2.7 Security

By default, e-mails are transmitted without any protection around the Internet, which implies that they can be read and changed by lots of different parties. In particular, they are analyzed under bulk surveillance, which violates basic human rights. To defend those rights, digital self-defense is necessary (in addition to legal changes), and encryption and digital signatures are powerful techniques for self-defense. In essence, encryption ensures that only the intended recipient will be able to read a message, while digital signatures make sure that modifications to messages can be detected by the recipient.

Nowadays, there are two major incompatible e-mail encryption standards, namely OpenPGP and S/MIME. Both of these standards are implemented by the GNU Privacy Guard (GnuPG), which needs to be installed as external software in addition to GNU Emacs. Before you can start to encrypt, decrypt, and sign messages, you need to create a so-called key-pair, which consists of a private key and a public key. Your public key (also known as certificate, in particular with S/MIME), is used by others (a) to encrypt messages intended for you and (b) to verify digital signatures created by you. In contrast, you use your private key (a) to decrypt messages and (b) to sign messages. (You may want to think of your public key as an open safe that you offer to others such that they can deposit messages and lock the door, while your private key corresponds to the opening combination for the safe.)

Thus, you need to perform the following steps for e-mail encryption, typically outside Emacs. See, for example, The GNU Privacy Handbook for details covering the standard OpenPGP with GnuPG.

  1. Install GnuPG.
  2. Create a key-pair for your own e-mail address.
  3. Distribute your public key, e.g., via upload to key servers.
  4. Import the public keys for the recipients to which you want to send encrypted e-mails.

Whether to use the standard OpenPGP or S/MIME is beyond the scope of this documentation. Actually, you can use one standard for one set of recipients and the other standard for different recipients (depending their preferences or capabilities).

In case you are not familiar with all those acronyms: The standard OpenPGP is also called PGP (Pretty Good Privacy). The command line tools offered by GnuPG for OpenPGP are called gpg and gpg2, while the one for S/MIME is called gpgsm. An alternative, but discouraged, tool for S/MIME is openssl. To make matters worse, e-mail messages can be formed in two different ways with OpenPGP, namely PGP (RFC 1991/4880) and PGP/MIME (RFC 2015/3156).

The good news, however, is the following: In GNU Emacs, Message supports all those variants, comes with reasonable defaults that can be customized according to your needs, and invokes the proper command line tools behind the scenes for encryption, decryption, as well as creation and verification of digital signatures.

Message uses the MML language for the creation of signed and/or encrypted messages as explained in the following.