Can You Make Your Email More Secure?

August 26th, 2009

LuxSci offers many options for email security. Whether it is PGP, S/MIME, LuxSci’s SecureLine end-to-end email encryption, or forced secure logins over SSL, LuxSci can guide you in making the best choices for secure and safe email.

End-to-end email encryption is one way to ensure that your email can only be read by the intended recipients. SSL and TLS connections are secure, but only to a point. While you can ensure that your users connect securely to LuxSci’s servers, who is to say that your recipient’s connection is secure? With LuxSci SecureLine, even if the recipient’s connection isn’t secure, you can be assured that your message is sent securely and can only be read by whom you intended.

How does end-to-end email encryption typically work?

Any user can send and receive a message encrypted using PGP or S/MIME without special or purchased tools, but it can require special knowledge or set up. One requirement is that both the sender and recipient have a PGP or S/MIME key to securely lock and unlock the messages sent to each other. PGP and S/MIME work by having a series of “keys”. If you wanted to send an email to someone you need to have their “public” key. The public key will encrypt the message so that only a user with the corresponding “private” key can decrypt it. You can think of it as a lock and key.

The sender has given the recipient(s) a locked message, but only the recipient(s) has the key. In this way there can be many “public” keys allowing anyone to send an encrypted [locked] message to this recipient. However, if the recipient wants to send an encrypted message back to you they will need your “public” key. If you don’t have a key, you can easily create one using LuxSci’s PGP or S/MIME certificate creation tool, which comes with SecureLine.

PGP or S/MIME?

PGP and S/MIME provide the same basic functionality, but which one should you use? Generally speaking S/MIME is more commonly used. This is largely because of its integration into many email clients, i.e. Thunderbird and Outlook. However, both clients do support PGP, though they may require a plug-in or extension to use it. While LuxSci gives you the ability to create both types of keys it is usually best to choose S/MIME for general compatibility reasons. This is, unless you know that those with whom you will be communicating with prefers and is able to use PGP encryption.

With SecureLine Escrow, you don’t even need PGP or S/MIME

SecureLine not only allows you to create PGP and S/MIME certificates, encrypt, and decrypt messages using these protocols, it also allows you to easily send messages to people who do not have any security certificates. We refer to this as SecureLine Escrow.

You create a message within the LuxSci Members’ Portal (this encryption can also be integrated into your email client via SMTP) and choose to encrypt it. You will be prompted for a secret question and answer. If a question and answer already exists for this user, domain, or account you have the option of modifying that.  There are several ways to notify the user of the answer to your secret question.  Besides the normal channels of communication, you may develop an algorithm so that the recipient will “know” the answer without being informed of it. Example: What is your account number?

With SecureLine Escrow, your message never leaves the LuxSci servers. The intended recipient receives an email notification with a link to securely pick up the message that you sent. Once the recipient fills in the answer to the secret question correctly, the message is revealed to them. They can even securely reply back to you. You can continue communicating with an unlimited secure message thread.

Thanks to SecureLine, you need not create a PGP or S/MIME keys to send the message securely, nor do you have to deal with distributing your keys to others and making sure that they have the proper software installed to use security.  SecureLine Escrow just works, for everyone, no matter what kind of email service they have or where it is located in the world. SecureLine by LuxSci makes it easy for you to safely communicate with anyone and everyone regardless of their email provider.

For more information PGP, S/Mime, and SecureLine take a look at the following links:

SecureLine Escrow:

https://luxsci.com/blog/send-a-secure-email-to-anyone.html

PGP:

https://luxsci.com/blog/pgp-encryption.html

Installing PGP or S/Mime certificates in your favorite email client:

https://luxsci.com/blog/installing-smime-and-pgp-encryption-certificates-into-major-email-clients.html