Quick 'n' easy encryption for email messages or attachments?
October 3, 2005 2:39 AM   Subscribe

If you really don't care all that much, why not just toss it in a .zip file? Winzip can be downloaded for free (trial expires after 21 days), and the new 256-bit AES (Advanced Encryption Standard) encryption is perfect for what you want to do.

If you need to encrypt stuff so that the NSA can't crack it before the heat death of the universe, Google 4096-bit encryption.
posted by Ryvar at 3:54 AM on October 3, 2005

Let me restate since the above wasn't too clear and sounded a bit throwaway: Winzip now supports encrypting .zip files using 256-bit AES-based encryption. This is far more than sufficient for transmitting your credit card, etc.

And yes, nerdlings, I do know about DJ Bernstein's work on weakening RSA-based encryption and his ideas on building a billion-dollar highly-parallel factoring machine. Even if that did come to fruition 4096-bit encryption is still safely in heat-death-of-the-universe territory kthx.
posted by Ryvar at 4:01 AM on October 3, 2005

Second the winzip suggestion, PGP is fairly straightforward and easy to use, but really, all you need is a password-protected zip file.

I would use PGP instead of Winzip if you are exchanging things with more than one person and are slightly concerned about the security of your passwords. With WinZip/etc... you'll have to prearrange a password ahead of time and discuss it via phone/email/pigeon carrier. Using PGP, you get the advantage of being able to email each other the public keys without risking your password getting cracked.
posted by onalark at 5:20 AM on October 3, 2005

IZARC also does 256-bit AES and it's free.
posted by skryche at 5:35 AM on October 3, 2005

I second PGP/GPG. The WinZip solution is probably quicker and easier for a one- or two--time thing, but if you intend to repeatedly sent encrypted text/files back and forth, it's probably quicker to get PGP/GPG set up (and you don't have to worry about the WinZip trial expiring and the cost of a license). PGP/GPG is also probably a better solution if you want to communicate with more than just one other person.

disclaimer: I worked on a webmail-with-GPG project as a senior project in college. I might be a little biased.
posted by Godbert at 6:13 AM on October 3, 2005

GPG sounds what you're looking for. There are plug-ins for most major mail clients, and I think you can essentially configure it to encrypt all of your mail.
posted by mkultra at 7:25 AM on October 3, 2005

I have a thawte certificate (a free one) for this purpose. Most email clients have built-in support for certificate-based (S/MIME) secure email (I know Mail.app and outlook do). All my outgoing mail is signed automatically (so tampering are detected, source is assured), and if I so desire, one click encrypts the message and all attachments.

Basically, you get an "email" certificate from thawte or another cert-auth, import it into your email program, and you can start using it. the person you are sending encrypted messages to needs your public key. send a signed email to them and they should get a message box prompting to add the certificate.

going this route little bit harder to get set up than a protected zip file, but easier than GPG, and more automatic.
posted by clord at 8:16 AM on October 3, 2005

A second vote for S/MIME.

It's strong, simple and built-in to major email clients.
posted by I Love Tacos at 8:32 AM on October 3, 2005

And yes, nerdlings, I do know about DJ Bernstein's work on weakening RSA-based encryption and his ideas on building a billion-dollar highly-parallel factoring machine. Even if that did come to fruition 4096-bit encryption is still safely in heat-death-of-the-universe territory kthx.
posted by Ryvar at 4:01 AM PST on October 3 [!]

Just as an aside to Ryvar, RSA can be beaten in polynomial time by way of Shor's algorithm on quantum computers. A QC with sufficient qubits will be coming within our lifespan, let alone, erm, "the universe's heat death."

In the meantime, AES is what taz probably wants, which is built into the Disk Utility application within Mac OS X. (If you're using another platform, taz, let us know.)
posted by Rothko at 10:12 AM on October 3, 2005

Yeah, it's too bad my quantum computer hasn't shipped yet, though...
posted by mkultra at 1:01 PM on October 3, 2005

Deslock+ is a nice app.
posted by mr.marx at 1:37 PM on October 3, 2005

S/MIME, step by step:

1. Alice and Bob each pay a visit to Thawte and collect a free email certificate. It takes about ten minutes to work through the signup process.

2. Alice and Bob import their own Thawte certificates into their own email clients, and tell the clients to use those certificates for signing and encrypting; five minutes max.

3. Alice sends Bob a digitally signed but not encrypted email (its content doesn't matter). When Bob's email client receives this, it automatically caches Alice's public key; Bob can now send encrypted messages to Alice.

4. Bob sends Alice a digitally signed email (possibly encrypted, possibly not; content doesn't matter either). When Alice's email client receives this, it automatically caches Bob's public key; Alice can now send encrypted messages to Bob.
posted by flabdablet at 3:55 PM on October 3, 2005

This thread is closed to new comments.