Nicola Vitacolonna

Ph.D. in Computer Science

I prefer to exchange encrypted email

When you are writing to me, the messages we send to each other are stored inside the servers of one or more private corporations. This is true even if you use as the recipient, because the University of Udine outsources its email services (both for students and employees) to one of those big corporations. You might trust a third-party entity to keep your personal data safe, but it is a fact that such data can be mined, for instance to sell ads, stolen, or collected by various “intelligence” agencies using more or less unethical means and for more or less unethical purposes. As long as you are using a service “in the cloud”, you should always encrypt your data. This holds for email messages as well as for other data.

Confidentiality can be attained by end-to-end encryption (“end-to-end” means that the message is encrypted before it leaves the device of the sender and it is decrypted only in the device of the recipient). The most popular email clients (including those in mobile devices) support signing and encryption out of the box and transparently, through a standard called S/MIME. The only thing you need is a valid certificate. Contrary to what many people think, it is possible to obtain a personal valid certificate for free from a few certificate authorities.

There are two ways you can send me an encrypted message: if you have received a digitally signed message from me you already have my public certificate and can start using encryption right away. Just read the documentation of your email client to learn how to use S/MIME. (If you want my certificate, just drop me a plain text email.) For me to send you encrypted messages, you need to obtain a certificate and send me a message signed with that certificate.

The other (possibly better, in some respects) solution is to use OpenPGP instead of S/MIME. This typically requires a plugin for your email client. Once you’ve got the plugin working, all you need to do is download my GPG public key from my home page or from a public keyserver and import it into your GPG keyring. For me to send you encrypted messages, you need to create a private-public key pair, for example with GnuPG, and send me your public key.

Currently, I mostly use macOS and iOS. These are a few resources that I have found useful to set up my system:

Other resources:


Encrypting email has some potential disadvantages:

Other things to keep in mind:

Please, prefer encrypted mail!