Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

Autocrypt

From Wikipedia, the free encyclopedia

icon
This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Autocrypt" – news ·newspapers ·books ·scholar ·JSTOR(December 2019) (Learn how and when to remove this message)

Autocrypt is acryptographic protocol foremail clients aiming to simplify key exchange and enablingencryption.[citation needed] Version 1.0 of theAutocrypt specification was released in December 2017. Version 1.1 was released in January 2019. It is implemented on top ofOpenPGP replacing its complex key management by fully automated exchange ofcryptographic keys between peers[citation needed].

Method

[edit]

Autocrypt-capable email clients transparently negotiate encryption capabilities and preferences and exchange keys between users alongside sending regular emails.[citation needed] This is done by including the key material and encryption preferences in the header of each email, which allows encrypting any message to a contact who has previously sent the user email.[citation needed] This information is not signed or verified in any way even if the actual message is encrypted and verified.[citation needed]

No support is required fromemail providers other than preserving and not manipulating the Autocrypt specific header fields.[citation needed]

When a message is encrypted to a group of receivers, keys are also automatically sent to all receivers in this group. This ensures that a reply to a message can be encrypted without any further complications or work by the user.[citation needed]

Security model

[edit]

Autocrypt is guided by the idea of opportunistic security from RFC 7435 but implementing something much less secure than atrust on first use (TOFU) model. Encryption of messages between Autocrypt-capable clients can be enabled without further need of user interaction.[citation needed] Traditional OpenPGP applications should display a noticeable warning if keys are not verified either manually or by a web of trust method before use. In contrast, Autocrypt completely resigns on any kind of key verification. Key exchange is during the initial handshake and valid or invalid keys of peers may be replaced anytime later without any user interaction or verification. This makes it very easy to exchange new key(s) if a user loses access to the key but also makes the protocol much more susceptible to man-in-the-middle attacks than clean TOFU. The underlying OpenPGP implementation makes it often possible for the user to perform manual out of band key verification, however by design users are never alerted if Autocrypt changed the keys of peers.[citation needed]

Autocrypt tries to maximize the possible opportunities for encryption, but is not aggressive about encrypting messages at all possible opportunities. Instead, encryption is only enabled by default if all communicating parties consent, allowing users to make themselves available for encrypted communication without getting in the way of their established workflows.[1]

Man-in-the-middle attacks are not preventable in this security model, which is controversial.[2]

Any attacker who can send emails with forged sender-address can cause encryption keys to be replaced by keys of his choice and/or deliberately turn off encryption.[3]

Technical details

[edit]

Autocrypt uses the established OpenPGP specification as its underlying data format. With Version 1.1 support forElliptic Curve Cryptography (ECC) has been introduced and is the standard for new keys, because it provides the same security with shorter keys.[4] For thisCurve25519 is used.[5]Messages are encrypted usingAES andRSA keys, with a recommended RSA key length of 3072 bits. These mechanisms are chosen for maximum compatibility with existing OpenPGP implementations. There are plans for moving to smallerElliptic-curve keys when support is more widely available.[6]

TheAutocrypt header field features atag=value format common to several mechanisms (for exampledkim), where thekeydata tag contains the public key. It is similar to an armored key export, except that it misses the-----BEGIN PGP PUBLIC KEY BLOCK----- and-----END PGP PUBLIC KEY BLOCK----- lines.[7]

For example:

Autocrypt:addr=alice@autocrypt.example;prefer-encrypt=mutual;keydata=mDMEXEcE6RYJKwYBBAHaRw8BAQdArjWwk3FAqyiFbFBKT4TzXcVBqPTB3gmzlC/Ub7O1u120F2FsaWNlQGF1dG9jcnlwdC5leGFtcGxliJYEExYIAD4WIQTrhbtfozp14V6UTmPyMVUMT0fjjgUCXEcE6QIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDyMVUMT0fjjkqLAP9frlijwBJvA+HFnqCZcYIVxlyXzS5Gi5gMTpp37K73jgD/VbKYhkwk9iu689OYH4K7q7LbmdeaJ+RX88Y/ad9hZwy4OARcRwTpEgorBgEEAZdVAQUBAQdAQv8GIa2rSTzgqbXCpDDYMiKRVitCsy203x3sE9+eviIDAQgHiHgEGBYIACAWIQTrhbtfozp14V6UTmPyMVUMT0fjjgUCXEcE6QIbDAAKCRDyMVUMT0fjjlnQAQDFHUs6TIcxrNTtEZFjUFm1M0PJ1Dng/cDW4xN80fsn0QEA22Kr7VkCjeAEC08VSTeV+QFsmz55/lntWkwYWhmvOgE=

Support

[edit]
  • Kontact since version 21.04.[8][citation needed]
  • Delta Chat messenger from Version 0.9.2.[9]
  • K-9 Mail Android mail-app has support since Version 5.400[10] (reportedly broken until version 5.717[11]).
  • SnappyMail webmail from Version 2.34.0.[12]
  • Thunderbird partially supports AutoCrypt since version 78. Thunderbird generates, sends and receives AutoCrypt headers, but does not automatically install received public keys. User action is still required to approve and install a sender's public key.[13]
  • The German email providerPosteo supports AutoCrypt, and improves its security by also cryptographically signing outbound Autocrypt header data viaDKIM.[14]
  • No longer functional: Autocrypt extension in Thunderbird.[15]
  • No longer functional:Thunderbird extensionEnigmail since version 2.0.[16]

Further reading

[edit]
  • Autocrypt - in: Bertram, Linda A. / Dooble, Gunther van / et al. (Eds.): Nomenclatura: Encyclopedia of modern Cryptography and Internet Security - From AutoCrypt and Exponential Encryption to Zero-Knowledge-Proof Keys, 2019,ISBN 9783746066684.
  • OpenPGP
  • Transformation of Cryptography: Fundamental concepts of Encryption[17]
  • The New Era Of Exponential Encryption: - Beyond Cryptographic Routing[18]

External links

[edit]

References

[edit]
  1. ^"OpenPGP Considerations, Part III: Autocrypt and Encryption by Default | K-9 Mail".k9mail.github.io. Retrieved28 April 2018.
  2. ^"Bye-bye Enigmail!: OpenPGP wird in Thunderbird integriert - Golem.de".www.golem.de (in German). Retrieved23 December 2019.
  3. ^"Autocrypt FAQ — What about spammers accidentally downgrading encryption?".autocrypt.org. Retrieved1 December 2019.
  4. ^"Autocrypt Level 1: Enabling encryption, avoiding annoyances". Retrieved2 January 2025.
  5. ^"Autocrypt FAQ Frequently Asked Questions". Retrieved2 January 2025.
  6. ^"Autocrypt FAQ — Why RSA3072 and 25519 only later?".autocrypt.org. Retrieved29 April 2018.
  7. ^"The Autocrypt Header".autocrypt.org. Retrieved29 May 2024.
  8. ^Brown, Paul; Schwan, Carl; Kovács, Áron (22 April 2021)."KDE Gear 21.04 released". Retrieved22 April 2021.
  9. ^"Delta Chat v0.9.2 feat. Autocrypt Level 1". Retrieved26 April 2018.
  10. ^"5.4 Release | K-9 Mail". Archived fromthe original on 21 December 2018. Retrieved24 April 2018.
  11. ^"K-9 mail fails to encrypt emails by default, even with "Autocrypt mutual mode" enabled".GitHub. Retrieved27 February 2021.
  12. ^"Releases: the-djmaze/snappymail".GitHub. Retrieved17 February 2024.
  13. ^"Does Thunderbird support Autocrypt?".Mozilla Support. 26 June 2022. Retrieved25 June 2024.
  14. ^"Vereinfachte E-Mail-Verschlüsselung mit Autocrypt- und OpenPGP-Header".Posteo.de (in German). 18 December 2017. Retrieved24 April 2018. [Our contribution to security: We additionally secure the key exchange with Autocrypt with digital signatures (DKIM). This is not currently provided as standard with Autocrypt. Our provider-side DKIM signature ensures that public keys cannot be manipulated unnoticed during transport. We also sign Autocrypt headers that your local email program may add with DKIM. The signature is applied if the sender matches the mailbox. We save the key exchange with Autocrypt additionally with digital signatures (DKIM). This is not yet provided by default at Autocrypt. Our provider-side DKIM signing ensures that public keys cannot be manipulated unnoticed on transport. We also sign autocrypt header, which your local email program may add, with DKIM. The signature is made when the sender matches the mailbox.]
  15. ^"Autocrypt".addons.thunderbird.net. Retrieved8 October 2019.
  16. ^Patrick Brunschwig."Enigmail - 2018-03-25 Enigmail v2.0 released". Retrieved24 April 2018.
  17. ^Bertram, Linda A.; Dooble, Gunther van (31 July 2019).Transformation of Cryptography: Fundamental concepts of Encryption, Milestones, Mega-Trends and sustainable Change in regard to Secret Communications and its Nomenclatura. BoD – Books on Demand.ISBN 978-3-7494-5074-9.
  18. ^Gasakis, Mele; Schmidt, Max (8 January 2019).The New Era Of Exponential Encryption: - Beyond Cryptographic Routing with the Echo Protocol [Paperback]. BoD – Books on Demand.ISBN 978-3-7481-5886-8.
Email clients
Secure
communication
OTR
SSH
TLS & SSL
VPN
ZRTP
P2P
DRA
Disk encryption
(Comparison)
Anonymity
File systems(List)
Security-focused
operating system
Service providers
Educational
Anti–computer forensics
Related topics
Retrieved from "https://en.wikipedia.org/w/index.php?title=Autocrypt&oldid=1320991574"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2025 Movatter.jp