Autocrypt

Autocrypt is a standardized guideline for e-mail clients, enabling end-to-end encryption in a user-friendly way. Version 1.0 of the Autocrypt specification was released in December of 2017. It builds on and is compatible to OpenPGP, and primarily automates the exchange of cryptographic keys between users.

Method

Autocrypt-capable e-mail clients transparently negotiate encryption capabilities and exchange keys between users alongside sending regular e-mails. This is done by including the key material in the metadata of each e-mail, which allows encrypting any message to a contact who has previously sent the user e-mail. Publishing keys onto the public key servers is not necessary, and no support is required from e-mail providers.

When a message is encrypted to a group of receivers, keys are also automatically exchanged between all receivers in this group. This ensures that a reply to an encrypted message can be encrypted without any further complications or work by the user.

Security Model

Autocrypt is guided by the idea of opportunistic security from RFC 7435. Encryption of messages between Autocrypt-capable clients can be enabled without further need of user interaction. In contrast to traditional OpenPGP applications, manual verification of keys is not considered a requirement before use. The same principle is used in modern messengers like WhatsApp and Signal, which achieve usable end-to-end encryption in a similar way, effectively preventing surveillance of the content of encrypted messages by a passive attacker.

Autocrypt tries to maximize the possible opportunities for encryption, but is not aggressive about encrypting messages at all possible opportunities. Instead, encryption is only enabled by default if all communicating parties consent, allowing users to make themselves available for encrypted communication without getting in the way of their established workflows^[1].

Active attacks, which can only be performed in a targeted fashion and require a more capable attacker, are not directly prevented. This type of attack does however leave traces in the intercepted messages, and can be detected by the user with a manual verification of the peer's cryptographic identity, for example by comparison of cryptographic "fingerprints". A verification mechanism is not part of version 1.0 of Autocrypt, but is planned for future work^[2]. While Autocrypt currently lacks this specification, most underlying OpenPGP implementations (like GnuPG) already support some type of manual verification that implementers can experiment with.

Technical Details

Autocrypt uses the established OpenPGP specification as its underlying data format. Messages are encrypted using AES and RSA keys, with a recommended RSA key length of 3072 bits. These mechanisms are chosen for maximum compatibility with existing OpenPGP implementations. There are plans for moving to smaller Elliptic-curve keys when support is more widely available^[3].

Support

Autocrypt is supported in the Thunderbird extension Enigmail since version 2.0^[4], the Delta Chat messenger from Version 0.9.2^[5] as well as the Android mail-app K-9 Mail since Version 5.400^[6].

The German e-mail provider Posteo also supports Autocrypt, by additionally cryptographically signing outbound Autocrypt metadata via DKIM^[7].

Further reading

• OpenPGP

Weblinks

• Autocrypt Website (engl.)
• Autocrypt 1.0 Spezifikation (engl.)
• "Autocrypt automatisiert E-Mail-Kryptografie" (in German), Heise Select, https://www.heise.de/select/ix/2018/5/1524784198472399. Retrieved 2018-04-24 
• iX. "Einfache Mail-Verschlüsselung: PGP-Helfer Autocrypt in Version 1.0 vorgestellt" (in German). Retrieved 2018-04-24.

References