Ever since Edward Snowden let the cat out of the NSA’s bag email encryption has become a hot topic. What most of the non-technical public don’t realise is that email encryption has been around since the 90’s. It is not a new concept nor is the technology being used in today’s email encryption products vastly different from their 90’s predecessors. AES and RSA remain the standard when it comes to email encryption.
Current email encryption solutions require the users to either create their keys and securely distribute the public key or create a password and securely distribute that password. The below example illustrates the rigmarole users need to partake in to send an email securely.
Alice wants to email Bob securely; to do this Bob needs to have a pair of keys:
- one he will give to anyone who wants to send him private messages (the public key); and
- a private key which he’ll keep secret. It’s the private key that’s used to decrypt and reveal private messages.
For Alice to send a private email to Bob Alice needs to have a copy of Bob’s public key. Likewise for Bob to respond securely to Alice’s email, Alice needs to have her own key pair and Bob will need Alice’s public key.
The point is key generation is a painful, manual process and non-technical people more often than not don’t understand the process. As a result they shy away from email encryption, hence the reason secure email has never reached the masses! Only the very security conscious individuals will go to the lengths required to achieve email security and those individuals have already had solutions available to them for years.
What is required is a product that creates the public and private keys and distributes the public keys securely on behalf of the users. Until the pain is taken out of key distribution email encryption will never reach the masses.