How to encrypt a Gmail email ?

By Steven, on January 22, 2024, updated on January 15, 2024 - 7 min read

Email encryption is a technique that codes the messages you send, making them unreadable in case of interception by hackers. It’s absolutely essential to go through this process to protect your sensitive data.

While Gmail uses TLS encryption by default, it also offers Workspace users the opportunity to benefit from even stronger encryption.

If all this sounds a bit complex, don’t worry! Debugbar will clarify the various encryption modes available on Gmail and how to use them. By the end, sending secure emails will no longer be a mystery to you.

What is email encryption?

The encryption or crypting of an email is a method that allows you to code your message to make it unreadable if someone unauthorized attempts to intercept it.

It’s as if you were writing with a secret code, where the decryption key is only known by you and the recipient. Thus, you can securely send your confidential information without any risk of it falling into the wrong hands.

relaxed man office

The different types of encryption at your disposal on Gmail

Just like you use various tools for home repairs, Gmail offers several options to encrypt your e-mails. One isn’t better than another; choosing depends on what suits you best in your situation (and what Gmail allows). Allow us to explain…

S/MIME (Secure/Multipurpose Internet Mail Extension): Encrypting your outgoing emails

For those who have the paid version of Gmail (Google Workspace), this option is for you.

Thanks to S/MIME, all outgoing e-mails are encrypted, offering an extra layer of protection. In essence, it’s as if each email you send was stored in an impenetrable safe. Hence, even if it is intercepted during its delivery, a hacker who doesn’t have the keys to open it won’t be able to read it.

Unfortunately, not everyone uses Workspace (WS)… If this is your case, relax, Gmail still provides a relatively safe default encryption for its other users.

TLS (Transport Layer Security): Encrypting while sending

By default, Gmail uses the Transport Layer Security protocol to secure emails during their transfer.

It’s somewhat the digital equivalent of a secure convoy protecting your email transport. However, this protocol requires the recipient also supports this technology.

On the other hand, once the email reaches its destination – the recipient’s inbox – your email is no longer protected.

This means that though this type of encryption is quite reliable, it does have limitations.

PGP (Pretty Good Privacy): The well-protected secret

PGP is another type of encryption that works as a secret code for your e-mails. This recognized encryption standard can be used with Gmail, although, by default, this mail service doesn’t support it.

But don’t worry! If you want to use it on Gmail, it’s possible. You just need to install a specific extension on your browser, and you’re done!

privacy locked

Confidential mode: Top secret information

Confidential mode is the least secure of Google’s mail sending modes as it’s not strictly an encryption protocol.

However, it does allow you to send your e-mails as though they were top-secret information.

But beware! Even if this option seems highly secure at first glance, it requires recipients to click on a link to access the message, which remains stored on Google’s server. So, you should not completely rely on it if you plan to send private documents.

Now that you have an overview of the different encryption modes available on Gmail, let’s see how to put them into action.

How to encrypt your emails on Gmail? The full tutorial

You now have some idea of the different encryption tools at your disposal on Gmail. So, how do you use them? We’ll explain how in the steps below.

1. Activate S/MIME encryption

To activate S/MIME encryption, you must have a Google WS account. If you do, just follow this step by step guide:

  1. Log in to your Google WS account
  2. Navigate to: Apps > Google Workspace > Gmail > User settings
  3. Look for S/MIME settings in the admin console
  4. Select Enable S/MIME for outgoing e-mails
  5. Click on Save

And there you have it, the S/MIME protocol is activated, and your outgoing emails will be perfectly encrypted.

Once you’ve activated the S/MIME encryption, you can then start writing your email as usual.

  1. Click on the “New message” button
  2. Fill in the recipient field, subject, and body of the message
  3. Look for the padlock icon on the right of the “To” field
capture decran 2023 12 29 a 14.36.15
  1. Click on the “view details” option to access the S/MIME encryption options
  2. Select your desired level of S/MIME encryption

Then all you have to do is click on “Send”, and your encrypted email will be sent to its recipient. With these simple steps, you can now encrypt your emails on Gmail using S/MIME to protect your sensitive data in the most suitable way according to your needs.

The problem is that if you don’t have Workspace, you won’t be able to use this method… You’ll then have to rely on TLS encryption.

2. Activate TLS encryption

This encryption is Gmail’s default encryption option. To be precise, it automatically activates when you send an email from your Gmail account.

You’ll just need to:

  1. Compose your email as you usually would.
  2. Check for an open gray padlock next to the recipient’s name before pressing “Send“. This indicates that the recipient does not support this protocol.
  3. If the lock is closed and gray, then the message will be encrypted with TLS during its delivery. No further action is required on your part.

Neither S/MIME nor TLS encryption suit you? Then you might want to install PGP encryption.

data encription

3. Activate PGP encryption

Gmail doesn’t support PGP by default, but it’s completely possible to use it. To do this, you’ll need to install a specific browser extension like Mailvelope or FlowCrypt.

  1. Install the chosen extension from your browser’s store.
  2. Set up the extension following the step by step provided instructions. This usually involves generating a new pair of encryption keys.
  3. Compose your email in Gmail. When you’re ready to send it, click on the extension icon to encrypt your message.
  4. Enter the password or secret phrase you chose when setting up the extension to encrypt the message.
  5. Then, simply click on “Send“.

The recipient will also need to have the same extension installed and have your public key in order to decrypt your message.

Don’t need your email to be encrypted? A slight protection is enough? Then you can certainly use the confidential mode.

4. Using confidential mode

Gmail’s confidential mode does not encrypt emails end-to-end. However, it does offer a level of control over your messages by limiting the actions that the recipient can perform.

To use it:

  1. Compose your email in Gmail as usual
  2. At the bottom of the editing window, click on the “padlock” icon
    confidential mode
  1. The confidential mode will then open, and you can determine how long the recipient will be able to access the message and require an SMS code to open the email.
    mode confidentiel
  1. After setting your options, click on “Save
  2. Complete writing your email and then click on “Send

In this way, even if your email is not encrypted end-to-end, you maintain some control over its access.

None of the discussed solutions suit you? You want more security? It’s true that Gmail’s offerings are effective, but they can be limited when security is central to our concerns… In this case, it’s best to go through a third-party service that will offer complete encryption.

5. Using a third-party service

If Gmail does not provide you with the desired guarantees, you can easily turn to other secure messaging services that will encrypt all your messages end-to-end. These services are often paid, but they offer maximum protection for your emails.

  1. Choose a secure email provider like ProtonMail, Mailvelope, Virtru or Tutanota
  2. Create an account with a provider of your choice
  3. Use this account to send and receive encrypted emails

These services use their own end-to-end encryption method, which means that even they cannot read your emails. This is the best protection you can get for your email communications.

That’s it, you’ve chosen your encryption protocol and written your mail, but you want to make sure it’s well encrypted? So let’s see how to check all this!

How to verify that your messages are properly encrypted?

When we receive or send an email with sensitive data, it is always better to ensure that it is well protected.

If you want to check a received email you must:

  1. Open Gmail
  2. Open the email you want to check
  3. Click on the down arrow next to the sender’s name
  4. Spot the “Security” section where the encryption icon indicates the level of security:
    • Green for S/MIME
    • Grey for TLS
    • And red for unencrypted

If you want to check a sent email:

  1. After drafting your email, look for the padlock icon next to the recipient’s address.
  2. If the padlock is green, it means your email will be encrypted with S/MIME, the highest level of encryption available on Gmail.
  3. If the padlock is grey, it means that your email will be protected by TLS, which is another effective type of encryption.
  4. If the padlock is red, it means that the email will not be encrypted. In this case, consider not sending sensitive info.

You can see that encrypting your emails provides security and it’s easy to do. So, you’d be wrong not to do it.

3 good reasons to encrypt your emails on Gmail?

Are you wondering why it is so important to encrypt your emails on Gmail? Still hesitating to encrypt your mails? Here are three reasons that should convince you to do it:

  • It provides increased security: Encryption makes your emails unreadable to anyone who does not have the decryption key. It’s your best shield against hackers.
  • It allows you to protect your sensitive information: Whether you are sending personal, financial or professional data, encryption ensures they remain private.
  • It allows you to comply with regulations: Many industries and regions have regulations requiring the encryption of emails containing sensitive information.

Encrypting Gmail email: The recap’

In summary, as you understood, email encryption is the best way for your confidential exchanges to remain so. If Gmail has its limits, it still offers an acceptable level of protection. And if this does not suit you, you can always resort to a third-party messaging service (Virtru, Tutanota, ProtonMail…).

  • Email encryption is a method to secure your messages by coding them to make them unreadable when intercepted. A decryption key is needed to be able to read it.
  • Gmail offers the possibility to encrypt your emails to increase their security.
  • It is possible for a user to check the level of email encryption sent and received thanks to the padlock icons.

Finally, here is a comparative table of the encryption methods available on Gmail:

Encryption methodDescription
S/MIMEProvides a high level of security by encrypting and digitally signing messages. Requires both users, the sender and recipient to have it activated.
TLSA commonly used method that protects emails when they are in transit between sender and recipient.
Confidential modeThis option restricts what the recipient can do with the message (cannot forward, copy, print or download). Furthermore he has to click on a link to open it. But the private link stays on Google server.