Encrypting Email Messages with PGP
iGolder offers built-in
encryption to protect your email privacy. Receiving encrypted emails is easy: simply visit the page
Emails and Aliases and enter
your PUBLIC PGP KEY associated with your email
After you click on the link Set PGP Key, you will see the following window
where you can enter your PGP Public Key:
If your PGP Public Key is valid, then iGolder will display the following
PGP Key Set Successfully
Your PGP key was set successfully. An encrypted email message was sent
to email@example.com. If you can read it, it means the encryption and
decryption process is successful. If you cannot read the encrypted message
iGolder sent you, simply delete your PGP key by leaving the field blank.
By default, iGolder sends you color-rich email
messages in the HTML format. Uncheck the option HTML (see screenshot above) if
you prefer to receive plain text messages because your mail client cannot render
(display) HTML messages or your PGP decryption software has difficulties
decrypting HTML messages. iGolder will also send you a confirmation email message each
time you change mail format (HTML or Plain Text), so you can see which email
format you prefer to read.
Reading PGP-Encrypted Emails
If you are new to
PGP, you will need to use some special software to decrypt
the PGP messages sent to you. Since we are using Outlook 2007 as our email
client, we had to search around to find a good software plugin capable to handle
automatic PGP decryption when new email messages arrive.
After trying different software packages, we settled for
PGP Desktop Email. The
price we paid for PGP Desktop Email is a bit hefty, $164, however it was
the only software capable to handle an encrypted
SSL connection for sending and
receiving regular (non-encrypted) email messages. Most plugins are capable
to automatically encrypt PGP messages, however those plugins are incapable to
send email messages using a secure connection via SSL. SSL adds another
layer of privacy, since PGP encryption can only encrypt the body content of an
email message; it cannot encrypt the email subject, nor the email headers
(from, to, cc). Without SSL encryption, anyone listening to your Internet
connection, including your ISP logging your email activity, can easily figure
out what is your business. Also, most emails we send (over 99% of them) cannot
be encrypted because we do not know the public PGP key of our customers.
As a result, we wanted a software solution capable to support PGP
encrypt/decryption and use SSL encryption for sending and fetching email.
Installing PGP Desktop
The installation of PGP Desktop Email is simple and easy: you download
a 30 MB file and the installation is a few mouse click. Once you reboot
your computer, you will see a small icon in the Tray (at the bottom left of your
To receive PGP encrypted emails, you need to have a PGP Key so others can use
your public key to encrypt messages for you. There are two keys for PGP:
one key to encrypt the message and another key to decrypt the message. You
publish your public key so people can encrypt messages to you, and you keep your
private PGP key for decrypting your messages.
Generating a PGP Key
From the File menu, select New PGP Key...
For extra security, you supply a password to your private PGP key. This
way, if someone gets a hold of your private PGP key, he still need to know your
password to read your email messages.
After generating your key, PGP Desktop will offer the option to publish your
public PGP key to a Global Directory. You may skip this option and do it
later by selecting Publish to Global Directory menu item.
Once your PGP Key is generated, it will appear in the PGP Keys section
as in the screenshot below.
To send our public PGP key, simply select Copy Public Key which will copy
your PGP public key to the clipboard so you can paste it to an email message, or
select Export which will save your PGP key to a file having the extension .asc,
such as iGolder.asc.
In the example above, the public key for contacting iGolder is:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Desktop 10.0.0
-----END PGP PUBLIC KEY BLOCK-----
How to Secure Email Using SSL and PGP
By default, PGP Desktop will work flawlessly without any modification to your
email client. PGP Desktop listens to the network ports 25 (SMTP) and 110
(POP). Any email you send via the SMTP port is intercepted by PGP Desktop,
and encrypted if a public PGP key is found, otherwise the email message is sent
in clear text as usual. PGP Desktop is smart enough to replicate the email
message to the number of recipients. For instance, say you send a message
to a business partner having a PGP key and CC to someone without a PGP key, then
PGP Desktop will send an encrypted message to your business partner and sent an
identical unencrypted message to the other recipient.
The challenge however is sending PGP-encrypted emails via a secure SMTP port.
If your email client already sends emails via another port than the standard
SMTP port, then PGP Desktop may not be able to intercept the message and encrypt
it. Besides, any SSL encryption established by your email client will be
also encrypted to PGP Desktop, meaning PGP Desktop will be unable to intercept
the email message and encrypt it with PGP. The solution is to configure your email client to
send all the mail through the standard SMTP port 25, and have PGP Desktop to
communicate with your SMTP server via SSL/TSL.
If you are using other email client, feel free to
to learn how to secure your email using SSL.
According to the documentation, the incoming server (POP3) should use port 110,
so PGP Desktop can decrypt incoming emails. This is optional because PGP Desktop also decrypt
emails when you attempt to open a message, so
there is no need for PGP Desktop to intercept POP communications. The
benefit of using port 995 (secure connection) is peace of mind in case you exit
PGP Desktop and your email client attempts to fetch your new emails.
The option This sever requires an encrypted connection (SSL) forces the connection to be secure.
This is what makes sure your POP communication is secure.
SMTP Proxy Settings using SSL
Once your email client is configured, you have to configure PGP Desktop to
use SMTP over SSL. In the PGP Messaging, click on Server
You will then see a dialog to configure your proxy server. Make sure you
select port 465 for SMTP and Require SSL to force a secure connection.
In the example below, I use the server name
www.iGolder.com, so I
can reuse the same SSL certificate as for securing the website
our email connection uses
encryption which is as secure as when visiting
HTTPS). If you use
a subdomain like mail.iGolder.com and smtp.iGolder.com, then you may have to
purchase another SSL certificate.