Encryption

Overview

Tusanga Mail is a mail service where your mails are encrypted when stored on our server. It works in such a way, that no one can decrypt and read your mails except if they have your password. This also means, that we can't read the mails that have already been saved on our server. This should in theory prevent hackers and thieves from reading your mails even if they hack or steal our server.

When signing up with us a private/public asymmetrical keypair is generated. The public key is used to encrypt incoming mails as described below. The private key itself is encrypted using your password and stored on our servers. Unless you provide your password, we can't decrypt your private key and use it to decrypt you emails.

Having the encryption and decryption take place on the server leaves the risk of someone snooping the password while our server processes your mails. We strive to minimize this exposure as much as possible without sacrificing the benefits of this architecture, namely that it allows you to use your ordinary mail client. If you are willing to put up with more hassle, other solutions may offer more in terms of privacy.

Receiving, sending and reading

When receiving mails from other mailservers we allow for encryption using the STARTTLS method, but have chosen to also receive unencrypted emails sent from mail servers with unsecure configuration. After abuse and spam filtering received mails are encrypted using a combination of asymmetric RSA and symmetric AES: Each time a mail arrives a new random key is generated. The mail is encrypted with this random key using symmetric AES encryption. Finally the random key is encrypted using your public key using asymmetrical RSA encryption. From then on we can't read your email anymore until your mail client logs in and provides us with your password.

When you send mails through our servers, we receive your password and the mail from your mail client over a TLS encrypted SMTP connection. We salt and hash you password before comparing it to the stored password hash value. This in order to make sure you are, who you say, you are. If so, the mail is received similar to when receiving mails from other mailserver as described above.

Reading your mails works like this: Your password is sent by your mail client over a TLS encrypted POP3 connection. We salt and hash you password before comparing it to the stored password hash value. This in order to make sure you are, who you say, you are. If so, the mail decryption takes place: Your password is used to decrypt your private key. The private key is used to decrypt the random key for each mail. Finally these random keys are used to decrypt the mails using symmetrical AES.

Passwords and keys

Passwords are stored hashed using 1000 iterations of pbkdf2 and 384 bit salt.

Key to decrypt your private key is derived from your password using 100 iterations of pbkdf2 and another 384 bit salt.

Due to the encryption used, we can't reset your password if you forget it. Please make a note of your password and keep it somewhere safe.

Now go mail someone!