How to Send Encrypted Email: A Beginner’s Guide for 2020

in Privacy
How to Send Encrypted Email

Email encryption is a cybersecurity measure that prevents unintended recipients from reading your emails. In this guide, you will learn how to send encrypted email on three platforms.

How Email Encryption Works

email encryption

An encrypted email is a jumbled up message that can only be read by the person holding the decryption key. Email encryption and decryption uses Public Key Infrastructure (PKI). 

If your friend wants to send you an encrypted email, they can use the public key to encrypt the message before sending it. Since you are the only person holding the private key, nobody else but you can decrypt the message. 

When you want to prove that you are the sender of a message, you will use your private key to digitally sign an email. When your recipient successfully decrypts the message, then they will know that the message was from you.

In the first half of 2019, 4.1 billion records were reportedly exposed. To prevent such data breaches, email encryption is an imperative safety measure.  

Main Types of Email Encryption

The two main types of email encryption protocols are Secure/Multipurpose Internet Email Extensions (S/MIME) and Pretty Good Privacy/Multipurpose Internet Email Extensions (PGP/MIME). The first protocol depends on a centralized authority trust model while the second relies on decentralized authorities.

S/MIME is already built into large email service providers, such as Gmail and Outlook, while you need a third-party encryption tool to apply PGP/MIME.

Additionally, when you use the S/MIME protocol, the key code is created for you. However, the PGP/MIME allows users to create their own key codes. 

Email service providers Yahoo and AOL support PGP/MIME.

How to Send Encrypted Email on Gmail

How to Send Encrypted Email on Gmail

To use the S/MIME email encryption protocol on Gmail, both senders and receivers need to enable email encryption. This feature is only available to users with G Suite products like G Suite for Education, G Suite Enterprise for Education, and G Suite Enterprise.

Below are the steps you should take:

  • Sign in to Google Admin Console using an administrator account
  • Click Apps > G Suite > Gmail > User Settings
  • Go to Organizations and choose the domain you want to configure
  • Click the S/MIME setting and check the box for enabling S/MIME encryption 

Google has provided optional steps for enabling S/MIME that you can consider browsing.

After enabling hosted S/MIME, reload your Gmail account. You will now note that the subject field has a lock icon. When your email is encrypted, this lock will appear green in color. Next, you need to upload the S/MIME end-user certificates. To do this, follow these steps:

  • From your Gmail inbox, go to “Settings” then click on the “Accounts” tab
  • Select “Send email as” then click “Edit info”
  • Click “Upload a personal certificate”
  • Next, open the certificate and enter the password then select “Add certificate”

Now, you can exchange keys by sending an encrypted message to your friend. The digital signature will have a public key that your friend can use to encrypt the emails they send to you. 

Once you have shared the public key with recipients, you can send encrypted emails with ease. To do this, simply create a message as you normally would. Click the lock icon then the “View details” option to change the S/MIME settings if you want to. If you are okay with the level of encryption that Gmail displays as a green lock icon, you can send your S/MIME encrypted email.

Other encryption levels include the gray lock icon that means the email is protected with Transport Layer Security (TLS) and the red lock icon, which indicates that your email is not encrypted.

Email Encryption on Outlook

To send an encrypted email on Outlook, you need to first get the S/MIME certificate from your administrator and then install the S/MIME control.

Next, follow these instructions:

  • Go to the gear menu and select S/MIME settings
  • To encrypt all outgoing emails, choose “Encrypt content and attachments of all messages I send”

When sending a single encrypted email, simply compose your message then go to the “Options” tab and select “Encrypt” from the dropdown menu. Choose “Encrypt with S/MIME” and send your email.

Encrypting Emails on iOS

The S/MIME email encryption protocol is available by default on iOS devices. Here are the steps you should follow to encrypt an email: 

  • Go to “Advanced Settings” and turn S/MIME on
  • Change “Encrypt by Default” to yes
  • Write your email, then click the lock icon next to the recipient field to encrypt the email
  • Hit “Send”

Several email service providers like ProtonMail also allow users to send free encrypted emails. Learn more about these providers in this guide on the top five free encrypted email services reviewed for 2020.

How to Use ‘Pretty Good Privacy’ (PGP) Encryption to Communicate Privately Online

in Privacy
pretty good privacy

Communicating securely and privately online has never been more important than today where personal data is being harvested by governments and corporations to the detriment of the individual. Pretty Good Privacy (PGP) encryption is a technology that makes it possible to send and receive information securely and privately online.

PGP is a free and open encryption technology available to the public for encrypting, decrypting, signing, and verifying files and messages. So far, the technology has proven difficult to crack.

Below, you will find a simple guide to Pretty Good Privacy, including how it works, setting it up in a few minutes, and how to send your first encrypted message.

How Does PGP Encryption Work?

PGP Encryption

PGP helps to safeguard data on email systems, computers, hard drives, removable media, files, and even cloud-based applications.

This digital data encryption software was developed by Phil Zimmermann, a cryptographer and director at Computer Professionals for Social Responsibility (CPSR) from 1997-2000.

A simplified process of how PGP works for sending an encrypted email:

  • Create a message as a sender
  • Encrypt your message using the public key of the recipient
  • Send your encrypted message through whichever email server
  • The recipient or receiver decrypts your encrypted message with a private key, which then enables them to read the message.

Now, the process outlined above is a general overview. The PGP software comes in several variations: OpenPGP, PGP, and GPG.

PGP: Pretty Good Privacy, the initial proprietary protocol, was released in 1991. It comes at a fee since Symantec Corp. acquired PGP Corp., the company who held the rights to the PGP code.

Symantec developed a variety of encryption products based on the PGP code including Symantec Information Centric Encryption, Endpoint Encryption, Symantec Desktop Email Encryption, File Share Encryption, and Gateway Email Encryption

OpenPGP: An open-source version which has become a universally-accepted PGP standard was developed in 1997.

GPG: GNU Privacy Guard (GPG) is an independent implementation of the OpenPGP standards. That means you can use it to send and receive encrypted messages from people using other OpenPGP applications.

However, what is standard in each of this encryption standard is the use of public and private keys. Though, the algorithm used to implement encryptions depends on the solution.

What is a Private And a Public Key?

PGP key

A private key allows you to decrypt the messages sent to you. Private keys can also be used to generate file signatures. File signatures are used to authenticate identity and prove that a message is complete. A private key must never be shared with anyone.

A public key enables you to encrypt a message. Your public key can be made public so that others can send messages to your address.

How Do You Set Up PGP?

One of the most recommended PGP encryption software is Gpg4win. Gpg4win is the official distributor of GPG for Windows operating systems.

For MacOS, you can get GPGTools. It is a paid package that has an email plugin for Apple Mail, a service to use GPG in almost any application, a key manager and an engine to use GPG with the command line. Other options include Canary Mail, Mutt, and Enigmail.

To use PGP on Linux, you can opt for Seahorse, Kleopatra, Mutt or Enigmail.


To provide an example of how to send a private message using PGP, we will use Gpg4win to explain the process of creating public and private key pairs and sending an encrypted email.

Step 1: Download Gpg4win. Then double click the executable package and begin the installation. The installation procedure is similar to other software.

Step 2: During installation, you would be asked to choose the components you want to install. Using the default options is recommended here.

Step 3: After installing GPG4win, you need to launch Kleopatra, one of the components you installed in Step 2. It is the graphical front-end for the software. You can find the Kleopatra program inside the GPG4win installation file.

Step 4: Inside Kleopatra, click on ‘New Key Pair’ to create your public and private keys. A box would show for you to enter your name and email address.

Step 5: Click “Next” after inputting the required data in Step 4; you would be taken to another window to review the information for the key pairs (public and private keys). Press the ‘Create Key’ button after review. After that, you would be prompted to create a strong passphrase that would allow you to access your messages. Ensure you keep the passphrase safe.

Once you forget the passphrase, it cannot be recovered. That means encrypted data and emails will be inaccessible.

Step 6: The application would give you the opportunity to backup your public key, send it by email or upload it to a directory email service.

Step 7: To encrypt your first message: click on ‘Clipboard’, then ‘Encrypt in Kleopatra’. An empty box would pop up where you can paste your message and also add recipients.

You would need to add the public key of the recipient of your message. You could either check for the person’s public key on a key server by going to ‘File’ then ‘Lookup Certificates on Server’ or ask the recipient to send you their public key, which you could then import into Kleopatra.

Step 8: Once you have added a recipient, click ‘Next’, and the encryption process will take place. Copy and paste your message to a word processor after encryption; you would only see a bunch of gibberish. You can then send this encrypted message through any email server to the recipient.

pretty good privacy

Only the owner of that public key can decrypt your message with their own private key. The receiver would follow almost the same process for encryption to decrypt the message.

That is how you can send a secure, private message to anyone across the globe using PGP encryption!

Go to Top