A.1 What Is Secure Email?

Secure email takes one of two forms, each designed for a specific purpose:

Digitally signed

Designed to provide email recipients with proof that a message was, in fact, written by you and that the message was unaltered since you sent it


Helps protect the contents of a message, ensuring that only the recipient can successfully read it

Digital signatures recognize that not all email is private and that the means to transmit email are highly susceptible to tampering. Skilled attackers can intercept email in transit, modify it, and send it to the original recipient. In this way, attackers can falsify information, give conflicting instructions, and generally disrupt business. Digital signatures place a relatively small additional load on an email, because they encrypt only a small portion of the email: the signature itself.

How often would digitally signed email be beneficial? Consider that almost everyone has received spam email claiming to be from a bank or a celebrity. If these messages were digitally signed, you could be sure of the source. Without digital signatures, you must take the email at face value and recognize that it could be a forgery.

Encryption is designed to protect a message by rendering it useless to anyone but the recipient. Encrypted messages require more processing power than unencrypted messages, but provide the assurance that the message will arrive unaltered (it becomes indecipherable if altered) and uncompromised. Encryption can be combined with digital signatures to provide both privacy and proof of the sender's identity.

Encrypting and digitally signing email are two separate security processes. However, they can be used together on the same email message to provide both authentication and confidentiality of the information. Although encryption often implies authenticity, the additional signature is not a large added burden. In fact, these operations can be done with separate keys to provide two-factor proof of the message's security.