Password encrypted messages based on symmetric encryption
Secure and private email provider Mailfence announced today the launch of secure emails based on symmetric encryption. Mailfence, one of the world’s most secure and private email services, already allow users to send end-to-end encrypted emails based on OpenPGP. With the password encrypted messages (also referred to as secure message escrow) it enlarges the possibilities. Overall, Mailfence users can now send:
- Clear-text emails.
- Signed emails (OpenPGP based).
- Signed and encrypted emails (OpenPGP based).
- Password encrypted emails (Symmetrical-key encrypted emails based on a shared secret).
Launched in 2013, Mailfence has rapidly gained recognition among security specialists and privacy activists. Its interoperable end-to-end encrypted email service gives full control to the user. Besides the secure email functionalities, users can also securely manage and share calendars, files, contacts or mailboxes with other group members.
How do password encrypted messages work?
- Go to your account Messages -> New -> Click on the ‘Encryption’ button in the Top menu.
- A pop-up will appear, which will give you the choice between Password encryption and OpenPGP encryption modes.
- Click on ‘Use password’.
- A second pop-up will invite you to choose a password (that you will need to share with your recipient), a hint and a date at which the access to the secure message will expire.
- Once you finalize the message, send it like any other email message.
- The recipient will receive an email with a hyperlink that will look like this:
- The recipient fills in the password in order to decrypt the message.
What is symmetric encryption?
Symmetric-key encryption uses the same cryptographic keys for both the encryption of the message by the sender and the decryption of the ciphertext by the receiver. The keys, in practice, represent a shared secret between two or more parties. Symmetric encryption is the oldest and most-known encryption technique. As long as both the sender and the recipient know the shared secret, they can encrypt and decrypt all messages that use this shared secret.
- The message is encrypted using symmetric key derived from the user password (via a S2K function) on the front-end. The back-end stores the encrypted message.
- The recipients receives the access URL of the encrypted message.
- Recipient clicks on the access URL and provides the right password (the password chosen by the sender). It will be used to derive the symmetric key, which in turn decrypts the message. This step also includes several performance optimization measures.
Note: please do not use your account password, or your OpenPGP keypair passphrase, as the password for symmetrically encrypted messages.
All of the encryption/decryption process happens on the front-end (in your browser) using an opensource and security-audited library. The derived symmetric key is never shared with the back-end, thereby maintaining a zero-knowledge framework.
Who can use password encrypted messages?
Following our design philosophy of providing absolute control and freedom, usage of this feature is not restricted. Therefore:
- All Mailfence users can use password encrypted messages with other Mailfence users.
- All Mailfence users can use password encrypted messages with non-Mailfence users.
Mailfence cares about standards and an open internet.
Advantages of password encrypted messages
Ease of use
The main advantage of symmetric key encrypted emails is the ease of use. You can send encrypted emails to any person without having to make sure that this person has a (asymmetrical) public key, or a special program/add-on/plugin to decrypt the message. You can send secure password encrypted messages to anyone, without any need for technical know-how about encryption. The only thing you will need to do is communicate a shared secret/password to the recipient of your message.
The messages remain hosted on servers of the sender service. It does not transit via the open internet. They are stored encrypted on our servers and are kept there, until they are retrieved by the recipient or deleted by the sender.
After receiving the secure link, the recipient can access the message from any device (with an updated browser). The sender can set an expiration date to the secure link, which means the recipient can only use that link to decrypt and read the secure message until it has expired.
Disadvantages of password encrypted messages
Losing shared secret/passphrase
The main issue with shared secret/passphrase is that you need to exchange it with the receiver of the encrypted message. You can do this over the internet or via an alternative channel such as SMS, phone, … The danger is that if the shared passphrase falls into the wrong hands, anyone who knows it will be able to decrypt the message. One answer to this problem is asymmetric encryption (OpenPGP based), in which there is a key pair: a public key which is made freely available to anyone who might want to send you a message and a second, private key which is meant to be kept secret by its owner.
Symmetric key encrypted emails requires trust in the sender service (i.e., Mailfence) which manages and provides this feature. The recipient must view the message on the sender’s portal. In case of an unreliable or breached sender service, there could be a significant security issue. Also, there are no digital signatures (except the traditional DKIM header for anti-spoofing reasons) on these encrypted messages. For that, you should use asymmetric signature (OpenPGP based).
You cannot forward symmetrically encrypted messages. Neither party can change the sender address and the recipient address for a given email conversation thread. We do not support message attachments at this point.
– Mailfence team