email@example.com (Jerry Hildenbrand)
How can I enable encryption on my Gmail account?
Best answer: For most of us you can’t, unfortunately. Only paid Google accounts can use the built-in encryption and the rest of us will need extra software. It’s still not simple, though.
Encryption is important when it comes to your private conversations. You probably have nothing to hide and I get that — I don’t really care if someone knows I texted my wife to remind her to bring home butter or I emailed some company for tech support. But I still want encryption as an option, and so should you.
Web-based email like Gmail just isn’t encryption friendly. I’m talking about end-to-end encryption here, where mail is protected so that only the intended recipient can open it. Gmail is encrypted during transport using the TLS standard but once it reaches a server it’s there in clear text. Think of email as the modern version of a postcard.
There are two ways to enable encryption in Gmail, but one is only available for paying customers. For Enterprise or Education accounts you can turn on S/MIME.
You need access to the Google Admin Console with administrator credentials where you can enable hosted S/MIME (Secure/Multipurpose Internet Mail Extensions) on the account and every message is able to be encrypted along with any attachments.
The recipient will also need to have S/MIME enabled on their end or it will be treated as a regular email. S/MIME is a standard so plenty of large companies use it for email and programs like Outlook fully support it, but It’s still not an ideal situation.
The free way
While you can enable encryption in Gmail through third-party software, the recipient will also need to be using the same third-party software. That’s not something that’s specific to Gmail or Google — if you encrypt anything on one end, you need to be able to decrypt it on the other to access it.
Luckily, enabling it is really easy using software that uses the PGP (Pretty Good Privacy) method of encryption. A good and simple way to do that is to install the Mailvelope browser extension and go through a simple setup process. The rest is automatic.
As mentioned, the recipient will also need to be able to decrypt a message using PGP and have your public key “on file”. The easiest way is for them to also install Mailvelope, but there is other free software that can encrypt and decrypt using PGP.
Another drawback is that this only works for desktop Gmail — you won’t be using it on your phone.
A better way
The best way to have a private conversation is to use software that features end-to-end encryption by default.
I use Signal, but WhatsApp, Telegram, and other third-party messengers are cross-platform and keep everything secure. It’s probably easier to get someone to install WhatsApp than it is for them to try to use encryption with any web-based email.