How Encryption works in CTemplar Email?
CTemplar uses OpenPGP for end to end encryption of emails. It is the most widely used email encryption standard. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.
Generation of Keys :
When a user sign up on CTemplar, its RSA private and public keys are generated using user password as passphrase of private key. These keys are stored on CTemplar server and retrieved on successful login by user. The private key is encrypted using user’s account password, and user password is never sent to server in plain form, it is hashed using a salt from user’s username and that hash can’t be used to get the actual password. So only user know the actual password, which is required to decrypt the emails, so even CTemplar is unable to see into its user’s emails content.
Encryption/Decryption of Messages:
Messages are encrypted using 4096 bit encryption under OpenPGP standard protocol on client side. The message is encrypted using recipient’s public keys and then sent to server.
- If all the recipients are CTemplar users, then the public keys of all the recipients are retrieved from server, and the message is encrypted using those public keys along with user’s own public key and then encrypted message is sent to server. The recipients receive the encrypted message, and they use their private key to decrypt that message, only the recipients of that message can decrypt it.
- If recipients include CTemplar and Non-CTemplar user’s, then the message is sent to server in plain text, server encrypts the message for CTemplar users and send the plain message to Non-CTemplar users.
- If recipients are only Non-CTemplar, then the message is sent to server in plain text, server encrypt the message for user itself, store it and then send the plain text to non-CTemplar users.
the recipients are non-CTemplar and user want to send encrypted
message to non-CTemplar, then they can set an encryption password
and a hint for that. The new public/private RSA keys will be
generated and private key will be protected using the password, user
provided and the message will be encrypted using the new public key.
The recipients will receive an email with a link. When the user will
open that link, they will be redirected to CTemplar web client,
where they will be asked for the password that the sender used to
encrypt the private key. After entering the correct password, the
content of the email will be decrypted and user will be able to see
the decrypted plain text of email. User can reply to that encrypted
message from their without need to signup or signin on CTemplar.
This is a fully end to end encrypted communication with non-CTemplar
CTemplar hashes every password before sending it to server for authentication or sign-up purposes. A unique salt is created from user’s Username which is then used to hash the password using bcrypt.js. So the user actual password is never sent on network and never reaches the CTemplar server. Only user knows the actual password and the irreversible hash is sent to CTemplar server for authentication or signup. After user provides the password to login, we hash it using becrypt.js and send the hashed password for authentication, on successful authentication, CTemplar server returns the authorization token and then the user info and emails are retrieved using that token. The user actual password is used to unlock the private key on web client and then that private key is used to decrypt the user emails on client side. So even CTemplar server don’t have any way to look into user emails, only user knows the actual password which can be used to decrypt private key.