Docs Menu

Attester Overview

The Attester is a public key server created and maintained by FlowCrypt to manage public keys for our users.

What is a public key server?

A key server, as the name implies, is a server that hosts cryptographic keys. An OpenPGP key server, like the Attester, hosts public keys associated with an email and ID. So, if you want to send an encrypted email to a user, you have a convenient way of accessing that user’s public OpenPGP encryption key.

Why does FlowCrypt operate its own key server?

By operating the Attester instead of relying on a major OpenPGP key server like openpgp.org, we can easily integrate our key server with our browser extension and provide a better user experience. Users receive confirmation emails from FlowCrypt, not some hitherto unknown key server. And the design, usability, and security of the page itself can be tightly upheld to FlowCrypt’s high standards.

While these reasons motivate us to offer our own key server, we have nothing against other key servers, and the Attester actually searches other major key servers if it can’t find an address in our databases.

How does FlowCrypt use the Attester server?

When users set up the FlowCrypt Browser Extension or an iOS/Android app, they can create or import a key. The private part of the key gets stored locally, while the public part can be sent to Attester, and published publicly so that our users or other OpenPGP software users can conveniently encrypt messages for each other.

Enterprises

Having our own public key server provides our enterprise customers with the ability to enhance their email encryption experience. Some of its benefits include:

  • The company can run its own internal public key server and not rely on an external key server for corporate VPN users.
  • The company can run an externally available public key server and make sure it is up & running & so public keys are available to any external users, such as company partners, subcontractors, and so on.
  • By having control over the public key server, the company can choose to remove some public keys from distribution according to its policies. This only has an effect if the public key isn’t served by another public key server, for example.
  • The company can run a mirror of other public key servers, such as a copy of keys.openpgp.org or keyserver.ubuntu.com, and serve additional keys uniquely from their server.

Additionally, enterprise customers can decide to change whether our email clients interact with the Attester server and how they interact, whether their public keys should be stored there or not, and whether to search the Attester when looking for the public keys of others. Alternatively, they can use their own public key server. See what functionality is available for Enterprise customers.

Content © FlowCrypt a.s.
Layout from Cockroach Labs,CC Attr 4.0, edited