About CryptMail
Do you think your emails are safe?
No, absolutely not. Even the secure connections IMAPS/SMTPS provided by the email server just ensures the message is encrypted when they are on transport. When emails are stored on the server, they are plain text! Email server and email service provider knows every detail of your email. They will be figuring out your private informations, what you like, where you live, what you talk about, and use those information to send advertisements to you. The worse case is your privacy information is stolen by a hacker who attaches the server. And the worst case is, you may have some sensitive information like your bank account or credit card info in your email.
So what can you do?
To secure the messages, first we need to encrypt the messages at the beginning, so no plain text exists anywhere except the sender and receiver's device. Second, we shouldn't send password to anybody else, passwords themselves are not secure.
This is what CryptMail is doing:
- encrypting with RSA + AES algorithm, no plain text is sent out
- RSA keys are generated by you on your device, they are only known to your device
- only public key is sent to your contacts, it is used to encrypt messages, but can not be used to decrypt messages
- private key is only on your device and never sent out, this ensures the confidentiality
- if your message is too long for RSA to encrypt, it will be encrypted with a randomly generated AES key using AES algorithm. The AES key will be encrypted with RSA public key and sent together with the message. This ensures efficiency.
This is also what unix secure shell uses to protect informations.
Being cautious is the only way to deal with the security problem we are having today. I have to say, Hilary Clinton was unfortunate. If she had this app, there is no need to create her own email server, gmail or zoho are just fine for her.