MDaemon Technologies Blog

Encrypting vs. Signing with OpenPGP. What’s the Difference?

By Brad Wyro

Data Privacy. Magnifying Glass on Old Paper with Red Vertical Line.


Many businesses are responsible for maintaining large amounts of confidential data, including customer records, medical records, financial reports, legal documents, and much more. It’s very common for these types of information to be transmitted via email, especially as the Covid-19 pandemic has forced many businesses to embrace working from home. So how can you ensure confidential data transmitted via email is kept private? How can you ensure the integrity of transmitted data?

Businesses need to ensure confidentiality, data integrity, message authentication (proof of origin), and non-repudiation (proof of content and its origin). These goals can be accomplished using MDaemon’s OpenPGP message encryption and signing services. Read on to learn more about the differences between encrypting and signing an email, and when each is used.


The Need for Encryption

Businesses need to protect sensitive data and preserve confidentiality and privacy. Whether you work in healthcare, finance, legal, HR or education, chances are you’re familiar with the terms GDPR, HIPAA or FERPA (among others). Businesses that fail to meet these regulations risk data breaches that can lead to lost revenue or legal action, as well as steep fines. To address these issues, businesses can use encryption to make their sensitive data unreadable to unauthorized parties.


The Need for Signing

In addition to data privacy, businesses may need to verify an email message's authenticity. This can be accomplished with message signing (adding a digital signature) using OpenPGP.

Signing a message helps ensure the following:

  • Data Integrity – That the email was not altered from its original form.
  • Message Authentication (Proof of Origin) – That the email  actually came from the purported sender (if the sender is the signer of the message).
  • Non-repudiation – That the signer cannot deny the authenticity of the message they signed with OpenPGP.


Encrypting vs. Signing – What’s the Difference?

So what are the differences between encrypting & signing an email? Let’s discuss each.


What is Encryption?

Encryption is the act of converting plain text to cipher text. Cipher text is basically text that has been scrambled into non-readable format using an algorithm – called a cipher. MDaemon’s implementation of OpenPGP encryption uses public key encryption (also known as asymmetric key encryption) to encrypt email messages and attachments.


So How Does Public Key Encryption Work?

Public key encryption uses public/private key pairs. If you want me to send you an encrypted message, you send me your public key, which I import into my email server or other encryption software (using the OpenPGP configuration screen in MDaemon, in this case). I encrypt the message with your public key. When you receive the message, you decrypt it with your private key. Even though your public key can be freely distributed and used to encrypt messages addressed to you, these encrypted messages can only be decrypted with your own private key. This private key must always be kept secret. Data encrypted with the public key can only be decrypted with its corresponding private key.


Encrypting email with OpenPGP Encrypting email with OpenPGP


MDaemon Email Server includes the ability for MDaemon Webmail users to encrypt email messages from within the message compose window.

Check out the following video to learn how to encrypt an email message in MDaemon Webmail.

Encrypting a message helps ensure that the message is kept confidential. The message remains in its encrypted format until it is decrypted with the recipient’s private key.


What is Message Signing with OpenPGP?

As I mentioned above, messages are encrypted with the message recipient’s public key and decrypted with the corresponding private key. Message signing, on the other hand, uses the sender’s private key to sign the message, and his or her public key is used to read the signature. Message signing helps ensure data integrity, message authentication, and non-repudiation.

For example, if John wants to digitally sign a message to Michelle, he uses his private key to sign the message, and sends it (along with his public key if it hasn’t already been sent) to Michelle. John’s public key is the only key that can verify the message signature.


Signing with OpenPGP Signing an Email Message with OpenPGP


More information on using MDaemon’s PGP encryption & signing features can be found in the following knowledge base article:

How to enable MDaemon PGP, configure who can use MDPGP, and create keys for specific users


Do you have questions? Let us know in the Comments section below!


Tags: Email Gateway How-To, Email How To, Email Security, Email Encryption

Brad Wyro

Written by Brad Wyro

Brad has worked in technical and marketing roles at MDaemon Technologies, where he contributes as Content Marketing Manager. Brad balances technical and creative information to develop easy to understand videos and content to educate prospects and customers.


Subscribe to Email Updates