How to encrypt Gmail to secure your emails?
Encrypting your gmail account is necessary for the safeguarded transfer of confidential information. If you haven’t done it yet, your not alone. Listed below are the guidelines that will help you to conduct this process better. Let’s get started.
What Encryption Gmail Currently Provides?
Google uses OSI model layer 4 Transport Layer Security (TLS) to encrypt emails in transit. But OSI model layer 4 ATLS depends on both the sender’s and recipient’s email provider, so it won’t work in some situations.
TLS is a type of point-to-point encryption but TLS is not end-to-end encryption when you send a Gmail encrypted email, your browser makes the connection Google’s server and establishes a secure connection. The message is encrypted and will be delivered to the server and decrypted. The server repeats this process with the next available server until it reaches your recipient’s server.
Since TLS is not an end to end encryption, this risk doesn’t fall in favour of providing complete security to all the Google email encryption plugins. The best solution to eliminate this problem is by including a 3rd party encryption plugin or you can find a type of provider that indulges in a one click encryption. By doing this, you are also allowing users to send emails to those recipients who don’t even have any encryption solutions from their side.
1. Use SecureGmail
SecureGmail is a Chrome extension that allows its users to send encrypted emails and it will work with their Google accounts.
Blending encrypted emails within a SecuredGmail process
Before you can send encrypted emails to the SecureGmail, there are 3 steps to be followed:
- Download and install SecureGmail extension via Chrome
- Once installed, Click the lock icon beside the ‘Compose’ button
- Lastly, click the lock icon for the emails you will be creating which needs to be in an encrypted format.
Let’s understand this better with an example:
1. Click on the compose button as you would generally do to send an email. Ensure that the lock button next to it is also clicked as it signifies that the email your sending is in an encrypted format.
2. The above image explains you how you can recognise whether the email your sending is in an encrypted format or not. When you click the lock icon, you will be able to see the red image above. Once you draft the details, you hit the ‘send encrypted’ button.
3. Lastly, as soon as you hit the send button, a pop up such as the above image shown will appear. Here is when your encryption comes into form. Type the password and the hint for it so that your receiver can view the encrypted format of your message.
Decrypting your SecureGmail
Before decrypting, the content of the email is unreadable. To decrypt the encrypted email, the receiver needs to install SecureGmail on their Chrome browser too.
When they receive the encrypted email, there will be a clickable ‘Decrypt message with password‘ link like the following:
- Click on the link and it will ask for the password that the sender set earlier. After putting in the correct password it will display the email.
SecureGmail only works on the Chrome browser for now. The receiver too has to install the extension in order to decrypt the encrypted message (a small hassle). In such cases it becomes difficult to directly reply to that encrypted email. Hence you need to compose a new email. Remember,the email cannot be saved as a draft when composing it in an encrypted mode.
In conclusion, SecureGmail is a good replacement to send encrypted emails. And compared to SafeGmail, SecureGmail has an easier way to decrypt the encrypted email as you do not need to leave the page to decrypt it.
2. Google’s S/MIME encryption
S/MIME (Secure/Multipurpose Internet Mail Extensions) does encryption in transit and encrypts your outgoing emails.
But there is one possibility: for S/MIME encryption to work, both the sender and the receiver have to have it enabled.
Now both the sender and the recipient will have to exchange information called “keys” to uniquely recognize each other.
Once you complete the keys exchange, here is how to use S/MIME to send encrypted messages:
- Click on compose a message as you normally would
- Add a recipient
- At the right of the receiver, there will be a small lock icon. The small lock icon will vary depending on the level of encryption supported by your recipient.
If you need to send one of your emails to a larger audience, the icon will show the lowest encryption capability depending on their encryption levels available.
Open the lock and then “View Details” to change your S/MIME settings.
To verify if a message you received was encrypted, there are a few more steps to complete:
- Open the email
- Click the arrow facing downwards which will appear on the right side of the senders list
- In order to find the type of encryption the email contains, the colour of the lock will help you to identify.
Types of coloured locks in S/MIME Encryption Levels
The colours Red, Green and Gray determine the type of encryption levels being used.
Red: There was no encryption whatsoever. If that’s the case, try and avoid from sending any personal information until you are able to securely encrypt your email.
Green: That your message is protected by S/MIME enhanced encryption. The receiver can only decrypt the email with the private key.
Gray: If the coloured lock appears gray, this means that the email is on the form of a TLS encryption. Which means the message being sent from one server to the other is in a protected form. The drawback here is TLS encryption is only valid if both the sender and the receiver supports such kind of encryption themselves.
Flowcrypt is available for Firefox or Chrome extension and includes a ‘Secure Compose’ icon to your Gmail’s interface. It encrypts your email with industry-standard Pretty Good Privacy (PGP) encryption. Your receiver can use any email service provider as long as it supports PGP, yet you are required to share your private key for them to decrypt the email. Then again, you can set a secret key, however, you will be required to share the password or secret key with the receiver.
Let’s understand this better with an example:
1. FlowCrypt gives you an additional option to create your emails via its ‘secure compose’ button. Type in your receiver’s name and draft your message. On completion, click on the ‘encrypt and send’ option below.
2. In Flowcrypt you can send emails to recipients who don’t even use this tool. As you can see, you can add more members in this process or even reply to them all as well as forward the concerned around, all this through an encrypted format.
3. Don’t worry about the attachments you send since that too will be covered under the encrypted blanket. The only way your receiver can view it is by decrypting it with the password you share. The great part here is that only the person you send to can view it which means no more peeks allowed.
4. SecureMail ( View the example under ‘Use SecureGmail’ ABOVE)
SecureMail was developed for Google Chrome users only, it works similarly to Flowcrypt. Once the extension is added, a small lock icon will appear next to the ‘Compose’ button. Ensure that the icon is clicked before you begin to address any email. If you fail to conduct this step, your email will not be sent in an encrypted format.
In SecureMail, ensure that you have set up a password and a password hint for the recipient to decrypt your email. These should be shared with your receiver through another mode of communication. To decrypt the email receiver will also need SecureMail extension.
Once the extension is added, a small lock icon will appear next to the ‘Compose’ button. Ensure that the icon is clicked before you begin to address any email. If you fail to conduct this step, your email will not be sent in an encrypted format. In SecureMail, ensure that you have set up a password
Mailvelope is another Chrome extension that provides PGP encryption, but you need to have a bit more technical knowledge to set up.
You can import your public and private keys straight into Mailvelope if you are already using PGP encryption.
If your not availing the PGP encryption then you might as well can create a new one for the encryption to function upon. This can be conducted when you share your public key with the recipients public key alongside capturing its public keys in Mailvelope. When you upload this on a public key server such as the PGP Global Directory or the MIT key server, your public key can be shared as well.
Let’s understand this with an example:
1. Go to your extension to add Mailvelope. Once downloaded you can see an icon of a key lock on the top right hand side of the page.
2. Clock on the key lock option and choose the add button. Here is when your private or public keys will be generated.
3. Click on setup and if your a new user, you will hit the ‘generate key’ button. If you have a key already, you can easily import it.
How to generate new key?
1. When you generate your new key, it will look like the above. Fill in all the details carefully.
2. Once completed, click on submit.
3. To view the key you’ve just created, click on ‘Key Management’, then ‘Display Keys’ and you’ll find all the information.
How to import the key?
It requires a step where you can go to ‘Key Management’, then click on ‘Import keys’ and finally paste the key you wish to import followed by clicking the’ Import’ button in the end.
After the completion of these steps, you can now draft an encrypted email with Mailvelope.
Let’s understand this process better with an example:
1. Mailvelope will create an option right next to the ‘Compose’ button, once you click on it, a new window will open up. Compose your email and then click encrypt.
2. Add the receiver and copy the encrypted text into Gmail. Mailvelope provides end-to-end encryption meaning that no one snooping on your traffic/logs, not even Google, will be able to detect your messages.
3. When you click ‘OK’ a series of information will appear like the above. Click on ‘Transfer’.
4. Finally click on ‘send’.
4. Use Private Email Provider to Send Truly Secure Emails
Regrettably, none of the extensions/plugins provides a perfect solution if you care about your privacy. Whilst S/MIME and TLS encryption may sound pleasing, it unfortunately doesn’t assure you all around security. Apart from these two, even the option of third party plugins is a disappointment because it unnecessarily makes you walk an extra mile in your emailing processes and that too without even encrypting your emails even if it is conducted on your smartphone.
5. Paubox Encrypted Email
In Paubox sending an encrypted email is super easy. You just have to do what you always do when you send an email. Just click ‘Compose’, type your recipient’s name and hit send. It is that simple. You don’t even have to even type ‘Secure’ in the subject line to send your encrypted email.
Privacy oriented email providers contain end to end encryption (message will be encrypted while composing it and will be decrypted only by the receiver it is sent to) which showcases the confidence that all emails sent by you will be 100% secured.
Even in cases of where your receiver uses a different email service, your message and even the attachments you send will still be sent in an encrypted format. This provider also offers two major advantages:
- One being a zero knowledge policy( which means that a business owner can send encrypted emails without its employees even peeking through the encrypted keys)
- For those who like to remain anonymous,’Burner email accounts’ can help you out.
How to encrypt all your Gmail account emails without any additional tools or plugins?
It is definitely annoying and time consuming to keep a track of you entering the right passwords, clicking on the right buttons or even proof checking whether you typed ‘Secure’ in the subject line in order to encrypt and decrypt your emails.
Obviously not. And you shouldn’t have to.
So how can you encrypt all your Gmail account emails without any additional tools or plugins?
- Encryption solutions should be as consistent as sending a common email. With Paubox Encrypted Email, it is that simple.
- Due to Paubox’s default feature, it encrypts all emails and replies immediately. This assures you that you can now send an encrypted email just like how you would do generally without having keeping a doubt of its security. This could save a lot of time as no training to use this is required nor any change in user behaviour will shift.
- Paubox puts serious attention for the user experience, first for both senders and recipients, uses military-grade encryption features without the hassle of additional steps in the settings.
- Security features such as Phishing attacks and Robust Spam filtering have been enabled in order to detect any malware or ransomware (detected with the protocols it has).
- By conducting seamless integration into business email platforms( G Suite, Office 365, Microsoft Exchange) you can now freely keep your email address and domain next to you.
- To assure your receiver that the email received from your end is encrypted, you can see a clear little digital signature at the footer of your email saying that the message in this email was encrypted for their safety and security by Paubox.
An encrypted Gmail can help you to turn the tables around protected information security. Whilst the internet is growing into a bigger space the above pointers are able to give you a head ups on what you need to know and what can help you to conduct this process better.
The market is filled with many security measures each portraying its pros and cons. With the right tool in hand privacy and security measures are well taken care of.