Millions of emails are sent over the Internet around the world every day. The sender and recipient use a wide variety of email programs for this. The underlying email providers use different nodes on the Web Web to send the message, where the email is navigated and forwarded until it reaches the receiving email program. The email can then potentially be read along this route in the – not generally encrypted – Internet. We have summarized why this can be the case and how you can avoid it in this specialist text.
By the way, one way to get around much of these security hassles with sending e-mail is to leverage a service to send e-mail for you. If interesting, you’ll want to check out this review at ThirdPartyModules.
E-mail confidentiality : use encryption
A distinction must be made between two types of email encryption: point-to-point or transport encryption and end-to-end encryption—the following shows where the key difference lies.
With transport encryption, a connection is established between the email program and the server, and this is encrypted, for example, using the widely used ” Transport Layer Security ” ( TLS ) protocol. All data that is exchanged between the two communication partners is then encrypted during transmission. The email is forwarded when shipping via different nodes on the Web Web to the recipient. Both the email -Anbieter also lies at the nodes of sending thee-mail then in plain text. Internet criminals could also launch a “man-in-the-middle attack” that targets these issues. If such an attack is successful, the email can be intercepted, copied, or modified.
In contrast to transport encryption, with end-to-end encryption, it is not the individual sections in the transmission channel that are encrypted, but each personal email itself. Only the sender and recipient can read the email in the exact text if they have the necessary key. Neither the email providers involved can read the email, nor do potential attackers have the opportunity to manipulate the emails on the go. Such means that only this technology fulfills the three goals of encryption on the Internet: confidentiality, authenticity, integrity.
Of course, transport encryption is preferable to unencrypted communication, but it is advisable to use end-to-end encryption, especially for sensitive or personal content. So far, the use of this cryptography technique has been tedious. The user had to be active with the end-to-end encryption to be able to use the technology. However, this has been simplified in a trend-setting manner with a protocol developed by the Federal Office for Information Security and made more accessible to users, as you can read in the section “Email encryption: key exchange made easy. “
Generate and exchange key pairs
When it comes to encryption methods, a distinction is made between symmetric and asymmetric methods. With both ways, keys must be exchanged between the communication partners to use them to encrypt and decrypt the messages. The techniques differ in how many tickets are generated and which can be publicly disclosed. With the symmetrical encryption method, the same key is used by the sender and recipient to encrypt and decrypt an email. This key must be exchanged between the sender and recipient securely before the actual communication and must be kept secret by both. For the encryption of messages within large and open user groups, as is the case with email, symmetric encryption is not suitable because of the problematic key distribution. However, it has the advantage of being able to encrypt and decrypt large amounts of data quickly.
In the asymmetric encryption method, a pair of private and public keys are generated. Most email programs or their plugins do this supported. The private key is only used by its owner and is kept secret. The associated public access from the same owner is made available to all potential communication partners. The public key can be compared to a conventional open padlock, which can be locked by anyone but can only be opened again by the associated private and secret key owner. To transmit a message securely, the sender locks the message with the recipient’s public key. He or she can then only open and read the email with the private key.
Use digital signature
The integrity of an email
The asymmetric encryption method can be used to secure the integrity of a message. For this purpose, the sender calculates a checksum from the news. This checksum is encrypted with the sender’s private key and results in a digital signature that can be compared with a signature or a seal. This signature is attached to the email and sent. Such is compared with the checksum that was previously calculated. If both checksums match, the message was inevitably not falsified en route, i.e., the integrity was preserved. Important: Please do not confuse this with the email signature consisting of, for example, your name and your web address, which you can attach to an email.