In the previous article, we talked about how you can send an encrypted email to an address outside of SCRYPTmail. Here, we will cover how to exchange emails with another SCRYPTmail user and why it's way more superior and safer than sending an encrypted email with a PIN to another popular email service.
Sending an email to another SCRYPTmail address is as easy and straightforward as sending a clear text email.
You don't have to worry about PINs or any extra steps. This process is completely transparent. We just want to explain a few steps that happen after you click the Send button:
- The very first item the system checks is your recipient. It finds which ones belong to SCRYPTmail.
- The system converts emails into hash (SHA512) and sends the request to the server in order to retrieve the corresponding public keys.
- Email and attachments get encrypted using an AES-256 random key which is encrypted with the recipient public key afterwards.
- After your message is encrypted, we generate a second short message called 'Seed' which is encrypted with a second public key.
- Seed and message are sent to the server to be delivered.
If you are interested, we can explain some steps in more detail:
3. (continued) We cannot encrypt messages directly with your public key due to the limitations of the RSA keys (length of the message cannot be longer than the length of the key). In order to encrypt a 1000 character message, you will have to generate a 16000 bit RSA key (assuming all characters are English) or even bigger (if you use Unicode). This task is possible by supercomputers but not with your browser or smartphone device.
4. (continued) A Seed message is required for the recipient to find the email because the server does not know who is the recipient. When you login for the first time, or after some period, you will see how your mailbox starts scanning messages to find if some of them belong to you. This is exactly what the seed is for. If we scan all emails directly, it will require much more traffic (big emails) and performance will be much slower. The size of each seed is very small, and we can send a block of a few thousand of seeds at once.
Utilizing this method, we can provide true ZERO knowledge where the server knows nothing about recipients, and even if someone tries to analyze traffic, they will be unaware which email actually belongs to a specific recipient.
DATA that can be read by servers (sender/recipient):
- Sender ID (SCRYPTmail server only)
- Time email was sent (SCRYPTmail server only)
- IP address of the sender (SCRYPTmail server only)
DATA that is not accessible to server or recipient:
- IP address of the sender (recipient)
- Subject (server)
- Email body (server)
- Attachment (server)
- Recipient email (server)
The server is unaware of who is the recipient. This renders any available data to server useless.
In the next article, we will explain how to read your email and how it's different from other services.