
  2. Alice encrypts the message using Bob’s public key in her device and sends it to Bob.
  3. Bob receives the encrypted message on his device and decrypts it using his private key.

With real end-to-end encryption, also called “client-side encryption” or “zero access”, encryption and decryption happen on the users’ devices. End-to-end encryption thus prevents any intermediary from reading user data and guarantees the confidentiality of the data much more than SSL/TLS or STARTTLS.

How to send an end-to-end encrypted email using Mailfence

end to end encryption

Sending and receiving signed and end-to-end encrypted emails using Mailfence.

Yes, Mailfence makes end-to-end email encryption super easy!  No plugins, no key management in separate key-stores,…

It is just like any other webmail service, but secure and private. Easy, fast and very convenient for everyone who values their privacy.

Advantages of End-to-End email Encryption

End-to-end email encryption has the following advantages:

  • Privacy: The content of your emails and the attachments are protected from anybody else than the intended recipients. It protects you among others from threats of hackers taking hold of the data transfer by eavesdropping on Wi-Fi/or other channels.
  • More security and authenticity: End-to-end encryption can be combined with digital signing. A digitally signed and encrypted email proves that the sender is indeed the ‘true’ sender of the message. It also guarantees that message is not tempered with during transit. If you want to find more about digitally signed emails in our next post.
  • Say NO to mass-surveillance : End-to-end encryption protects your messages against mass-surveillance. Check the strong case for encryption post by one of the Mailfence founders.

Why have I not used it before?

End-to-end email encryption has existed for decades. The low adoption has several explanations. First, it is not in the interest of mainstream providers to support end-to-end encryption as their business model depends on advertising and selling user data. Secondly, our governments want to be able to keep a check on our communications. Last but not the least, end-to-end encryption has traditionally been hard to implement and difficult to use and understand.

See also:

Secure email: Why end-to-end encryption is at the heart of itOpenPGP encryption best practices, Symmetric vs asymmetric encryption, Password encrypted messages

At Mailfence, we have designed an easy to use end-to-end encrypted email.  We believe that users have an absolute and irrevocable right to internet privacy.  In case you want to leave either Yahoo Mail, Gmail or Outlook, that do not offer end-to-end email encryption.

Join the fight for online privacy and digital freedom.

Get your secure email

Don’t forget to follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Avatar for M Salman Nadeem

M Salman Nadeem

Salman works as an Information security analyst for Mailfence. His areas of interests include cryptography, security architecture and design, access control and operations security. You can follow him on LinkedIn @mohammadsalmannadeem

You may also like...