Please offer support for PGP to communicate with non Tutanota users.
Thank you all for your feedback. Please let us explain in more detail why we don’t plan to add pgp-support at the moment:
Current encryption standards like pgp and S/MIME have several issue that we plan to address with Tutanota. These standards do not support forward secrecy and are not resistant to attacks from quantum computers.
In addition, it is important to us that the subject line in emails is also encrypted. That’s why we have developed a solution that is also based on recognized algorithms (RSA and AES) and that automatically encrypts the subject, the content and the attachments. In the future, we plan to upgrade these algorithms to quantum-resistant ones that also support forward secrecy.
We also see the importance that Tutanota needs to be interoperable with other encryption solutions. We will develop an API so that Tutanota users can communicate with users of other secure services confidentially in the future.
I own a big us brand smart pfone company, would like to integrate software, code etc. into our android, windows phones. To have a secured Silentcircle.com type product.
I have funding available, just seeking strategic partner. Any plans or intentions on a encypted smart phone, and holistic private platform as a service?
Mailvelope bietet sich an. Nutze ich sowieso schon !
Da müsst ihr das Rad nicht neu erfinden ! ;-)
AdminTutanota Support (Admin, Tutanota) commented
@Rockman - Thanks for your comment. We haven't decided how to realize the implementation. Right now we can't say if you'll need a new keypair.
Re:Mailveople - Let's assume I have a PGP key pair setup for "email@example.com". When Tutanota releases native PGP support, will we have to revoke our current PGP key pair to switch to Tutanota? Or, will we be able to keep our current key pair and import into Tutanota?
+1 for OpenKeychain (https://www.openkeychain.org/)
@Chris Thanks, Mailvelope is awesome as well!
For those who can´t wait for PGP Support: Tutanota works perfectly fine with openPGP browser add-on Mailvelope! (Mailvelope.com) (free and opensource)
This is good news, the sending of a one time pad through a second channel is much less secure than exchange of public keys. I'm curious as to an implementation of this support.
Just a thought: having seen Privacy app (privacyapp.io) running on an iOS smartphone, I think Tutanota might go beyond simple gpg support: provided it's able to query directly keybase.io service, that would let people do a seemingly strong review of the found key.
For example, sending an email to "swisstengu" user will query keybase, retrieve the public key and validation info, and display some frame with :
- key fingerprint
- validations known by keybase
This way, the sender will know with little doubt "ok, this is really swisstengu key".
Weird and hard part would be for gpg decryption, but I'm pretty sure that's not what tutanota will do (and, hopefully, this won't come in sight), as this means "find a way to manage the gpg *private* key"… In my case, I have no confidence in local storage, sooo… no gpg in browser. Ever.
The more interoperability the better. If you can create a service which can painlessly and securely exchange messages with the openpgp universe and their various keyservers including hushmail and startmail etc. And then if it would work with smime, protonmail etc you will have created a desireable product and performed a service for freedom. Connect as many islands as possible.
Interoperability, along with ease of use, is a huge problem in secure communication. There are several "islands" Tutanota, Hushmail, Protonmail, Silent Circle, various PGP and S/MIME, Startmail, etc. (Telegram, TextSecure (WhatsApp), Wickr,...) but few of them can communicate with each other. If you can connect them together the sum is much greater than the parts. I have correspondents in the various islands, but no secure mail gets sent because they are often in different ones.
Colin Arnott commented
Know that this is already a planned feature: https://tutanota.uservoice.com/knowledgebase/articles/470724-why-does-tutanota-not-use-pgp