By now, you should be used to the fact that someone other than your intended recipient can read your emails at will. No, this isn’t a conspiracy theory or paranoia, U.S. government programs like the NSA’s PRISM are well-documented for their ability to indiscriminately gather massive amounts of information. The fact that the majority of web traffic passes through the U.S. doesn’t make the situation any better, either.
Of course, you may not be doing anything wrong, but unfortunately, you don’t have to be. In a world that lacks any real oversight with regards to who can access your private data, the only effective email security solution is to encrypt what you send.
OpenPGP based on former PGP, or Pretty Good Privacy, is a well-known, open-source Email-Encryption standard. Unlike other encryption methods, the fact that it has been openly published since its development in the 1990s actually makes users less likely to fall for man-in-the-middle attacks. For instance, trusting Microsoft’s Outlook 2013 encryption implementatoin or Google’s Gmail web client not to violate your digital privacy doesn’t work too well when these firms get subpoenaed for the information by secret courts. The ability to determine whether messages have been tampered with and ongoing source code development means that with OpenPGP, errors get found quicker, and potential exploits are corrected more readily.
How Does It Work?
Open PGP relies on a number of proven techniques; the most prominent of these is its use of keys. Every user who wants to send mail generates their own pair of keys, long strings of randomized code that are nearly impossible to crack. One of these keys must be kept private, but the other is a public code that you can share with anyone who wants to email you.
When you send a message, you encrypt it using the recipient’s public key. The text becomes garbled, and the recipient must use their own private key to decipher it. This system works both ways, and it allows anyone with your public key to send you a message that only you can read.
OpenPGP-compliant tools, like gpg4o by Giegerich und Partner, are designed to function well with existing email clients that use UTF-8 and other common character encoding standards. While data theft can still occur with any email system, businesses and private individuals gain quite a bit of protection by encrypting their information so that it can’t be used by the wrong parties.