Articles

Email Encryption: PGP vs. S/MIME vs. STARTTLS

March 15, 2026 7 min read

Email encryption works by transforming readable email content into an unreadable jumble of characters, accessible only to the intended recipient through a secret key.

Let’s see it in action. Imagine Alice wants to send a confidential email to Bob. She uses PGP (Pretty Good Privacy) to encrypt her message.

Alice: "Hello Bob, your order is ready for pickup."

Alice’s PGP software takes this message and, using Bob’s public key (which Bob has shared with Alice), scrambles it into something like this:

Alice: "U2FsdGVkX1+z4g... [long string of random characters] ...xZg=="

Bob receives this encrypted message. His PGP software then uses his private key (which only he possesses) to decrypt the message back into its original, readable form:

Bob: "Hello Bob, your order is ready for pickup."

This is the core idea: public keys encrypt, private keys decrypt. But how does this actually solve the problem of sending secrets over an insecure channel like the internet? It solves the problem of eavesdropping. Without encryption, anyone intercepting the email could read its contents. With encryption, even if intercepted, the message is gibberish.

The system relies on asymmetric cryptography, often called public-key cryptography. Each user has a pair of keys: a public key and a private key. These keys are mathematically linked. Anything encrypted with a public key can only be decrypted with its corresponding private key. Conversely, anything encrypted with a private key can be decrypted with its corresponding public key (this is used for digital signatures, which we’ll touch on later).

Here’s how PGP and S/MIME implement this for email:

PGP (Pretty Good Privacy)

PGP is a widely used standard for encrypting and signing data, including emails. When Alice wants to send an encrypted email to Bob using PGP:

  1. Key Exchange: Alice needs Bob’s public PGP key. This is typically obtained from a public key server or directly from Bob. She does not need Bob’s private key.
  2. Encryption: Alice’s PGP software uses Bob’s public key to encrypt the email message. For efficiency, PGP often uses a hybrid approach: it generates a random, one-time symmetric key, encrypts the message with this symmetric key (which is fast), and then encrypts the symmetric key itself using Bob’s public key.
  3. Sending: The encrypted message and the encrypted symmetric key are sent to Bob.
  4. Decryption: Bob’s PGP software receives the message. It uses Bob’s private key to decrypt the symmetric key. Then, it uses the now-decrypted symmetric key to decrypt the actual email message.

S/MIME (Secure/Multipurpose Internet Mail Extensions)

S/MIME is another standard, often built into email clients like Outlook and Apple Mail. It’s similar in principle to PGP but uses a different infrastructure.

  1. Certificates: S/MIME relies on digital certificates issued by trusted Certificate Authorities (CAs). When Bob wants to send an encrypted email to Alice, he needs Alice’s public key certificate. This certificate contains Alice’s public key and is signed by a CA, vouching for its authenticity.
  2. Encryption: Alice’s email client uses Bob’s public key (from his certificate) to encrypt the message, again typically using a hybrid approach with a symmetric session key.
  3. Sending: The encrypted email is sent.
  4. Decryption: Bob’s email client uses his private key (which must be securely stored on his device and often protected by a password) to decrypt the symmetric session key, and then uses the session key to decrypt the message.

Digital Signatures: Ensuring Authenticity and Integrity

Both PGP and S/MIME also support digital signatures, which go beyond just confidentiality.

When Alice sends a digitally signed email:

  1. Hashing: Her software creates a unique "fingerprint" (a hash) of the email message.
  2. Signing: This hash is then encrypted using Alice’s private key. This encrypted hash is the digital signature.
  3. Sending: The signature is attached to the email.
  4. Verification: Bob’s software receives the email and the signature. It uses Alice’s public key to decrypt the signature, revealing the original hash. It then independently calculates a hash of the received email message. If the two hashes match, Bob knows:
    • Authenticity: The email indeed came from Alice (because only her private key could have created that signature).
    • Integrity: The email hasn’t been tampered with since Alice signed it (because the hashes match).

The most surprising true thing about email encryption is that the security of your encrypted messages doesn’t depend on the secrecy of the encryption algorithm itself, but entirely on the secrecy of your private key. If your private key is compromised, anyone can decrypt your messages or impersonate you by signing messages with your key.

The next concept to tackle is how to securely manage and distribute these public keys, especially in large organizations or across the internet, which leads into Public Key Infrastructure (PKI) and web of trust models.

Want structured learning?

Take the full Cryptography course →