Mailvelope Email Encryption

Encryption provides an extra layer of security in case a hacker, or even a rogue employee without the right permissions, manages to gain access to an email message that wasn’t intended for him or her.

Email encryption is scrambling of email messages using complex algorithms to protect the content from being read by those other than the intended recipients. Emails often disclose a lot information. Most emails are currently sent and received in a clear or unencrypted form.

Encryption provides an extra layer of security in case a hacker, or even a rogue employee without the right permissions, manages to gain access to an email message that wasn’t intended for him or her. This provides an extra layer of security to your emails & attachments by scrambling them using complex algorithms, and then decoding them for whomever possesses the key to unlock.

Private Keys and Public Keys

Email encryption relies on public-key cryptography- in simple words this means that users have two keys – a public key and a private key. Users can each publish a public key that others can use to encrypt messages to them, the private key is a secret key that the recipient has and only they can use it to decrypt such messages sent to them.

  • Public key – Used to encrypt a message. Is and should be available to everybody.

  • Private key – Used to decrypt a message. Needs to be stored securely. Access is restricted by password and available only to the intended user.

Non-profit organizations frequently have to deal with personally identifiable information (PII) that must be protected. As much as it is important to protect data of those whom you work with, it is also a best practice to use email encryption to protect sensitive information that is part of email conversations. Pretty Good Privacy (PGP) is an encryption program that helps scramble email messages.

Using email encryption for non-profits seems like a nice thought but there can be a lot of stumbling blocks — especially if you are constrained by budgets or tech talent. Traditional encryption solutions can be a time-sink as far as implementation is concerned. Mailvelope is a Chrome extension and Firefox add-on that makes PGP encryption with existing email accounts easy.

Why Mailvelope?

  1. Mailvelope is Open-Source

  2. It supports 4096-bit RSA encryption, which is strong by today's standards.

  3. It has a robust design. It encrypts your public and private keys on your local disk and password protects them.

  4. The keys are generated in your local machine and are never transmitted over the internet.

  5. Mailvelope does not store the keys.

This demonstration will use the Chrome Extension and Gmail, although Mailvelope is designed to work with all major webmail providers.

  1. Go to Mailvelope Chrome Extension

  2. Click on “Add to Chrome” to add the extension to Chrome.

  1. Once the extension is installed you will find the screen below:

  1. To generate a key, open the Mailvelope extension and go to the "Generate Key" tab as shown below.

  1. Fill out the necessary information and hit "Generate". For maximum privacy, it is a good idea to click on the advanced button and enable 4096-bit key lengths instead of 1024 or 2048. Make sure that you assign a very strong password to your keys, they are your final line of protection. After you hit Generate, it will take some time to generate the keys. Click the checkbox to upload your Public key to the Mailvelope server if you wish to. Uploading the public key to either the Mailvelope server or MIT PGP Key Server helps people to send PGP email messages to you using your public key. One can search for public keys using the search option on MIT PGP Key Server.

  1. Now you have generated a key pair, you have a public key and a private key in your keyring. You can see your keypair in the "Display Keys" tab as shown below.


As said before, in PGP encryption there is a public key, and a private key. In order for someone to be able to send you secure messages, they have to have your public key. In order for you to send others secure messages, you have to have to have their public key.

To find out what your public key is, you can use the "export" drop-down menu in the "display keys" tab. You will have to enter your password to get to your keys.

Saving your keys

Save your public key and private key (do not share this with anyone) on your local machine. It is a good idea to back up your private key.


In this example, I want to send a secure message to my friend [email protected]. To do this, I need to have his public key. The public key for [email protected]looks something like this:


So, what you want to do is import this public key into Mailvelope, so it knows which public key to use when I want to send an email to [email protected]. Below, I have pasted the [email protected]’s public key into the field in the import tab.

  1. Once you have completed importing your recepient’s public key, you are ready to send secure emails to him/her with no worry of being intercepted or the message being deciphered.

  2. Let’s send a PGP-encrypted email to [email protected] from my email address [email protected]

Let’s see how Mailvelope works. When you begin to compose a new message in Gmail you will see a small overlay button that looks like a pencil and notepad. You click that button to start writing a secure message offline. You then write your message in the window that pops up.


Once you have entered the recipient’s email address, you click the "encrypt" button at the bottom. This encrypts your email message with the appropriate keys. You'll see the PGP encrypted message in the Gmail window, ready to be sent, like you can see below.


The message cannot be deciphered by anyone, except for those with access to the appropriate private keys. The private keys are never transmitted in this process, and they are securely stored locally by Mailvelope. It does take a couple of attempts to learn this, but this is simpler than older methods of using PGP. Once you are thorough with this, you can encrypt an email very quickly.

Decrypting and reading PGP email with Mailvelope

So now you know how to securely compose a message to send out. You also need to know how to receive messages with Mailvelope. This is easy too! When you receive an email that is PGP encrypted in your webmail service of choice, Mailvelope should detect it as a PGP encrypted message automatically. Mailvelope then allows you decrypt the message using your keys. You'll see the Mailvelope overlay window pop up automatically with the "secure mail" icon as you see below.


If you wish to read your PGP encrypted message, you have to click on icon and fill out the password. (remember? the password you set up in Step 5)


After you decrypt your message it will be perfectly readable, as shown below.


It is important to know that Mailvelope is decrypting all messages locally. This means that your decrypted messages are never exposed to Gmail or any other provider. If you click the small "x" in the upper right corner of the overlay window (next to the lock) when you are finished reading your message, you can see the original, fully encrypted email as you can see below.


So, that’s it. Very high security PGP encrypted email via an easy to use interface. After using Mailvelope a few times I am used to the process and can encrypt and decrypt messages in a few seconds.