01 September 2015

What is the Best Email Encryption Software For Microsoft Outlook? Four Add-ons Reviewed. (Part 1)

E-Mail encryption has quickly moved into the mainstream. Once the exclusive domain for spies, protecting our email communication will soon be as common as locking the doors and windows to our homes.  When email encryption is not mandated by law to protect certain kinds of data (Patient Health Information, for example), it is still a good idea.

Encryptomatic LLC has helped tens of thousands of companies find practical ways to encrypt email communications end-to-end. This article looks at four add-ons for Microsoft Outlook that our company developed and currently supports.  These add-ons are:


Why did we develop four add-ons, and not just one, especially when they are not compatible with each other?  We believe that the best e-mail encryption is the one that gets used. And while there are differences in overall defendability between the algorithms,  if the solution is so complicated, convoluted and impossible to implement, then it provides no protection in the end.

Each of our products as a "sweet spot" where it does certain things very well, mostly around process and convenience. In this article we will discuss each of our products, why it came to be, and what we see as the sweet spot for that product. By creating four differet products, our intent was not to confuse you, but to build a solution that would be a great fit for your business processes.  So that you will actually use it.

Symmetric versus Assymetric Key Encryption

Before we begin, let me say a few words about email encryption.  If you already understand this concept, then feel free to skip ahead to the next section.

The most difficult part of email encryption for the sender and receiver (outside of setting up the software) is exchanging keys. These keys are used to protect and open messages. An appropriate key is hopefully a very long and random sequence of numbers, letters and characters. Hopefully you would never use a key such as "Password123."  A key can also be computer generated, and split into a public part and a private part using complicated math.

OpenPGP is an assymetric scheme, which means each person particpating has a two keys: a public key and a private key. You are free to share the public key with anyone. You tweet your public key or even post it to Facebook. It is for the world to see. Your public key is used by others to encrypt messages destined for your inbox.  The amazing thing is that only your private key can open messages that have been encrypted with your public key.  It's important to keep your private key absolutely private.  But your public key can be given away to anyone.

In symmetric key encryption schemes are little more simple. The the same password that encrypts a message is used to decrypt the message.  It's sort of like those old movies when some knocks on a door and is asked "What's the password," before they can enter through.  A symmetric key must be kept secret by both the sender and the recipient.  It must also be agreed on between the sender and recipient.  Unless symmetric keys are agreed upon by two individuals in person, smmetric schemes are more susceptible to state actors who can monitor multiple sources of communication. Of course, you should never send the symmetric password in an email. But a state actor could possibly monitor you telephone or instant messaging or other mode of communication used to share the password.

Why use anything else?

If assymetric schemes like OpenPGP are clearly better, why would anyone use a symmetric password?   The trade off is often ease of use. If you are a sophisticated technologist and so are your friends and people you work with, then you should definitely use OpenPGP. No question about it.

But what if you want to send some important tax documents to your Dad, who is not very sophisticated? Ideally, you would invest the time to educate Dad (and maybe even Mom) and help them set everything up on there computer, show them how to generate a public/private key pair.

Depending on your situation, educating Dad and Mom may not be practical.  In this case, if the option is to just give up and say "To heck with it, I'll send it unencrypted," symmetric key (password) encryption is a much better option.  With a symmetric password communicated by phone, your Dad can receive the document and easily open it when it arrives by simply typing in the password.

In Part 2, we will take a look at the four Outlook email encryption add-ons  provided by Encryptomatic LLC.

Continue to PART 2