Using Email Encryption For Email Storage

You should consider storing your email encrypted even if you don't have sensitive information like banking info, social security numbers and so on. Email is used for such a variety of ways and contains so much valuable information, not only business related but also personal information. Could you imagine having that information available to a crook or worse, available on the Internet?
When sending email it can be encrypted and authenticated using usually one of the following protocols:

  • S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. The MIME entity is encrypted and packed into an object which subsequently is inserted into an application/pkcs7-mime MIME entity.
  • OpenPGP (Open Pretty Good Privacy) and GnuPG (GNU Privacy Guard), which is a variant of OpenPGP,   use hashing, data compression, symmetric-key cryptography, and public-key cryptography. 

These protocols provide cryptographic privacy and authentication for data communications. The email metadata (from, to, subject  ...) is sent un-encrypted.

Encrypting Stored Email

One option is to encrypt the whole disk using if on Windows BitLocker or if on the Mac using FileVault.  TrueCrypt was a free option but it has been discontinued because of unfixed security issues.
The better option is to encrypt every email message and store them as individual files, this has the following advantages

  • You can move them to an on line storage service like Dropbox, Google drive, etc. and the encryption remains
  • They can be easily synchronized and perform incremental backups

For encrypting you should use one of the following formats:

    Formats that use a certificate

    A certificate is needed and must be installed on your computer to authenticate and decode the email messages. The body of the message and attachments are encrypted but the header and email metadata is not.

    • S/MIME 
    • OpenPGP 

    Formats that use a password

    Easier to handle because you can depend on only a password or pass-phrase for the encryption. The whole file is encrypted.

    • FIle encrypted with Blowfish/TwoFish, RSA, AES, CAST, DES, DPAPI, DSA, Elgamal, IDEA, RC2, RC4, RSA, TripleDES
    • PDF - Uses a certificate or a password with AES 128-bit or AES 256-bit.
    • ZIP - Password with AES 128-bit or AES 256-bit.
    • 7-ZIP - Password with AES 256-bit.


    Disdvantages of email encryption for storage

    Storing email encrypted has some disadvantages:

    • It no longer is searchable using keyword searches
    • You need to decrypt it first before you can read it
    • Antivirus software cannot scan encrypted attachments


    Email *

    No sales pitches and one-click unsubscribe.



    About the Author

    Jaime Ponce De Leon is the CEO & Founder of MailDev.