From DLNET.ORG Cloud Documentation
Revision as of 18:18, 6 December 2020 by Lennart (talk | contribs) (Client-side storage encryption)
Jump to: navigation, search

Encryption is the future of data security. It can be used to store your data in a way that it can only be read by yourself (or those having the private key), and not by others that have access to the data. And it allows to communicate with others in a way that only the conversation partners can read what is said, not the servers that forwards the communication.

Encryption is also used by servers to securely communicate with clients (such as your phone and PC) and other servers, using the SSL protocol (when combined with HTTP, widely known as HTTPS). This form of encryption effectively prevents eavesdropping, but it does not provide security against hackers, governments and malicious internet service providers.

This page discusses ways in which you can implement client-side encryption and end-to-end encryption, which is superior to the aforementioned server-side encryption.

Email encryption

The best way to implement end-to-end encryption for email is using Pretty Good Privacy (PGP). PGP works only if both you and your email partner have installed the required software and you have shared your public keys. There are various plugins for email applications that implement PGP. In Thunderbird, you can use the plugin Enigmail. For Outlook, you can use Gpg4win.

PGP is also supported by the webmail client. For this to work you first need to install the browser plugin Mailvelope, and import your PGP keys (or create new keys) into Mailvelope. See this page for some configuration instructions.

To read encrypted mail, you may need to change a setting in Roundcube. Go to Settings -> Preferences -> Encryption. Then turn on "Enable message decryption".

Roundcube also has a builtin PGP system, but I recommend against using it because it runs on the server, and hence is not true end-to-end encryption. However, the benefit of the builtin system is that you don't need to install the Mailvelope plugin to use PGP features.

Client-side storage encryption

Client-side encryption of stored emails (as notably offered by ProtonMail) is not currently supported. However, the benefits of such encryption are largely illusive. A malicious entity with access to the server could change the internals of the server to store a non-encrypted copy of all emails elsewhere. The only way to avoid this is with true end-to-end encryption (see PGP above).