In order to simplify the process of distributing public keys for users, a solution has been developed in the form of the BSI project "EasyGPG". Using this process, the creation, application and verified distribution of the public key is largely carried out automatically through already existing e-mail providers. Below, the BSI would like to present how this encryption process works and why it simplifies the process of applying effective e-mail encryption.

Simplified encryption process: EasyGPG

The mechanisms required for "EasyGPG" are provided by GnuPG (GPG), which is used as the cryptography backend by many e-mail programs. But not all e-mail programmes that use GPG pass this functionality through to the user interface. For the Linux operating system, KMail or Thunderbird can be used with Enigmail. Within Windows, Thunderbird can also be used with Enigmail, as can Outlook using the free plugin Gpg4win.

After installing the software, the user is taken through the configuration using a wizard. Through a simple confirmation process, an asymmetric pair of keys, one private and one public, is created. The public key is then sent automatically by email to the applicable e-mail service, provided that this service supports the relevant protocols. The provider verifies the request via an encrypted and signed response to the user. The recipient in turn confirms that this is the correct e-mail address for the public key by a simple click in the email. This then unambiguously allocates the public key to the correct e-mail address and authenticates it. Information about the key, such as its validity or its replacement by a new public key, is also kept up to date.

The major advantage over the conventional process is that the now verified public key is distributed to all of the communication partners by the e-mail provider via its server automatically. The communication partners that wish to send an e-mail in encrypted form to the holder of the key no longer need to request the key but instead receive it automatically by entering the e-mail address into the address field. Without any further input, the key available for the relevant e-mail address is requested and automatically applied in the background of the e-mail program in order to encrypt the e-mail to this address. The key is stored locally in the "key chain" of the sender and can then be used within the e-mail provider in future without having to request it.

The service is already offered by the provider posteo.de and mailbox.org has announced its support. Further providers are expected to support EasyGPG in the near future. Until then, it may be worth changing providers.