In order to discuss secure email, we must first agree on some terms relating to security in general. If we want to communicate securely, whether by email or another means, what do we mean by “securely”? That question can be answered in two ways: authentication, which is the process of ensuring that the two parties involved are who they say they are, and privacy, which is the process of protecting the contents of the conversation from others.

Authentication is generally implemented by use of either a shared secret or an asymmetric key algorithm like the public key/private key concept. A shared secret allows for extremely strong protection, since the two parties can agree to anything (such as “Every time that I say ‘turkey,’ I really mean that you should call your mother”). The problem with shared secrets is that the two parties must at some time agree on the secret. How does one do that on the Internet when the two parties have never met? Any Internet-based exchange could be intercepted. Asymmetric keys, on the other hand, rely on a special mathematical property of very large numbers; they are hard to factor. Two keys, generated in advance, can include factors for the same large number. Guessing the number by brute force, even with modern computers, can take a long time. This is how public key/private key systems work.

For the purposes of email, the asymmetric key algorithm is preferable since the two parties may never meet to safely exchange a shared secret. Due to the computational requirements of public key/private key cryptography, most implementations use a combination of the two approaches. That is, public key/private key cryptography is used to encode a shared secret, which is then used to encode the remainder of a conversation.

Privacy means that only the parties to a conversation should be able to understand the content of it. This generally means that the conversation takes place in a private place, the transmission of the data is encrypted in some form that only the two parties can decode, or the content of the conversation itself is encrypted.

That leaves us with three categories of security that could relate to email:

A private place is clearly not usable in an email context, and we have already seen that the infrastructure of the Internet mail system is insecure in itself. There is no way to impose a uniform security structure on such an open and cooperative environment. Even if it were possible, many mail system operators would simply choose not to upgrade their mail servers, leading to serious incompatibility problems. This leads us to the conclusion that the transmission of electronic mail cannot reasonably be encrypted throughout the Internet. The only solution left is to somehow encode the contents of each email message.

Therefore, an email security solution only needs to address authentication and data encryption. OpenPGP and S/MIME, as we shall see, do just that.