Encryption in emails: How does encryption work?
If you want to start from the beginning, start here. If not, let's move on to talking about...
Why encrypt Emails?
Think of all the parties your email goes through. Imagine what'd happen if all of them could see the content of your mails. Maybe there'd be complete transparency, no misunderstandings and ensuing world peace. That's about as likely as Unicorn Jedi warriors saving earth from an alien invasion. More likely, Big Tech would know even more about you than it does today.
Luckily, some smart people saw (some of) this coming and started encrypting emails (and other messages) in transit a decade ago, meaning nosy intermediaries who forward your mails couldn't see what goes in them. This's called Transport Level Encryption, which's done via Transport Layer Security (TLS). It doesn't stop your email application (aka client) from reading your messages though. Gmail and most other email clients have TLS turned on by default in 2022. Caveat: TLS only works if both the sender('s mail client) and the recipient('s mail client) both use TLS.
A more complete alternative is End -to-end Encryption (E2EE) where only the sender and the receiver can read the content, not even the client. Whatsapp claims to do it for all conversations. Gmail's "thinking" about doing it, but I wouldn't hold my breath.
That being the why, let's come to...
How does this encryption work?
Finally, we come to the point! Thank you!
There are different types of encryption, but they fall into two broad categories: symmetric and asymmetric.
Symmetric encryption's your good old fashioned idea of locking content with one key and sharing (a copy of) the key.
Asymmetric encryption's basically mathematical magic, that allows you to lock content with one key and open it with another (!). More on that in a bit.
Oh wait, what's this "key" you ask? Just think of it as a scary looking random piece of string you can ignore for now. Something like this:
Now one of the most popular forms of asymmetric encryption on the net is PKC (Public Key Cryptography). PKC's used to encrypt emails in transit, so that's what we'll talk about here.
PKC is a form of asymmetric encryption, as in it uses different keys to encrypt (lock) and decrypt (unlock). PKC involves the use of a "key-pair":
One's called a private key, which is the little secret you (or your email client) keep to yourself, just like your teenage DMs.
Then there's a partner public key, which you can (and should) share with the world, like your fake LinkedIn endorsements.
These keys are not picked at random, they're generated as a pair by algorithms.
Now here's the magic bit - if a message is encrypted using a public key from a pair, it can only be decrypted using the corresponding private key. And vice versa.
Let me repeat that, in case you haven't heard it before:
If a message is encrypted using a public key from a pair, it can only be decrypted using the corresponding private key. And vice versa.
Public and private keys essentially act like complementary keys to a safe. Neither is useful alone, but together they can unlock the safe. Why? Because math!
Sounds a little weird the first time, but you get used to it. You'll have to either trust the math, work it out yourself or wait for me to oversimplify it in a later post.
Assuming it works, let's come to...
How're Emails Encrypted?
When someone sends you a mail with a service like Gmail in 2022:
The mail application encrypts the mail using the public key of the recipient.
The carrier in between (your snoopy internet service provider) forwards your mail along without being able to read the encrypted details.
When the recipient application gets your mail, it decrypts the message using the recipients private key.
If you're wondering what the servers do, you can think of them as forwarding agents who know the right way to send and receive mails. If you want more, knock yourself out.
And that's it - Bob and Alice can talk away without the nosy servers knowing what they're talking about! Cheers all around, let's go home!
Does encryption stop here?
More on that in the next post!