Would the simplest encryption do or must it be as good as the following encrypted message (in quotes)?
"G"
So far no decrypting team can break that code.
Bob
![]() | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Hi there,
I would like to encrypt email communication with a Phd-colleague.
We both use Outlook 2013 on Windows 7/8.
Is there any free/open source solution to do so? I found that famous pgp work with the likes of Thunderbird but not with Microsoft Office
Happy to get some input ![]()
Discussion is locked
At the office we fling source code back and forth but as email can get clogged up we use dropbox instead. We can zip up the set and place it on a public link and since Kees noted the password feature this could be another option.
Bob
I'd zip the documents you exchange with a password (any decent zip-program supports such encryption) that only you two know. Should be good enough assuming it's not the NSA you want to protect your communication against.
http://socialwork.columbia.edu/sites/default/files/file_manager/pdfs/Using%207-Zip%20for%20Encryption%205-30-2013.pdf is a nice instruction for the 7z (a decent and free program).
Kees
From my experience PGP is more easy to use than S/MIME.
Actually PGP is a product name, so we should talk about OpenPGP - that is the standard
For Outlook you need additional software to use OpenPGP.
Freeware
https://github.com/dejavusecurity/OutlookPrivacyPlugin
http://gpg4win.de/
Commercial
http://www.symantec.com/de/de/desktop-email-encryption
http://www.gpg4o.com - Trial available
I am surprised no one has mentioned 'Digital Certificates'. A DC offers several advantages; 1) Shows that you are indeed the sender, and 2) can encrypt the contents of the e-mail message and attachments (if you so choose). That said, it is not as simple as it sounds. For an encrypted mail exchange to take place using DCs requires that both parties have a DC installed. And that they have exchanged their public keys. If only one party has a DC and the other does not it simply will not work. Some companies or educational institutions may not allow or support the use DCs, however a lot of corporations/institutions do as does the US Government. And yes Microsoft Outlook 2013 supports Digital Certificates. Just Google it and you will find a lot of information on the topic and specifically how to install a DC on your system to use with Outlook.
Just make the private key for the sender's signing certificate available on the Outlook Web Access computer.
Use a smart card that contains the recipient's encryption certificate.
Install the recipient's encryption certificate into the personal certificate store on the Outlook Web Access computer as part of the digital certificate enrollment process.
Manually import the recipient's encryption certificate into the personal certificate store on the Outlook Web Access computer.
Check out dark mail, http://darkmail.info/
It was funded from kickstarter late last year. As far as i can understand its open source and will be released around august, they are posting updates on the kickstarter link below.
It goes one step further by encrypting meta data, such as email recipient, subject etc.
https://www.kickstarter.com/projects/ladar/lavabits-dark-mail-initiative/posts
Read up on what happened with LavaBit. Also read up on what the NSA is saying about the Tails OS, Linux Journal.
We are now extremists. That is, is the USA calling its citizens extremists?
Bob
Did you see (read) what happened to the last secure system?
Do you know about TAILS (OS) and what the NSA is calling its users and along with them, The Linux Journal?
If not, you may see another train wreck but it won't be entirely your fault.
That is, it would be unfair to not tell folk up front about the risks and what happened before.
Bob
Guys this isn't new at all. The only thing is that its more out in the open. Secure mail plattforms have arisen and closed down by officials all over the world for years now. Regardless why I would not use them for privacy reasons, not saying nor meaning that they are bad or badly implemented at all.
So my recommendation is to use what the initial starter of the thread wanted to have, a solution for end-to-end encryption with outlook.
Platforms like Lavabit can be taken down centrally, widespread end-to-end encryption solutions may not been taken down so fast regardless whether they are noncommercial like Outlook Privacy Plugin or commercial like Symanctec encryption or gpg4o. If you wanna go for S/MIME with a digital certificate I would not recommend to use the Microsoft implementation (Backdoor risk!)
It would be even better to use an other mail client which is not known to have backdoors at all. Very often the mail client may not be changed to some reason.
Best regards
Hajo