Autocrypt

Autocrypt is a standardized guideline for e-mail programs that enables user-friendly encryption of e-mails and the automated but unsecured exchange of cryptographic keys . The specification was published in version 1.0 in December 2017. The encryption is based on the OpenPGP standard and is compatible with it.

Procedure

With Autocrypt support in e-mail programs , the exchange of keys is transparently combined with the sending of normal e-mails. The key material is stored in the metadata of the message. This enables messages to be encrypted to contacts from whom an e-mail has been received. It is not necessary to store the key material on the public key server , nor is the process dependent on support from the e-mail provider.

The exchange of keys when sending encrypted messages to several recipients is also automated between all recipients. This ensures that encrypted replies can be sent to the same group of recipients without complications.

Security model

The key management model follows the “opportunistic security” approach according to RFC 7435 . Encryption is possible without user intervention; in contrast to traditional OpenPGP-based applications, verification of keys by the user is not required for use. This prevents non-directional monitoring of e-mails.

Man-in-the-middle attacks are not prevented. Such attacks, however, leave traces in the affected messages and can be recognized by manual verification of keys by the user, for example by comparing cryptographic "fingerprints". A corresponding mechanism is not part of Autocrypt 1.0, but is intended for a future revision. Despite the lack of a specification, verification is already supported in practice by the underlying OpenPGP implementations ( e.g. GnuPG ).

Technical details

Autocrypt uses the established OpenPGP standard as the underlying data format. The encryption of e-mails uses AES in conjunction with RSA keys with a recommended length of 3072 bits. The methods used are selected for the greatest possible compatibility with existing OpenPGP implementations. In the future, more space-saving methods based on Elliptic Curve Cryptography are to be used, which are currently still in development in some OpenPGP implementations.

distribution

Autocrypt is supported in the Thunderbird extension Enigmail from version 2.0, in Mailpile, in the Delta Chat Messenger from version 0.9.2, in Mutt from version 1.13 and under Android in K-9 Mail from version 5.400.

The mail provider Posteo supports Autocrypt through additional authentication of the Autocrypt metadata using DKIM .

See also

• Pretty easy privacy

literature

• Autocrypt - in: Bertram, Linda A. / Dooble, Gunther van / et al. (Eds.): Nomenclatura: Encyclopedia of modern Cryptography and Internet Security - From AutoCrypt and Exponential Encryption to Zero-Knowledge-Proof Keys , English, 2019, ISBN 9783746066684 .

Web links

• Autocrypt website (English)
• AutoCrypt 1.0 specification (English)
• Autocrypt automates email cryptography . In: Heise Select . ( heise.de [accessed on April 24, 2018]). 
• iX: Simple mail encryption: PGP helper Autocrypt introduced in version 1.0. Retrieved April 24, 2018 . 

Individual evidence

1. ↑ Autocrypt FAQ - Why is there no key verification mechanism? Retrieved April 27, 2018 . 
2. ↑ AutocryptFAQ - Why RSA3072 and 25519 only later? Retrieved April 27, 2018 . 
3. ↑ Patrick Brunschwig: Enigmail - 2018-03-25 Enigmail v2.0 released. Retrieved April 24, 2018 (UK English). 
4. ↑ Bjarni Rúnar: Mailpile: Progress Report: events, packages, 1.0. Retrieved January 14, 2019 . 
5. ↑ Delta Chat v0.9.2 feat. Autocrypt Level 1. Retrieved April 26, 2018 (English). 
6. ↑ Mutt 1.13 release notes. Retrieved January 13, 2020 . 
7. ↑ 5.4 Release | K-9 mail. Retrieved April 24, 2018 . 
8. ↑ posteo.de: Simplified email encryption with Autocrypt and OpenPGP headers. Retrieved April 24, 2018 .