Email encryption and digital signature for a secure electronic communication
Authenticity, integrity and legal validity in electronic documents sent via email
Today and up to a certain extent considered a reality, message programs such as Whatsapp have displaced other ways of communication such as email, if ever, more in the personal sphere rather than in the corporate one. Although this cases are also encountered with the ones concerning and involving both public and private organizations.
Until now, it was thought that encrypted messages of Whatsapp offered absolute legal validity and could not be handled. This concept went on until it was proven that this was not the case as it was initially thought. This is due to the fact that if we configure our device in a super user mode, you can access to these messages without encrypting at the database of the device and manipulate them without showing any evidence which would be unfeasible when implementing its legal validity. This is because these messages only use symmetric encryption; the same key to encrypt and decrypt.
Therefore, Whatsapp messages, cannot be considered messages with guarantee of authenticity and legal validity either on a personal level or at an organizational level.
Faced with this situation, should organizations use Whatsapp as a means of communication between their public, or should they better bet on the use of electronic mail?
Undoubtedly, the second option (electronic mail) is the most reliable one and the only one that can offer a secure environment for the transmission of information, both for situations where legality ought to be proven and for those that need not be.
E-mail servers, unlike the Whatsapp server, keep a copy of the sent mail, which serves as a proof for certification purposes.
It is obvious that emails are often used fraudulently and that in many cases, the impersonation can make companies be concerned about the important damages these fraudulent applications may cause on the company’s image.
However, we can go one step further in the content security of our emails, to avoid such risks.
Encryption and digital signature for the content of the email of the organizations.
The organization’s information assets represent a material of great importance and sensitivity for the business, in such a way that the protection of these critical infrastructures against possible attacks and manipulations (such as cases of espionage, industrial sabotage or theft of information) must be strongly reinforced. This can only be achieved through this sensitive information encryption.
Encription that uses both symmetric encryption algorithms (of those which I have already spoken about in the Whatsapp example) as well as asymmetric encryption algorithms. which are more robust and whose symbiosis leads to a robust system of encryption of the contents.
In addition, if we also want to ensure the authenticity of the content signer of this email, we will use the digital signature as a complement to this content encryption.
In the same way, this process provides legal proofs in any situation that may require it.
Therefore the encrypting and/or the signing of the email does not only protect our content against possible cyber-criminals, but it gives us authenticity and provides no alteration of the content.
What is the most secure way to encrypt and digitally sign the email?
Among all the options that we can find in the market when looking for solutions for email encryption and digital signature, we must consider that the robust solutions based-cryptography using a security hardware module (HSM, Hardware Security Module) are the only ones who can provide us with a reliable environment.
Moreover, we must think about a solution that can be used between the users of the organization within a corporate environment, as well as for other corporate users which are external to the organization.
Also, that would allow us for example, if we are a group of companies like WALMART, sign on behalf of all of our companies or in the case that we are a company that represents many clients, be able to sign on their behalf.
And of course, taking into account that we are immersed in the digital and mobility age, where there is an increase in the use of mobile devices, it is essential to have a solution that will allow us to perform this process from any of these environments.