End-to-End Email Encryption
Drop a message, send an invitation to a business meeting or transfer a file. These are typical workflows for email and email is really good at that. It is reliable and stable. Unfortunately, it is not secure. Why is that? Email is decentralized. Everyone has their own infrastructure with its own vulnerabilities.
We thought about this issue deeply. With Autocrypt we made a solution that is independent of the infrastructure and like the name said: It’s working out of the box. No user interaction required. The user simply gets notified when a secure communication channel is available.
Autocrypt is email encryption easy as in WhatsApp.
Security depends on the user. Every security mechanism that involves stressfull user interaction will be bypassed if possible. Stress means that the user was not able to carry out his task quickly, because the security mechanism blocked it. The Cotech implementation of Autocrypt automates away these interactions, so that the users can concentrate on their actual work.
Stressful activities in email encryption include manual key or certificate management. For end-users, it is hard to understand that cryptographic keys are tied to the identity of the email recipients. Thus, key management should be automated and should not result in stressful security decisions. Cotech Autocrypt hides these decisions. Key generation, discovery and backup are fully automated.
All emails sent using the Cotech Autocrypt platform include a “hidden attachment”: The key for the next email. Technically an email header field is used for that. The recipients process that key and store it in their key databases. All following emails, usually a reply to the first email, can now be encrypted with the key sent previously.
With that mechanism, all participants in the Autocrypt network receive keys. The clients automatically collects information who is able to receive encrypted emails. Based on that, users can decide to enable encryption in their user interface.
The Autocrypt specification has been designed in an open process. The founders and developers of Cotech are one of the leading participants in this effort.
By default, 3072 bit RSA keys are generated. Optionally, the platform can be shipped with other key lengths and algorithms. The process of key generation is executed automatically in the background.
After enabling Autocrypt, the user gets a backup code. With that backup code the access to the key is protected. Additionally, the backup code can be used to restore and add devices to the email account.