Generate New PGP keys

After you start using SCRYPTmail and are feeling comfortable, you may stumble upon the settings page which has some features you may not have seen on any other email service. One of these is ability to generate a new pair of PGP keys.

If you are not familiar with this concept, please read this article or look on Wikipedia to improve your understanding.

Moving on, here is a screenshot of the settings page on SCRYPTmail:


Here is a breakdown of the different components on this page:

  1. Free accounts have only one option which is Light mode. Don't be mistaken by the name though. Your messages are still encrypted with standard 1024 bit RSA Key. It's fast and reliable to protect your conversations from individual people or business attacks but speculated to be insecure against the NSA. We can only add that if NSA wants to read your emails, RSA strength would not be the first thing to worry about. In the Advanced account, you may choose 2048 bit keys or even import your own, but they cannot be stronger than 2048 bit.
  2. Retrieve keys for offline storage or use it in other services that support PGP.
  3. If you believe your keys can be compromised, or just for sake of security, you are free to generate a new key pair, and you will receive an all new email encrypted with it.
  4. Generate signature keys. You usually do not have to do this, and it only should be done if for some reason you receive a message that your keys are corrupted. This keypair is 1024 bit long, and its sole reason is to sign your message.
  5. Save your keys.

Note: You may have noticed some strange numbers such as 1024 or 2048. This is RSA key strength

For those who are familiar with the PGP standard, we offer a similar service but with some extra features. As you may know, PGP is used to encrypt email body and attachments but meta data such as sender or recipient info still remains unencrypted in order to be delivered. This situation is even worse because many so-called 'encrypted' email services do not really provide true encryption. Sometimes a third party needs to know just enough to figure out who talk to who to guess what is the topic of the conversation is in the message.

For example, let's assume user John contacted his friend Andy. We know that Andy is is married, has three kids and is afflicted with diabetes. Next email he contacted a local doctor. You don't have to finish NSA spy school to guess that Andy may talk about his health, diabetes in particular, to this doctor. John could be guilty of guilt by association if this situation became a legal issue. This is just show you that PGP encryption does not offer complete privacy.

At SCRYPTmail, we believe it is possible to overcome this issue.