To operate in the digital age, we must have an email id. An email is required to sign up for any social media account, and any other internet service. Email is also used extensively for internet banking, shopping, and financial activities. Most email providers give some degree of protection against spying or manipulation with their users’ emails, but do not provide the highest level of privacy and security. Every individual deserves email security, making sure no one can access his/her messages. This is why we encrypt your emails from beginning to end (with SecureSend or PGP).

Canary encrypts your email with PGP encryption. This article discusses the technology that enables us to keep our security promise.

What is PGP?

Pretty Good Privacy (PGP) is an abbreviation for Pretty Good Privacy. It is the world’s most extensively used email encryption technology. PGP has been extensively tested over years of use, has few known flaws, and is widely compatible with various encryption clients. PGP is the core of our security architecture for these reasons.

PGP is a cryptographic way for communicating secretly over the internet. When you send a message using PGP, your device converts the message into unreadable cipher text before sending it over the web. The receiver is the only one who can turn the text into a readable message on their device.

PGP additionally confirms the sender’s identity and that the communication was not altered while in transit.

How does PGP work?

To safeguard emails, PGP uses both symmetric and asymmetric encryption.

PGP begins by employing symmetric encryption to generate a random session key. This key is exclusive and is used to encrypt the email’s contents. Then the session key is encrypted with the recipient’s public key and transmitted along with the encrypted email to the recipient. The recipient uses his/her private key to decrypt the session key which in turn can then be employed to decrypt the encrypted email.

PGP works unobtrusively when employed properly while delivering utmost safety, anonymity, and authorization for your emails.

The following examples show how PGP works in Canary Mail.

Alice is registered with Canary and wants to send an email to Bob who may be registered with Canary or be an external recipient. To encrypt an email, Alice will require Bob’s public key which she can store in Canary’s PGP keys. After the encrypted email is sent, to decrypt the email on Bob’s end, he will need his Private key which is only accessible to him. Thus, only Alice and Bob will have access to the email information.

Why is PGP important?

When an email is sent, it is transported server to server until it reaches the receiver’s inbox. TLS (Transport Layer Security) is used by all major email providers to offer an encrypted path for the email as it travels between servers. This ensures that a user’s communication remains private during transmission.

TLS encryption method lets email providers to securely carry emails, but there are major security risks if the emails are not PGP (end-to-end encrypted). TLS encryption decrypts the emails once they reach your email provider’s server rather than when they reach the receiver’s device. This allows such email providers to access all communications stored on their servers.

On the other hand, Emails that are secured with PGP are less vulnerable to be attacked on. PGP (end-to-end encrypted) email is unreadable to anyone except the intended receiver, making it far more secure. End-to-end encrypted email is encrypted on the sender’s device and decrypted only when it reaches the receiver’s device. 

How to encrypt your Emails with PGP?

The easiest way to encrypt your emails with PGP is using Canary Mail. Canary Mail offers provider-independent support for PGP on iOS, macOS, Android and Windows.

Canary supports standard PGP that is compatible with all leading tools, apps, and services that support PGP, such as GPGToolsProtonMailTutanotaK-9 MailEnigmailPosteo, etc. Canary’s key search is tied into & ProtonMail keyservers.

With Canary you can create new PGP keys right on your device, as well as use and manage all your existing encryption keys. Secret keys are stored securely in encrypted form on your device, and are never sent to the server. You can choose to save your key passphrase on the device for a limited time, or enter it as needed. In addition, Canary allows you to secure the app with FaceID or TouchID.

Canary uses the open source Bouncy Castle encryption library, which supports all modern encryption algorithms.