Prerequisites |
---|
You’re familiar with our browser extension and mobile apps. |
You’re familiar with our Email Key Manager and Web Key Directory. |
You’re familiar with the Client Configuration rules. |
FlowCrypt uses OpenPGP to encrypt messages and attachments on the user’s device before transferring them over the network or storing them with an email provider, providing end-to-end encryption at rest as well as in transit.
This ensures that only the intended recipient and sender can read the contents of the email, preventing anyone else from accessing it.
Our software uses the OpenPGP.js tool which is receiving regular security reviews. We also contribute some of our code back to OpenPGP.js for the benefit of other software vendors.
What is encrypted
The following table shows which email parts are encrypted for outgoing messages:
Data | Encrypted | Customization |
---|---|---|
Email text body | ||
Attachment data | ||
Subject | Enterprise customers can customize | |
Attachment name | Enterprise customers can customize | |
Email footer | Enterprise customers can customize | |
Recipients and other headers |
The same applies to encrypted drafts. They’re encrypted using the sender’s public key.
Key strength and default options
When creating a new key, the default is ECC curve25519
for keys created in the FlowCrypt Browser Extension, Android, and iOS Apps.
When importing a key, FlowCrypt will use any compatible key supplied by the user.
Key Management
Please refer to the Public Key Management and Private Key Management guides to learn more about the key management process.
How FlowCrypt handles OpenPGP key passphrases
FlowCrypt provides a Browser Extension, an Android app, and an iOS app. All of them have the option to store the passphrase either locally or in-memory during the session.
When the passphrase is stored locally, it’s stored within the local storage of the device indefinitely. The passphrase itself isn’t stored in a browser extension encrypted unless you’ve enabled full-disk encryption on your OS. However, on iOS and Android, passphrases are stored encrypted.
On the other hand, when you choose to save your passphrase in-memory, the user passphrase is stored for the current session and will last for 4 hours following each entry. Within that period, the user won’t be asked for the passphrase again.
For enterprise customers, administrators can set several rules to control the default passphrase handling. For more information, please see the User Setup guide.
Enterprise: How to store OpenPGP private keys in Email Key Manager
The EKM is designed to ensure the security of private keys according to these rules:
- The EKM imports or generates only decrypted (not passphrase-protected) private keys.
- The EKM encrypts parts of its database with a database encryption key. This ensures that the keys aren’t exposed to an admin who has access to (only) the database. The database admin will see encrypted blobs instead of private keys.
- The private keys are served to email clients decrypted (without a passphrase) over an HTTPS connection.
- The email client apps will then encrypt the key with a passphrase before storing it on the user’s device.
With regard to security concerns, the above design has the following outcome:
- An admin who has access to the database and also the database encryption key can view these private keys. If the same person also has access to the user’s email, then the admin may read the encrypted user communication. Some organizations split the responsibilities: one user or a group of users to have access to the database, another to have access to the database encryption key, and a third to have access to the user communication. Sometimes, this process requires three people, sometimes two or even one, depending on the organization. In either case, your organization may audit the emails of individuals without their permission.
- Forgotten passphrases can be recovered because they’re client-side concerns. Users may re-set up the extension, receive the decrypted key again, and choose a new passphrase.
Hardware tokens
We’re planning to add support for hardware tokens (smartcards) such as Yubikey, ZeitControl, or any other PKCS#11-compatible security token that can handle OpenPGP keys.
EFAIL mitigation
Published in 2018, EFAIL describes a class of attacks affecting email encryption software. FlowCrypt is safe from these attacks. When a user receives a modified (potentially dangerous) encrypted message, such a message won’t be automatically rendered. Instead, the user will see a security warning, and an option to decrypt such a message manually.
Public source code
Our source code is publicly available for review on the FlowCrypt GitHub repository.
Bug bounties & public contributions
FlowCrypt believes in transparency and extensive collaboration as a foundation for robust and secure systems. We run a public bug bounty program with up to $5,000 in rewards. You can check it out on our Bug Bounty page. Or, for a list of vulnerabilities that have already been found and fixed, check out our Vulnerabilities Catalogue.