I’d also recommend GPG, especially if you use (or could switch to) an email client with a decent plugin for it.
One note: you still need to securely establish common keys beforehand; public key encryption just makes “securely” easier. To attack a symmetric key encrypted communication, you just need to be able to eavesdrop on the key and the encrypted content. To attack a public key encrypted communication, you need to be able to eavesdrop on both public keys, block the true public key messages from reaching their recipients, inject false messages with your own public keys, and then eavesdrop on the encrypted content. None of the industrial-scale solutions for preventing this (certificates, web-of-trust, etc.) are very satisfying to me, but “call your buddy on the phone and spend 20 seconds reading key hashes out loud” is fine for personal security.
I’d also recommend GPG, especially if you use (or could switch to) an email client with a decent plugin for it.
One note: you still need to securely establish common keys beforehand; public key encryption just makes “securely” easier. To attack a symmetric key encrypted communication, you just need to be able to eavesdrop on the key and the encrypted content. To attack a public key encrypted communication, you need to be able to eavesdrop on both public keys, block the true public key messages from reaching their recipients, inject false messages with your own public keys, and then eavesdrop on the encrypted content. None of the industrial-scale solutions for preventing this (certificates, web-of-trust, etc.) are very satisfying to me, but “call your buddy on the phone and spend 20 seconds reading key hashes out loud” is fine for personal security.