PGP Encryption

Is PGP Encryption Still Working for You?

Cryptography, today is essential to secure the internet, corporate cybersecurity, and blockchain technology but it has been around for thousands of years. The first recorded use of ciphers - the "Caesar Box,” - used by Julius Caesar to send secret messages to his generals in the field, dates back to around 100 BC. Since then, there have been several advancements in the field.

Today, we are focusing on PGP or “Pretty Good Privacy”– a common and widely used encryption method to encrypt emails and attachments.

What is PGP Encryption?

First designed and developed in 1991 by Paul Zimmerman, PGP encryption is used to decrypt and encrypt emails and authenticate email messages through digital signatures and file encryption. Over the years, PGP has been improved and updated.

PGP uses a mix of encryption methodologies such as hashing, data compression, symmetric private-key cryptography, and asymmetric public-key cryptography. It is widely used to secure sensitive text files, emails, data files, directories, and even disk partitions!

How Does PGP Encryption Work?

PGP encryption involves converting a plain text message into a complex code of unreadable characters or ciphers, which is then decrypted by the recipient using PGP technology. Both the sender and the recipient will have a public PGP encryption key that can be shared with everyone and a private key that is known only to each user and should be kept secret. The public key encrypts the message or file, while the private key decrypts. The sender must know the recipient’s public key in order to send messages.

To simplify, let us consider a scenario. Alice wants to send an encrypted private email to Lucas. This is how it works when both Alice and Lucas use the PGP encryption mode.

  • Lucas generates both a public and a private key and shares the public key with Alice.
  • Alice encrypts the email using Lucas’ public key and sends the private encrypted message to Lucas.
  • Lucas decrypts the message using his private key.

The math behind this is a three-step process:

Step 1: PGP generates a random, one-time-use, public encryption session key. As it’s a huge number, it cannot be easily guessed.

Step 2: In the backend, when the sender is about to send the email, the PGP technology encrypts the session key using the recipient’s public key, which protects the message while in transit. This public key is tied to the recipient’s identity and anyone can use this key to send a message to that particular recipient.

Step 3: The sender submits their session key, and the recipient can then decrypt the message using their private key.

How PGP Ensures Email Security and Authenticity

At a basic level, PGP encryption uses two forms of encryption – symmetric key encryption and public-key cryptography (based on asymmetric cryptography). In symmetric key encryption, a sender must share the encryption key with the recipient in plain text. But sharing it publicly would make the whole process insecure, right?

Wrong.

That’s why PGP encryption encrypts the symmetric key using the (asymmetric) public-key system, combining the efficiency of symmetric encryption with the security of public-key cryptography. Encryption is a long process. However, PGP makes it faster by first compressing the plaintext data, which saves space and transmission time. The public key is then used to encrypt this shorter version.

When it comes to ensuring the authenticity of the sender, PGP’s RSA algorithm creates a mathematical formula of sorts, which in technical language is referred to as a hash. This hash code is encrypted by the sender’s private key while the recipient uses the sender’s public key to decrypt the hash. Only when it matches with the one sent by the sender, the message decrypts for the recipient, confirming that the message was securely received.

Uses of PGP Encryption

So, in essence, there are three main uses of PGP encryption.

  1. Encrypting emails
  2. Verifying the identity of the sender
  3. Encrypting files stored on a local device or the cloud

Limitations of PGP Encryption

Security factors aside, there are, however, a few limitations with PGP encryption.

  • Complicated process: The users using PGP encryption need to be technically sound at least at some level to understand how to use it. If the users are not aware, they might risk introducing some security holes that would jeopardize the whole process. For instance, phishing remains a top concern for organizations, and PGP cannot protect you if your devices or accounts are compromised!
  • Time-consuming: PGP encryption might be one of the most secure modes available, but it isn’t user-friendly. It requires significant time and effort to set up and train users on it.
  • Not anonymous: PGP only encrypts messages and not subject lines – so that is a loophole out there for hackers to exploit. Plus, messages sent using PGP can be traced back to the sender and recipient. So those who wish to hide their location, for whatever reason, cannot rely on PGP.
  • Compatibility: Unless both the sender and the recipient use the same version of PGP, it is impossible to use it.

This makes you wonder if there is any email encryption that can get past these limitations. RMail, an email security solution from RPost is your best bet.

How RMail Protects Your Emails

RMail has what we call an “AI brain” that uses dynamic double-layered encryption protocols to secure your emails. RMail adapts smartly per the encryption modes offered by the users’ email clients and switches the email encryption accordingly – without bothering either the sender or the recipient. Let’s delve deep into how it works.

Once you install the RMail add-in, you can see the “Send Registered RMail” button in your email client’s new message compose window. RMail works for most of the email clients – Outlook, Gmail and other specialized platforms like Salesforce, Zimbra, Zola Suite, etc. And though the principles of encryption remain the same, here we will focus on Outlook.

RMail offers two email encryption modes.

Transmission level encryption

It’s RMail’s default encryption mode for encrypting emails. The transmission level encryption feature transmits the message encrypted using a configurable level of TLS or Transport Layer Security and auto decrypts the email and attachments for the recipients. Your recipients do not need to enter any password, click any link, or install any software to decrypt the message.

With transmission level encryption, the email will be sent encrypted right to the recipient’s inbox with a banner that says “Registered Encrypted” email and a text which will tell them that the email was sent encrypted. RMail also enables the recipients to reply securely as well with the “secure reply” option, which when clicked, will lead them to a secure, pre-addressed, and auto-composed page.

Transmission level encryption
Message level encryption

Message level encryption

If your recipient’s email client does not have TLS or has a lower level of TLS than the minimum TLS threshold, the email will automatically revert to RMail’s “message level” encryption option. It automatically wraps the email content and attachments inside an AES 256-bit encrypted PDF to guarantee 100% encryption, unlike other email clients or encryption options, where some of the emails go out unencrypted. What this means is that the message and all attachments remain encrypted within the recipient’s email inbox, and are encapsulated inside a PDF file. These can be read only after decrypting in the recipient’s PDF reader (outside of the inbox). If the recipient saves the file, it would remain saved in the encrypted file format, unless the recipient extracts the attachments and chooses to use them as normal files. This end-to-end, 256-bit, AES encrypted PDF wrapper keeps one’s message and any attachments private from start (while sitting in the outbox) to finish (even while sitting within their inbox), so only the recipient can read them.

In message level encryption mode, you have an option to create a password for your recipients or let RMail autogenerate one. Your recipients will get a password in their email along with the end-to-end encrypted message or attachment. RMail also offers a third option to allow your recipients to set their own decryption passwords. Your email will stand out in the recipient’s inbox thanks to the Registered Encryption markings in the subject line and the email body.

What Really Makes RMail Far Superior to PGP

Unlike PGP, RMail is extremely user-friendly and does not require you to undertake complicated steps. What makes it special are these capabilities.

Hijack Protection

RMail ensures privacy even in the extreme event of the recipient mailbox being hijacked, with the messages and attachments remaining encrypted-at-rest in the recipient inbox. The attachments can be opened outside the email inbox in any browser or PDF reader. Plus, they are embedded inside the encrypted PDF, which is also accessible from a button, and are digitally signed.

 

Encrypted Email
Protect-the-Thread

Protect-the-Thread

RMail enables the encryption of not just a standalone email and attachments but the entire email thread itself. You can easily erase sensitive content from an email thread to eliminate the risk of data leaks with unsecured replies and forwarded email chains. RMail’s Protect-the-Thread™ module makes it easy to secure content through the future life of sent emails, including disabling the ability for a blind copy recipient to mistakenly (or embarrassingly) reply-all.

 

Anti-Whaling

Businesses today are plagued by the growing Business Email Compromise (BEC) email impostors who use a familiar-looking domain name and email address of an authentic recipient to trick employees into sharing highly sensitive information. For instance, instead of “david@northendassoc.com,” your employees might get an email with a clever misspell like “david@nothendassoc.com.” (Missing an “r”). Most of the time, such errors are difficult to make out and are overlooked, resulting in data breaches and even falling out of compliance, causing companies to incur costs, fines, and loss of brand value.

RMail’s “Domain Age Detector” alerts the sender right before they are about to reply to one of these newly created domain lures. It identifies newly-created “lookalike” domains and offers insights in milliseconds after the user clicks the send button, offering protection from phishing attacks and wire frauds.

Domain Age Detector
RMail Recommends

RMail Recommends

RMail’s AI-infused feature “RMail Recommends” prompts you to encrypt your emails right before you send them, offering protection against data leaks. Set up to run inside the Microsoft Outlook, the AI engine learns from user behavior and adapts over time!

A Better Way to Secure Your Emails

Choosing RMail’s dynamic encryption over other options like PGP brings several benefits for businesses:

  • Simple to install and use
  • No extra training for your teams
  • Raises cybersecurity awareness for your staff
  • Delivers in-the-moment secure email recommendations
  • Prevents important emails from going out unencrypted, which could be a bigger risk in terms of fines and reputation

Most of all, it is much more affordable at scale compared to buying and exchanging security certificates online. Try it to send secure emails for free!