Password encrypted messages based on symmetric encryption
Secure and private email provider Mailfence announced today the launch of secure emails based on symmetric encryption. Mailfence, one of the world’s most secure and private email services, already allow users to send end-to-end encrypted emails based on OpenPGP. With password encrypted messages (also referred to as secure message escrow) it enlarges the possibilities. Overall, Mailfence users can now send:
- Clear-text emails.
- Signed emails (OpenPGP based).
- Signed and encrypted emails (OpenPGP based).
- Password encrypted emails (Symmetrical-key encrypted emails based on a shared secret).
Launched in 2013, Mailfence has rapidly gained recognition among security specialists and privacy activists. Its interoperable end-to-end encrypted email service gives full control to the user. Besides the secure email functionalities, users can also securely manage and share calendars, files, contacts or mailboxes with other group members.
What is symmetric encryption?
Symmetric-key encryption uses the same cryptographic keys for both the encryption of the message by the sender and the decryption of the ciphertext by the receiver. The keys, in practice, represent a shared secret between two or more parties. Symmetric encryption is the oldest and most-known encryption technique. As long as both the sender and the recipient know the shared secret, they can encrypt and decrypt all messages that use this shared secret.
- The message is encrypted using symmetric key derived from the user password (via a S2K function) on the front-end. The back-end stores the encrypted message.
- The recipients receives the access URL of the encrypted message.
- Recipient clicks on the access URL and provides the right password (the password chosen by the sender). It will be used to derive the symmetric key, which in turn decrypts the message. This step also includes several performance optimization measures.
Note: please do not use your account password, or your OpenPGP keypair passphrase, as the password for symmetrically encrypted messages.
All of the encryption/decryption process happens on the front-end (in your browser) using an opensource and security-audited library. The derived symmetric key is never shared with the back-end, thereby maintaining a zero-knowledge framework.
To learn how to send a password-encrypted message have a look at our support article.
Who can use password encrypted messages?
Following our design philosophy of providing absolute control and freedom, usage of this feature is not restricted. Therefore:
- All Mailfence users can use password encrypted messages with other Mailfence users.
- All Mailfence users can use password encrypted messages with non-Mailfence users.
Mailfence cares about standards and an open internet.
Advantages of symmetric encryption
Ease of use
The main advantage of symmetric key encrypted emails is the ease of use. You can send encrypted emails to any person without having to make sure that this person has a (asymmetrical) public key, or a special program/add-on/plugin to decrypt the message. You can send secure password encrypted messages to anyone, without any need for technical know-how about encryption. The only thing you will need to do is communicate a shared secret/password to the recipient of your message.
The messages remain hosted on servers of the sender service. It does not transit via the open internet. They are stored encrypted on our servers and are kept there, until they are retrieved by the recipient or deleted by the sender.
After receiving the secure link, the recipient can access the message from any device (with an updated browser). The sender can set an expiration date to the secure link, which means the recipient can only use that link to decrypt and read the secure message until it has expired.
Disadvantages of symmetric encryption
Losing shared secret/passphrase
The main issue with shared secret/passphrase is that you need to exchange it with the receiver of the encrypted message. You can do this over the internet or via an alternative channel such as SMS, phone, … The danger is that if the shared passphrase falls into the wrong hands, anyone who knows it will be able to decrypt the message. One answer to this problem is asymmetric encryption (OpenPGP based), in which there is a key pair: a public key which is made freely available to anyone who might want to send you a message and a second, private key which is meant to be kept secret by its owner.
Read our Knowledge base article if it is necessary to have an expiration date for your password-encrypted messages.
Password encrypted emails require trust in the sender service (i.e., Mailfence) which manages and provides this feature. The recipient must view the message on the sender’s portal. In case of an unreliable or breached sender service, there could be a significant security issue. Also, there are no digital signatures (except the traditional DKIM header for anti-spoofing reasons) on these encrypted messages. For that, you should use asymmetric signature (OpenPGP based).
- Attachments can only be sent with the original (or first) email in a conversation. Recipient(s) cannot add attachments in response email.
- You cannot forward password encrypted emails.
- Neither party (sender or recipient) can change the sender address and the recipient address for a given email conversation thread.
– Mailfence team
Salman works as an Information security analyst for Mailfence. His areas of interests include cryptography, security architecture and design, access control and operations security. You can follow him on LinkedIn @mohammadsalmannadeem