Email Encryption


When you digitally sign a message, you embed information in the message that validates your identity. When you encrypt a message, it appears to be "scrambled" and can only by read by a person who has the key to decrypting the message.

Digitally signing a message ensures that the message originated from the stated sender. Encrypting ensures that the message has not been read or altered during transmission.

Overview

The following three steps will use the Bravenet console to create two encrypted email accounts enc1 and enc2 and one regular non-encrypted email account noenc to setup and test PGP capable email. The two encrypted email accounts will be used to demonstrate how encrypted emails function.

enc1@domain.com       # Email 1 configured with PGP encryption
enc2@domain.com       # Email 2 configured with PGP encryption
noenc@domain.com      # Email 3 configured without PGP encryption to show encryption is working

Step 1 Create Three Email Accounts

Use the following link to login to an existing Bravenet Account. https://www.bravenet.com/login

Please substitute domain.com for your own custom domain in the instructions below.

Create Three Email Accounts

  1. Email > New Email Address
  2. enc1@domain.com
  3. Email > New Email Address
  4. enc2@domain.com
  5. Email > New Email Address
  6. noenc@domain.com

Configure Encryption on enc1 and enc2 email accounts

  1. Email > enc1 > Webmail
  2. Settings > PGP Keys > Click (Create) > Choose Password and Confirm Password > Save (Please Note your Key Pass Phrases during this process, they will be required later)
  3. Settings > Preferences > Encryption
  4. Select all of the following Settings with a checkbox:
    1. Enable message encryption and signing
    2. Enable message signatures verification
    3. Enable message decryption
  5. Click Save
  6. Repeat above step to Configure PGP for enc2


Step 2 Setup - Swap Public keys (enc1 and enc2)

  1. Have enc1 send enc2 Public Key (This will allow enc1 to receive encrypted messages from enc2 - See note below)
    1. Compose (Send) Email
    2. Compose (Note Encryption Tab in Webmail Compose Menu/Tab)
    3. Attach my public Key
    4. Send
  2. Have enc2 Import enc1's Public Key
    1. Receive Email Import Public Key
  3. Have enc2 send enc1 Public Key (This will allow enc2 to receive encrypted messages from enc1 - See note below)
    1. Compose (Send) Email
    2. Compose (Note Encryption Tab in Webmail Compose Menu/Tab)
    3. Attach my public Key
    4. Send
  4. Have enc1 Import enc2's Public Key
  5. Receive Email Import Public Key


Step 3 Test your emails

The test listed in Step 3.1 below should send an encrypted and signed email successfully. The test listed in Step 3.3 below should fail because enc1 has not received a public key from noenc.

  1. enc1 to send to enc2 with Digitally Sign This message and Encrypt this message
    1. Compose (Note Encryption Tab in Webmail Compose Menu/Tab)
    2. to: enc2@domain.com
    3. Digitally Sign This message
    4. Encrypt this message
    5. Send
  2. The passphrase requested is step 2.1 above.
  3. Verify enc2 received your signed and encrypted email
    1. enc1 to send to noenc with Digitally Sign This message and Encrypt this message
    2. Compose (Note Encryption Tab in Webmail Compose Menu/Tab)
    3. to: noenc@domain.com
    4. Digitally Sign This message
    5. Encrypt this message
    6. Send
  4. The passphrase requested is Step 2.1 above.

Verify when sending to noenc you receive a Key Not Found error. This is expected as you are trying to send an encrypted message to someone you do not have a public key for

Further Information

  • To receive encrypted messages from other people, you must first send them your public key:
  • To send encrypted messages to other people, you must receive and store their public key:
  • Although we are fully capable of supporting end to end encryption Bravenet does not support Hippa

Further Reading