Once upon a time, a long time ago I discovered something called Pretty Good Privacy (pgp in short) and tried to use it on my Atari to communicate with a friend - that really never worked.
10 years later I installed gnu-privacy guard and started using it so sign emails. The idea at that time was - that if every email was signed then we could easily filter for spam. I have encrypted a few emails - but my correspondence doesn't need to be generally encrypted. With signed emails we would come back to emails without spam - a useful tool to communicate. So I started trying to install gpg on my families computers so we could all signed our emails. That failed - they didn't see the point. And I myself got tired of having all my emails look like spam as they were all starting like :
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
So I stopped using gpg and signing emails as I didn't see the point in putting those in my emails and making them harder to read for their recipient.
I recently picked up interest in signing email again, as there are a few ways to do it that are not intrusive for the other users. Both methods are involving S/mime, one will work with certificates. The other works with pgp. So I've started signing my email again with my key. This let's me know for sure if the email I'm getting is signed and I can encrypt emails containing sensible information easily (say I need to share a password, I will then encrypt the email.).
So why do I use gpg over certificates ?
- Setting up gpg is way easier than a certificate at least for my geek mind. Certificates are the solution for big corporation where HR/IT can ensure a proper process for certificates. For my personal use or for my family domain it would be too much of a hassle.
- One feature that is provided easily with gnupg is the web of trust, which will let me know if/how I can trust the sender of that specific email (email as to be signed of course).
- Last but not least I can use my key to sign software
One answer is given at http://mozdev.org/pipermail/enigmail/2009-August/011393.html :-)
Is there a way of encrypting emails that'll work with the major webmail providers (i.e. yahoo, hotmail, gmail)?
For the record, Thawte offers free S/MIME certificates via a web-of-trust system, too.
http://www.thawte.com/secure-email/personal-email-certificates/index.html
The big advantage of S/MIME is that most common mail clients (including Thunderbird) can already handle it out of the box. Only problem is that getting a certificate requires a bit of effort - but that's worth it IMO since it ensures that sender's authenticity is immediately verified. And - yes, I sign all my outgoing mail with certificates.
For you information, StartSSL offers for free s/mime signature certificates that are publicly recognised http://www.startssl.com/?app=1
With that, you don't have to setup anything special, and should not get warnings.
Yes I use pgp/mime.
If you use "S/MIME with pgp without certificates" then most certainly you are using the PGP/MIME version of the OpenPGP standard, right? It detaches signatures as attachments, which keeps them out of the way of the recipients.
S/MIME always uses certificates.
And, yes, gpg2 (version 2 of gpg the program) can deal with S/MIME as well as OpenPGP, PGP/MIME.