Skip to main content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Security Tools: Encryption and Security Certificates

First in a series on security tools, this guide discusses encryption, security certificates, and Public Key Infrastructure

Encryption and Signing - Flipping the Keys

Encrypting a Message

As discussed above, encryption is the scrambling of data into an apparently illegible form. To encrypt an email message with the tools of Public Key Infrastructure, you need the public key of the message recipient. Typically that individual would have sent you the public key, or it may be available as part of their profile on LinkedIn or another website. With most email clients you can add the public key to your contacts list. Certificate Authority IdenTrust offers this instruction sheet on adding a contact's key. With the key in your contact list, you can choose the encryption option in the Outlook message window, and then send the message. The steps for adding a certificate and choosing to encrypt a message vary among email clients and even among different versions of the same client, so use the "Help" function of your email client to find the pertinent steps. Once you've chosen to encrypt the message with the public key, send it to the recipient.

Because the public and private keys are symmetrical, only the recipient, who should be the only individual with access to their private key, can decrypt the message following delivery.

An Alternate Means to Send Encrypted Messages

With the widespread movement of applications to the cloud, vendors such as Virtru and Microsoft offer another way to send an encrypted message. The cloud vendor encrypts your message and stores it in that form in the cloud, and delivers the subject line of the message with either a link or a passcode to the recipient. The recipient then clicks on the link and the service establishes that the recipient received the intact email, by analyzing metadata in the URL and the email address of the recipient. The service then displays the unencrypted message for the recipient. As noted on the above Microsoft link, Outlook in Microsoft 365 offers both this method and the exchanging of messages using PKI, through a protocol known as S/MIME (Secure Multipurpose Internet Mail Extensions).

Signing a Message

You use your private key to digitally sign a message. Signing a message accomplishes two functions: it authenticates the identity of the sender and it authenticates that the message as received is unaltered.The recipient uses your public key to match the private key information in your message and the match verifies that you sent it. Additionally, The S/MIME protocol uses your private key to run an algorithm that analyzes the order and makeup of the binary digits (bits) that make up your message at the most fundamental level. That algorithm calculates a hash value that is unique to your message. The hash value is encoded in your message with the private key, and the recipient's client uses your public key and again calculates the hash value of the message, ensuring that it matches the included hash value. A match verifies that the message is unaltered.