1

Email exchange is not a secure means of communication despite using SSL to connect to (all/most?) the email providers.
What I am not sure though, is what is a good way to send important information via email in a secure way if the recipient is not a tech person.
Would sending a link to Google Drive containing the information and giving access only to the specific emails (non gmail) qualify as a good approach?
Are there any other to consider?

Jim
  • 183
  • 5
  • I don't think you can choose non-Google accounts when sharing in that way. – multithr3at3d Feb 23 '21 at 22:14
  • @multithr3at3d: I think I have done it in the past. Unless that has changed – Jim Feb 23 '21 at 23:17
  • 1
    One way is to agree on a password with the recipient through some out-of-band channel (such as phone, SMS, fax, mail, sneakernet, etc.), then zip the files and encrypt them with the password. It's not the most elegant solution, but it's effective enough for most use cases, and it's fairly common. – mti2935 Feb 23 '21 at 23:17
  • @mti2935: Would that work regardless of the OS of sender/recipient? E.g. from Mac to Windows? Also why is the comment not answer? – Jim Feb 23 '21 at 23:19
  • @mti2935: Any specific tools per platform? – Jim Feb 23 '21 at 23:33
  • @Jim as far as I know, zip is standard across most platforms, and installed by default on many systems. – mti2935 Feb 23 '21 at 23:38

1 Answers1

6

The answer to this really depends on both "how secure" and "how not technical" you're looking for. I'll evaluate my suggestions on those grounds, though. In roughly descending order of security (but roughly ascending order of ease-of-use):

  1. GPG/OpenPGP: A well-established program, and the open standard it implements (respectively), for secure storage and transfer of data (primary via email). Extremely secure when used correctly, giving nobody at all a way to access or modify the data (unlike merely sending email via TLS, where the servers can do whatever they like with the messages before forwarding them to the recipient, OpenPGP is end-to-end encrypted). Notable in that it will let you send messages in plain text, optionally with a verifiable signature, and attach encrypted (and optionally signed) attachments, all using any email system or indeed any messaging network at all. Some email clients also have built-in support. Not extraordinarily difficult to use but probably more than you want to subject a non-tech person to, and kind of inconvenient for even tech people. Difficult to scale key distribution in a fully secure way, though there are approaches (especially if you are willing to accept some risk of impersonation, or can exchange keys in person).
  2. S/MIME: A standardized protocol for end-to-end security of email. Similar to OpenPGP, but uses the same kind of certificates as TLS for key exchange. You can often find basic certificates for free; higher-quality ones cost money and take time (to verify your identity), but they have the advantage that there's a nominally-trustworthy entity (the certificate authority you get the cert from) vouching for the validity (this makes distribution way easier). Unlike OpenPGP, must be supported by the email client; most desktop mail clients (Outlook, Thunderbird, etc.) support it but most web interfaces do not and Gmail in particular is known to fail to handle S/MIME messages even with sent an desktop mail client. If everybody is already using Outlook or similar it's perhaps less technical than OpenPGP but for general use it's probably worse.
  3. Password-encrypted files, probably archive formats, with passphrase exchanged out-of-band. Classical ZIP encryption is garbage, but some of the more modern encryption formats for things like 7z and even modern ZIP are... possibly not perfect but probably good enough. As long as the key/passphrase can be securely exchanged out-of-band (e.g. via in-person communication), this should be quite secure enough and end-to-end protected. Pretty simple technically-speaking but you do need to ensure that the sender and all recipients have compatible software for opening and decrypting the files (most programs that handle the same formats should have compatible decryption features, and some programs like 7-Zip are cross-platform).
  4. Find a cloud storage service (such as Google Drive, Dropbox, OneDrive, Box, etc.) that the sender and recipient(s) both have accounts with. Upload the files to that service, share them with the other account, and (if necessary) send the recipient(s) a link to the item. This is generally secure against third parties but NOT against the storage provider - most of them do not provide any end-to-end security and explicitly retain the ability to access your files if necessary (as they see it) - so it requires trusting Google or whoever. It sounds like you're already considering this option, so hopefully it's not too technical.
  5. If you both use the same email provider, and you trust that email provider, and that email provider requires encrypted connections (the good ones all do), then you can just send the emails directly. If Alice sends an email from her Gmail account to Bob's Gmail account, it will never be sent over the unencrypted Internet. (Microsoft's email services should provide the same protection, though I know less about their protections.) Obviously this one requires the most trust assumptions, but it's not actually less secure than sharing a link to a Google Drive item with somebody, and it requires no significant technical knowledge beyond basic use of email.

Note that putting a file in a cloud storage system and then just creating a sharing link ("Anybody with the link can access the file") and emailing the link is not actually more secure than just emailing the file directly. If you both have accounts on the same service, it's strictly less secure than sharing with their account directly.

There are a ton of other options, but they're all either specific to certain contexts (like both using one of the many services that aren't primarily for file-sharing but can do it) or using things that allow easy and secure file transfer but are not email (such as Signal).

CBHacking
  • 48,401
  • 3
  • 90
  • 130
  • Why is zip encryption garbage? I guess that 7z is not installed by all but what is "even modern ZIP'? – Jim Feb 24 '21 at 09:42
  • Also I was puzzled about the (5) that gmail to gmail (not my case) is secure. According to this answer seems the intermediate hops are plain text? https://security.stackexchange.com/questions/244238/why-doesnt-gmail-make-it-clearer-that-emails-have-been-signed-by-dkim-and-deliv/244245?noredirect=1#comment502954_244245 – Jim Feb 24 '21 at 09:43
  • Also does the "offline" include sending the password via SMS? – Jim Feb 24 '21 at 10:09
  • 1
    The legacy "PKZIP stream cipher" (also called ZipCrypto) uses a relatively small key size and is subject to well-documented known-plaintext attack (where the entire file, and possibly the full key, can be recovered if you know just part of the file). All up-to-date versions of 7-Zip, WinZip, and probably many other third-party Zip utilities understand the AES-256 based "modern" ZIP encryption. However, OS built-in tools might not. – CBHacking Feb 25 '21 at 05:26
  • 1
    @Jim As for #5, did you miss the "and you trust the email provider" part? If you trust Google, then it doesn't matter if Google can read the message, and Gmail-to-Gmail should be good enough (or you could use equivalents by other providers). You already proposed putting the data in Google Drive, which Google can of course see (see #4). As for SMS, it's not secure - it can both be intercepted (with the right equipment) and re-routed (via SIM hijacking) and exposes the data to the mobile operator - but using it for an attachment's password would require the attacker compromise both SMS & email. – CBHacking Feb 25 '21 at 05:32
  • So if I understand correctly if the email provider is the same for both the sender and recipient (e.g. gmail <-> gmail, yahoo <-> yahoo etc) is considered secure? – Jim Feb 25 '21 at 08:36
  • For Google Drive, does it require the recipient's email for share to be a gmail? I do remember in the past I had shared a google doc with a non gmail email account. – Jim Feb 25 '21 at 08:39
  • In regards to zip, as long as it the ecryption is done with a tool that is install and not shipped with OS it should be safe right? – Jim Feb 25 '21 at 08:42
  • All major email providers should provide security (against everything but themselves) within their network, yes, though the quality of that security may very. Securely sharing a file in Google Drive requires the recipient have a Google account (often but not always tied to a Gmail address) but you can generate a sharing link that provides access to the file to anybody with the link; this isn't totally insecure bit it's much worse (especially if you send the link through an insecure channel). Any tool that supports modern ZIP encryption will let you choose the cipher, you should pick "AES". – CBHacking Feb 26 '21 at 01:30
  • If "all major email providers should provide security (against everything but themselves) within their network" then can I infer that an email going e.g. from gmail to aol or yahoo or vice versa is also secure except where it changes network? Finally a sharing link that provides access to the file to anybody with the link option, is this link somehow discoverable? Or the only thing to watch out for is how the link is sent? – Jim Feb 26 '21 at 08:53
  • So is it correct to state: the only danger with sending data via emails is that employees of the email providers could have access to them? – Jim Feb 26 '21 at 09:36
  • "secure except where it changes networks" sure, but it might go through multiple hops between the networks and it's potentially wide open during those steps. Sharing links mean partial loss of control over access to the doc; people can share the sharing link, or obtain it surreptitiously and use it, without you knowing. As for "employees of the email providers", there's also government orders, malicious outside access to the servers, server logging misconfigurations, hardware implants, and so on. Every step in the path where the message is even briefly in plain text is a potential weak point. – CBHacking Feb 26 '21 at 19:24