How to send sensitive information by email—Encryption for real people

Opinions differ on how safe it is to send confidential information by email.  But let’s take it as given that, every now and then, you want to send something by email and be reasonably sure that no one but the intended recipient can read it.  Let’s also assume that you don’t want to spend any money, and that it has to be as easy as possible for the recipient to read your message.

Many discussions of secure email get bogged down in the details of “s/mime,” which is a technologically elegant solution, and is supported by many common email programs (for more details, see this Wikipedia article).  However, (1) s/mime is a pain to set up and (2) it has to be set up at both ends.

There’s a simpler approach to sending the occasional confidential email that goes like this:

  1. You put the confidential information into a document (or spreadsheet, or what have you).
  2. You encrypt the document so that it cannot be viewed without a password.
  3. You email the encrypted document to the recipient as an attachment.
  4. You communicate the password to the recipient by some other means, preferably not by email, and certainly not by the email to which you attached the encrypted document.
  5. The recipient uses the password to decrypt the document.

These steps may sound hard, but they’re really not.

These instructions assume that you are using a Windows computer, and that your recipient has either a Windows computer or an Apple computer.  If you use an Apple computer, you’ll have to do a bit more research, or be prepared to shell out for the commercial version of Stuffit.

What you do: Download and install a free copy of 7-Zip.  To encrypt your file, right-click the file and choose 7-Zip | Add to archive….  7-Zip will then present you with a dialog box.  Change “Archive format” to “zip” and make sure that “Encryption method” is set to “ZipCrypto” (which should be the default).  Otherwise, leave the defaults alone.  Now, in the password box, enter a good, strong password (if you’re going to the trouble of encrypting, there must be a reason: do make sure that the password is hard to guess, ok?)  Remember that password.  Press “OK.”  7-Zip will create a new file that ends in “.zip”.  Email this file as an attachment to your recipient.

Please note that this encryption method does not hide the name of the file you have just encrypted.  So if we’re talking about, say, “my-secret-plan-to-take-over-the-world.docx,” you might want to think about using a more generic file name.

What the recipient does:  If your recipient has a Windows computer, he or she can just double-click to open the attachment — Windows will prompt for the password.   If she has an Apple computer, she can download and install a free copy of Stuffit Expander.  This can be obtained from the official site here, which requires some annoying registration, or from without the annoying registration.  Use Stuffit Expander to open the file, provide the password, and Bob’s your uncle.

For somewhat better security:  If your recipient is willing to install 7-Zip, then you can use the “7z” archive format and AES-256 encryption.  As far as we know, this level of encryption cannot be cracked by any ordinary hacker,provided you use a good password (see below).

Disclaimer and some notes about passwords

This method does not provide perfect security.   The ZipCrypto encryption method is not the best and, according to the 7-Zip folks, there is at least one known attack.  However, ZipCrypto is the only encryption method that a Windows user can open without installing additional software, and cracking ZipCrypto still requires significant time and expertise.

No matter what encryption method you use, if someone gets a copy of the encrypted file, they can try out different passwords again and again until the right password is found (a so-called “brute force” attack).  In other words, the encryption is only as good as the password you choose.   Most people use lousy, quickly guessed passwords.  Don’t do that.  Don’t use a word that is in the dictionary.  Don’t just take a word that is in the dictionary and substitute “1”s for “i”s.  Don’t use the name of your recipient, or the name of the company for which you or your recipient work, or even the same cool password you always use.  Do use a long password or phrase of at least 10-12 characters.  As pointed out in this rather excellent article, a simple three-word phrase like “this is fun” would take a (very) long time to crack by brute force guessing, even though the individual words are in the dictionary (also see this Wikipedia article with a table showing the strength of different passwords by length and complexity).

Good luck!