A Novice’s Guide To Selecting Good Email Encryption

What Are The Main Things You Want From Email Encryption?

Well the list will be different I guess for everyone, but what I intend to provide here is a basic set of requirements for novices to email encryption and where you might obtain them from. Happy? Read on! You’re an expert and know it all? Skip to the next article.

Basic List Of Requirements

The subject of encryption for the average user can be very “dry” and complex, beyond the very basic understanding that it turns “clear text” into gobbledygook. However if you use the following criteria to select your product even the most novice user will make a wise choice. So here is the basic list of “must have” requirements;

  •  a strong recognised algorithm,
  • a properly implemented algorithm,
  • automated “key pair” management,
  • ease of use,
  • ability to send encrypted mail to anyone.

As a novice you may have spotted something already? That’s right, three of my “must have” requirements you have not got a clue about! How on earth would you as a novice know a strong properly implemented algorithm from a weak badly implemented algorithm? And what is “key pair” management?

So let me add one further most important requirement, one that will take care of all of the technical jargon and concerns;

  •  independently certified seal of approval

 

Where To Find Independently Certified Products.

So who do we trust to carry out this testing and certifying, computer magazines, online “experts”, local computer store, your mate the computer geek? Probably not, none of these are the best of ideas. In fact there are very few centres of excellence when it comes to encryption. The best centres of excellence are government run or funded. For reasons that are fairly obvious governments the world over have had a vested interested in and been big users of encryption products for years. Their technical knowledge and experience is unsurpassed. Both the UK and the US for instance have government sanctioned certification schemes for encryption products. Why? Because they both encourage commercial companies to develop products that can be used by government agencies with certain assured levels of protection.

 

Two organisations that certify encryption products are; CESG, CAPS approved products (UK) and NIST, FIPS 140-2 (USA). Although the latter NIST, only pays attention to the cryptographic module within the product, not the entire product. Look for these marks;

        CESG FIPS VALIDATED

 

Ease Of Use

Encryption products are by default complex therefore it is necessary that you ensure that the product you chose is very easy to use and understand. If you fail in this regard you will find that it hardly ever gets used beyond the first two or three uses, if indeed you are able to get that far.

Products that utilize identity-based encryption are something you should strongly consider. The reason why put simply is that you immediately ensure a link between the private data which you wish to securely share and the intended recipient. This helps negate the need to understanding “key pairs”. Maybe I should give you a brief explanation of “key pairs” here. A “key pair” is used to encrypt and decrypt data. One key is known as your “private key” the other is your “public key”. The “public key” is used to encrypt data that only your “private key” can decrypt.

ID-based email encryption products do this by making use of the sender’s and recipient’s email address.  The one thing that will be unique when emailing someone is his or her email address!

Immediately you can send an encrypted to someone without having to ask for their public key, you just created it! You didn’t even know you had! Brilliant! I’ll tell you how the recipient can decrypt the email next.

 

The Ability To Send An Encrypted Email To Anyone.

With ID-based encryption you can send encrypted emails to anyone. In the last paragraph I said you can send an encrypted email to someone without having their “public key” because you just created it based and linked to their email address. The software does it without you thinking about it. On receipt of the encrypted email the recipient will be direct to collect their private key from the secure online server. Authentication for this will also be their email address. They don’t even have to be current users of the email encryption product, so the ability to decrypt what you have sent them is totally free of charge! Furthermore they can now send you an encrypted email or reply to the one you just sent them also free of charge.

 

Summary

I hope this has help a little in your search for a sound email encryption product. What I’ve tried to do is point you in the right direction and not just give you the sales hype. With ID theft on the rise doing nothing about this security risk is not an option. Don’t keep sending your sensitive emails via the digital equivalent of a “postcard” send them via “registered post” an encrypted email. Oh I nearly forgot I said I would tell you were you might get a solid email encryption product one I have had experience of is Switch from Egress Software Technologies. You can read about the features and benefits of Egress Switch at http://www.egress.com/email-encryption/

 

This Guide to Email Encryption was provide by Andy Campbell. Andy is a Director at Reflect Digital a online marketing agency specializing in Technology and Legal markets.

Leave a Reply