Millions of emails are sent around the world via the internet every day. The senders and recipients use a huge variety of e-mail programmes to do so. In order to send messages, the e-mail providers that underpin this in turn use a wide variety of hubs online to which the e-mails are sent and forwarded until they reach the recipient's e-mail program. Along these paths through the (generally unencrypted) internet, the e-mail can potentially be read. We have summarised why this is so and how it can be avoided in this specialist article.

Confidentiality of e-mails: Using encryption

A fundamental distinction must be made between two types of e-mail encryption, point-to-point, also known as transport encryption, and end-to-end encryption. The difference between these is presented below.

Transport encryption

With transport encryption, a connection is created between the e-mail program and the server, and this is encrypted using, for example, the widely used "Transport Layer Security" (TLS) protocol. All data that is exchanged between the communication partners is then encrypted during sending. When sent, the e-mail is forwarded via various hubs online to the recipient and is not necessarily encrypted at or between these points. At both the e-mail provider and at the sending hubs, the e-mail is then available as plain text. Internet criminals can also launch a "Man-in-the-Middle-Attack" targeted at these points. If this type of attack succeeds, the e-mail can be intercepted, copied or altered.

End-to-end encryption

Unlike transport encryption, with end-to-end encryption it is not the individual stages of the sending channel that are encrypted, but rather the e-mail itself. Only the senders and recipients can read the e-mail as plain text, provided they have the necessary keys. The e-mail providers involved cannot read the e-mail, nor do potential attackers have the opportunity to manipulate the e-mail en route. This type of technology therefore fulfils the three goals of using encryption online, confidentiality, authenticity and integrity.

Of course, transport encryption is preferable to using unencrypted communication, but for sensitive or personal content in particular, it is advisable to make of a point of using end-to-end encryption. Up to now, using cryptographic technology has been rather laborious. Users had to actively apply end-to-end encryption themselves in order to be able to use the technology. However, amongst other advances, a protocol developed by the Federal Office for Information Security has now made pioneering strides towards simplifying the process, thereby making it more accessible to users, as you can read about in the section "E-mail Encryption: Key Exchange Made Simple".

Creating and exchanging key pairs

A distinction is made within encryption processes between symmetric and asymmetric processes. With both processes, keys must be exchanged between the communication partners that can then be used to encrypt and decrypt the messages. The difference between the technologies is based on how many keys are created and which can be publicly distributed.

With symmetric encryption processes, the same key is used by the sender and recipient to encrypt and decrypt an e-mail. This key has to be exchanged before the actual communication in a secure channel between the sender and recipient, and it must be kept secret by both of them. Because of the challenges involved in distributing keys, symmetric encryption is not suitable for encrypting messages within large and open groups of users, as is the case in e-mail correspondence. It does, however, have the advantage that large amounts of data can be encrypted and decrypted rapidly.

With asymmetric encryption processes, a pair of keys, one public and one private, is created. This is supported by most e-mail programs or their plugins. The private key is only used by these owners and is kept secret. The associated public key of the same user is made available to all of their potential communication partners. The public key can be compared to a conventionally opened padlock, which can be locked by anyone but can only be reopened by the person who has the associated private key, also known as the secret key. In order to send messages securely, the sender locks the message using the public key of the recipient. This recipient can then only open and read the e-mail using the private key.

Using digital signatures

Integrity of an e-mail

Asymmetric encryption processes can be used to secure the integrity of a message. To do this, the sender calculates a checksum for the message, which is unique to this e-mail and can be compared to a fingerprint. The checksum is encrypted using the private key of the sender, thereby creating a digital signature that can be compared to a signature or a seal. This signature is attached to the e-mail and sent. The recipient decrypts the signature using the public key of the sender, thereby receiving the checksum of the e-mail. This is compared to the previously calculated checksum. If the checksums match, then it is confirmed that the message has not be tampered with en route, so the integrity is guaranteed.

Important: Please do not confuse this with your e-mail signature, which consists for example of your name and website address and which you can attach to your e-mail.

Authenticity of an e-mail

A signature is used as evidence that a document has really come from a certain person. Its authenticity is therefore proven. Similarly, an e-mail can be signed with a digital signature, as described in the previous section on integrity. If the key pair belonging to an individual is also officially and demonstrably associated with an e-mail address, and if the integrity check of the signature is also successful, it is also ensured that the message does in fact come from the e-mail address that belongs to the key pair. This allows the authenticity of the sender to be guaranteed. Thus, an encrypted and signed e-mail is comparable to a letter that has been sealed and stamped by the sender.

"E-mail Encryption in Practice" clarifies what exactly you have to consider if you want to protect your messages.