When you want to send secure email, you have plenty of choices. I showed you recently how you can set up email encryption in Apple’s native Mail app, and that raises an interesting question. What’s better to secure email, Apple’s Mail app or a solution that uses OpenPGP, such as GPG Suite? Let’s take a look.
An Abbreviated History of Secure Email
Internet developers first standardized the Simple Mail Transfer Protocol, or SMTP, in 1982, when there was little concern for security. That quickly changed, and we needed to find ways to make our email communications more secure. Basically, we needed to be able to digitally sign, encrypt, and then decrypt our emails.
Groups came up with several standards to accomplish this. One of those is Secure/Multipurpose Internet Mail Extensions, or S/MIME, which is what Apple Mail uses. Another is PGP, which stands for Pretty Good Privacy. You probably know of this one in the form of OpenPGP. GPG Suite utilizes OpenPGP.
How Secure Email Works
Both methods use Public Key Cryptography to digitally sign, encrypt, and then decrypt your email. They rely on a pair of keys, one public and one private. When you send a digitally signed email to someone, you’re signing the email with your private key and sending that person the public portion of your keypair. Once you receive a digitally signed email, your mail software saves the sender’s public key so you can later send encrypted messages to that person.
As your email software digitally signs and encrypts a message, it’s doing two things:
- It’s signing the email with your private key
- Then, the software encrypts the message using your recipient’s public key.
Key Differences Between S/MIME and OpenPGP
From a technical standpoint, S/MIME and OpenPGP function pretty differently. S/MIME utilizes a standard way of putting arbitrary data into your email, with a definition of what type of information is there. Your email software transmits nearly everything as ASCII. On the recipient’s end, software decodes the ASCII into text or binary files. On the other hand, OpenPGP wraps the text and any binary attachments in “ASCII Armor,” an encoding layer. The software never converts the binary data into ASCII. Your binary files stay right the way they started.
Another key difference between S/MIME and OpenPGP is more apparent to you, the user. That difference is in how you get your public/private keypair. Using S/MIME, the user obtains the certificate and keypair from a centralized trusted authority. These are referred to as CAs, or Certificate Authorities.
OpenPGP, on the other hand, doesn’t rely on a centralized trusted authority. You, as the user, sign your keypair and then others verify whether or not the key really belongs to you by signing it themselves. OpenPGP relies on something called a Web of Trust, in which everybody is a potential CA. The theory is that you can trust a public key because it’s been signed by many other people, confirming that it really belongs to the person you think it does.
Which Method Leads to More Secure Email?
This is where theory and practice clash. In theory, OpenPGP could be a much stronger method of security. This is true because CAs lose their trustworthiness occasionally. Recently, the tech industry investigated two CAs, WoSign and StartCom, because of trust problems. The industry determined that those CAs failed to maintain the high standards expected of them. As a result, Apple, Mozilla, and Google all stopped trusting StartCom and WoSign certificates. The theory behind the Web of Trust is that users will build up and maintain that trust over time. There’s no dependency on a centralized agency to keep things on the level.
In practice, many folks don’t even utilize the Web of Trust behind OpenPGP. It can take too long to build up the trust level, so users of OpenPGP often resort to other mediums to develop the trust relationship. For example, people will exchange their public keys and then spell out the “key fingerprint” over the telephone.
If your browser or email software suddenly stops recognizing your S/MIME-based certificate, that’s not necessarily a bad thing. Yes, it’s inconvenient, because you’ll have to obtain a new keypair from a CA. On the other hand, this ensures the security of your email is maintained.
My Verdict: S/MIME is Simpler to Use and More Secure at the Same Time
I’m putting on my flame-retardant clothing here, because I know that statement is going to draw some fire. However, my personal opinion is that the S/MIME security implemented natively within Apple Mail is both simpler to use and more secure, as long as your CA stays above-board. I’m not alone in that analysis, either. S/MIME dominates the secure electronic email industry because of enterprise acceptance and how it works. OpenPGP doesn’t mandate how to create trust. Furthermore, many folks bypass the protocol’s Web of Trust altogether. S/MIME, on the other hand, relies upon certificate servers and industry support.
Don’t get me wrong. OpenPGP definitely has its merits. The GPG Suite is a fantastic set of tools for Apple Mail and other security problems. The drawback of OpenPGP is that maintaining true security of your email while still allowing trusted recipients to open them is a bit too time-consuming and labor-intensive. If you’re already deeply invested in OpenPGP, though, there’s little reason to change. The idea behind OpenPGP that you can’t fool everybody all the time is pretty solid, but the standard for is just too non-standardized for my use.
In developing this analysis, I relied upon a few sources for further information. If you want to read more, these are outstanding articles to check out.
“Despite revoked CA’s, StartCom and WoSign continue to sell certificates”, Mattias Geniar, January 17, 2017.
“How does PGP differ from S/MIME?”, StackExchange Information Security, October 6, 2011.
“S/MIME vs PGP,” Computer Security and PGP, March 30, 2016.