Updated: Jun 12
What is email encryption?
Email Encryption is a way of using a string of characters, called an encryption key, within an encryption algorithm to convert an email from a readable format, to unreadable code. Once encrypted, a decryption key is needed to decrypt the data and convert it back to readable code.
Why do I need encrypted email?
Take a minute to think carefully about of what type of information you, or your employees have sent by email and what you might send in future. Does this include confidential information regarding your company, customers, family, or yourself. Now consider what the consequences could be if those emails were intercepted by Cyber Criminals or by someone with ill intent.
Email encryption prevents the content and attachments of email messages from falling into the wrong hands. With end-to-end email encryption only the sender and the intended recipient will be able to decrypt and read the encrypted email messages.
How do I encrypt email and send encrypted email and attachments?
To encrypt and send encrypted email, you will need an email service provider with encryption capability.
You need to ensure that you use an advanced encryption service. Keep in mind that encryption is only one part of the factors that you will have to consider when securing your email.
You need to ensure that you use a service provider with high levels of encryption, that will keep your email secure and encrypted, not only while the email is “in transit”, but also while on their server and when you delete an email, that it is truly deleted.
CTemplar is a service provider who has taken multiple factors into consideration when they designed their system.
CTemplar uses the proven encryption algorithms of OpenPGPjs to apply 4096-bit RSA encryption to email and contacts. The encryption is end-to-end, so all data is encrypted between the sender and receiver, even while stored. The only places where the data will be in a decrypted state is at the sender and at the receiver.
The user’s password is used to unlock the private key on the web client, and then that private key is used to decrypt the user emails on the client-side. When the user creates the password, the user’s password is salted and hashed.
The password is salted by creating random data that is unique to each user, that is saved with the password and used in the hashing process of both storing and verifying the password. For hashing, a key is used in conjunction with the password and the hash value is then derived from the combination of both the password and the key, using an algorithm. Because of this and the fact that only the user knows the password, even the CTemplar server does not have any way to see the content of user emails.
The hosting servers are in Iceland, which have some of the strongest privacy laws in the world. Iceland has no data retention laws for webmail, so when you delete an email, it is instantly deleted on the server and no backups are kept. There is also no law in Iceland that specifies that IP addresses must be tracked, so your IP will not be logged when you use their service. As an added bonus, they also offer completely anonymous signup to their email services.
Iceland is not part of the 14-Eyes coalition of countries with surveillance alliances, who are forced to share private citizens’ personal information between the other countries under this agreement. For more information regarding the 5-Eyes, 9-Eyes and 14-Eyes coalition of countries also see our article : My Privacy on the Internet
How to send an encrypted email using CTemplar
For the best experience, it is recommended that both the sender and the receiver subscribe to CTemplar’s service, although it is not a requirement.
If all the recipients of an email are CTemplar users, then they use their private key to decrypt the email. The email is encrypted in such a way, that only the intended recipients of that email will be able to decrypt it.
If the recipients are non-CTemplar subscribers, then an encryption password and a hint for the password can be set by the subscriber. The recipients will then receive an email with a link. When the recipient opens that link, they will be redirected to CTemplar’s web client. They will be asked for the password that the sender used to encrypt the private key. Upon entering the correct password, the content of the email will be decrypted. They can then reply to that encrypted message from there, without the need to sign-in. This allows full end-to-end encrypted email with non-CTemplar subscribers.