Autocrypt
   HOME

TheInfoList



OR:

Autocrypt is a
cryptographic protocol A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol describe ...
for email clients aiming to simplify key exchange and enabling encryption. Version 1.0 of th
Autocrypt specification
was released in December 2017 and makes no attempt to protect against MITM attacks. It is implemented on top of OpenPGP replacing its complex key management by fully automated unsecured exchange of cryptographic keys between peers .


Method

Autocrypt-capable email clients transparently negotiate encryption capabilities and preferences and exchange keys between users alongside sending regular emails. This is done by including the key material and encryption preferences in the header of each email, which allows encrypting any message to a contact who has previously sent the user email. This information is not signed or verified in any way even if the actual message is encrypted and verified. No support is required from email providers other than preserving and not manipulating the Autocrypt specific header fields. When a message is encrypted to a group of receivers, keys are also automatically sent to all receivers in this group. This ensures that a reply to a message can be encrypted without any further complications or work by the user.


Security model

Autocrypt is guided by the idea of opportunistic security from RFC 7435 but implementing something much less secure than a trust on first use (TOFU) model. Encryption of messages between Autocrypt-capable clients can be enabled without further need of user interaction. Traditional OpenPGP applications should display a noticeable warning if keys are not verified either manually or by a web of trust method before use. In contrast, Autocrypt completely resigns on any kind of key verification. Key exchange is during the initial handshake and valid or invalid keys of peers may be replaced anytime later without any user interaction or verification. This makes it very easy to exchange new key(s) if a user loses access to the key but also makes the protocol much more susceptible to man-in-the-middle attacks than clean TOFU. The underlying OpenPGP implementation makes it often possible for the user to perform manual out of band key verification, however by design users are never alerted if Autocrypt changed the keys of peers. Autocrypt tries to maximize the possible opportunities for encryption, but is not aggressive about encrypting messages at all possible opportunities. Instead, encryption is only enabled by default if all communicating parties consent, allowing users to make themselves available for encrypted communication without getting in the way of their established workflows.
Man-in-the-middle attacks In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
are not preventable in this security model, which is controversial. Any attacker who can send emails with forged sender-address can cause encryption keys to be replaced by keys of his choice and/or deliberately turn off encryption.


Technical details

Autocrypt uses the established OpenPGP specification as its underlying data format. Messages are encrypted using
AES AES may refer to: Businesses and organizations Companies * AES Corporation, an American electricity company * AES Data, former owner of Daisy Systems Holland * AES Eletropaulo, a former Brazilian electricity company * AES Andes, formerly AES Gener ...
and
RSA RSA may refer to: Organizations Academia and education * Rabbinical Seminary of America, a yeshiva in New York City *Regional Science Association International (formerly the Regional Science Association), a US-based learned society *Renaissance S ...
keys, with a recommended RSA key length of 3072 bits. These mechanisms are chosen for maximum compatibility with existing OpenPGP implementations. There are plans for moving to smaller Elliptic-curve keys when support is more widely available.


Support

* Kontact since version 21.04. * No longer functional: Thunderbird extension
Enigmail Enigmail is a data encryption and decryption extension for Mozilla Thunderbird and the Postbox that provides OpenPGP public key e-mail encryption and signing. Enigmail works under Microsoft Windows, Unix-like, and Mac OS X operating systems. Enigm ...
since version 2.0. * Delta Chat messenger from Version 0.9.2. * K-9 Mail Android mail-app has support since Version 5.400 (reportedly broken until version 5.717). * No longer functional: Autocrypt extension in Thunderbird. The German email provider Posteo also supports Autocrypt, by additionally cryptographically signing outbound Autocrypt metadata via DKIM. The popular free email client '' Thunderbird'' refuses to adopt the standard and its whole approach of fully automated E2E email encryption.


Further reading

* Autocrypt - in: Bertram, Linda A. / Dooble, Gunther van / et al. (Eds.): Nomenclatura: Encyclopedia of modern Cryptography and Internet Security - From AutoCrypt and Exponential Encryption to Zero-Knowledge-Proof Keys, 2019, . * OpenPGP *Transformation of Cryptography: Fundamental concepts of Encryption *The New Era Of Exponential Encryption: - Beyond Cryptographic Routing


External links


Autocrypt Website
(engl.)

(engl.) * *


References

{{Cryptographic software Cryptographic software Security