I suggest you ...

PGP Support

Please offer support for PGP to communicate with non Tutanota users.

1,033 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Nico shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    AdminTutanota Support (Admin, Tutanota) responded  · 

    Thank you all for your feedback. Please let us explain in more detail why we don’t plan to add pgp-support at the moment:

    Current encryption standards like pgp and S/MIME have several issue that we plan to address with Tutanota. These standards do not support forward secrecy and are not resistant to attacks from quantum computers.

    In addition, it is important to us that the subject line in emails is also encrypted. That’s why we have developed a solution that is also based on recognized algorithms (RSA and AES) and that automatically encrypts the subject, the content and the attachments. In the future, we plan to upgrade these algorithms to quantum-resistant ones that also support forward secrecy.

    We also see the importance that Tutanota needs to be interoperable with other encryption solutions. We will develop an API so that Tutanota users can communicate with users of other secure services confidentially in the future.

    51 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Andrew commented  ·   ·  Flag as inappropriate

        I own a big us brand smart pfone company, would like to integrate software, code etc. into our android, windows phones. To have a secured Silentcircle.com type product.
        I have funding available, just seeking strategic partner. Any plans or intentions on a encypted smart phone, and holistic private platform as a service?

      • Anonymous commented  ·   ·  Flag as inappropriate

        Mailvelope bietet sich an. Nutze ich sowieso schon !
        Da müsst ihr das Rad nicht neu erfinden ! ;-)

      • Rockman commented  ·   ·  Flag as inappropriate

        Re:Mailveople - Let's assume I have a PGP key pair setup for "person@tutanota.com". When Tutanota releases native PGP support, will we have to revoke our current PGP key pair to switch to Tutanota? Or, will we be able to keep our current key pair and import into Tutanota?

      • Chris commented  ·   ·  Flag as inappropriate

        For those who can´t wait for PGP Support: Tutanota works perfectly fine with openPGP browser add-on Mailvelope! (Mailvelope.com) (free and opensource)

      • OneGuyCoding commented  ·   ·  Flag as inappropriate

        This is good news, the sending of a one time pad through a second channel is much less secure than exchange of public keys. I'm curious as to an implementation of this support.

      • SwissTengu commented  ·   ·  Flag as inappropriate

        Hello,

        Just a thought: having seen Privacy app (privacyapp.io) running on an iOS smartphone, I think Tutanota might go beyond simple gpg support: provided it's able to query directly keybase.io service, that would let people do a seemingly strong review of the found key.

        For example, sending an email to "swisstengu" user will query keybase, retrieve the public key and validation info, and display some frame with :
        - key fingerprint
        - validations known by keybase

        This way, the sender will know with little doubt "ok, this is really swisstengu key".

        Weird and hard part would be for gpg decryption, but I'm pretty sure that's not what tutanota will do (and, hopefully, this won't come in sight), as this means "find a way to manage the gpg *private* key"… In my case, I have no confidence in local storage, sooo… no gpg in browser. Ever.

      • Ed commented  ·   ·  Flag as inappropriate

        The more interoperability the better. If you can create a service which can painlessly and securely exchange messages with the openpgp universe and their various keyservers including hushmail and startmail etc. And then if it would work with smime, protonmail etc you will have created a desireable product and performed a service for freedom. Connect as many islands as possible.

      • Ed commented  ·   ·  Flag as inappropriate

        Interoperability, along with ease of use, is a huge problem in secure communication. There are several "islands" Tutanota, Hushmail, Protonmail, Silent Circle, various PGP and S/MIME, Startmail, etc. (Telegram, TextSecure (WhatsApp), Wickr,...) but few of them can communicate with each other. If you can connect them together the sum is much greater than the parts. I have correspondents in the various islands, but no secure mail gets sent because they are often in different ones.

      1 3 Next →

      Feedback and Knowledge Base