While many seemingly secure cloud services store private keys openly on a central server, this has never been an option for us. Read here why a private key should not be stored on a central server unencrypted.

Private Key is encrypted with user’s password

Instead, the private key in Tutanota is encrypted with the user’s password so that only the user can access it. No one else, not even we as the developers of Tutanota, can access the private keys stored encrypted on our servers.

How is the password secured in Tutanota?

As the user's password is central to the security of the encrypted data stored in the Tutanota mailbox, we have to make sure that the password is secured at all times. Tutanota never sends the password to the server in plain text in order to authenticate the user.

To secure the login password, Tutanota uses bcrypt and SHA256. Thus, the login password is only used indirectly to authenticate the user with the server and to encrypt / decrypt the private key.

This is shown by the following picture and explained in the text below:

Bcrypt modifies the password so that is becomes the “AES password key”. This AES password key is used to encrypt the private RSA-key (though via an indirection with the private symmetric “AES user group key”).

The AES password key itself, however, is not used to authenticate the user with the server, but it is hashed to become the “password verifier”.

This password verifier is then transmitted to the server to authenticate the user. The server itself only stores the password verifier as another hash ("hashed verifier") so that it is impossible to use the persistent data on the server to login.

The password verifier is cryptographically independent from the password key so that the password verifier can not be used to decrypt any data. The password verifier is transmitted to the Tutanota server secured with TLS encryption.

Should a third person gain access to the password verifier via a TLS vulnerability, he would not be able to gain access to the private key or to the end-to-end encrypted data stored in the encrypted Tutanota mailbox.

The decryption process takes place locally on the device of the user once the user has been authenticated with the server.

Standard password reset functions allow the provider to access your mailbox

Standard reset functions used by all email services give the provider access to the mailbox as they could use the reset themselves. That’s why a standard reset function is not possible in Tutanota. We are currently working on a secure reset function, one which would not involve us in the reset process to make absolutely sure that we can never access your secure Tutanota mailbox.

We have built Tutanota to make encrypted emails as easy as possible without any compromise when it comes to security. This is also why we have published the Tutanota client as well as our Android and iOS apps and our dedicated desktop clients as open source.

As all the encryption takes place locally on your device, others can check the code and make sure that it is not being compromised. You can check our code on GitHub or build your own Tutanota client locally.

Desktop email clients are now available in beta

At Tutanota, we take every detail into consideration and make sure that your data is always kept secure. For this reason, we also do not offer the option to use standard mail clients via IMAP/Pop as Tutanota’s built-in encryption would not work. On top of that, the emails stored in these mail clients would be stored in plain text (unless you encrypt your local hard drive yourself).

When you are using Tutanota, we have to make sure that your data is always kept secure. This is why we are building our own desktop clients, which have now been relased as beta. By building our own clients, we can make sure that your data is always stored encrypted, even when stored locally on your device.

Encrypted search for maximum security

Building a search feature for Tutanota was one of the hardest things to develop so far because we can not - as other mail services do - search your data on the server. On the Tutanota server all data is encrypted, thus, we can not search it.

Instead, we have developed an encrypted search feature that lets you search your mails locally on your device via an encrypted search index. We also believe that security and privacy go hand-in-hand. This is why Tutanota is a perfect choice when your are looking for an anonymous email account.

Why Tutanota does not rely on PGP

Tutanota uses standard algorithms also being used by PGP (AES 128 / RSA 2048) for encrypting the entire mailbox. Tutanota does not use an implementation of PGP because PGP lacks important requirements that we plan to achieve with Tutanota:

PGP does not encrypt the subject line (already achieved in Tutanota),

PGP algorithms can't be easily updated,

PGP has no option for Perfect Forward Secrecy.

In Tutanota we can easily update the algorithms, and we plan to replace the current algorithms with quantum secure ones in the future. The flexibility of Tutanota enables us to integrate an encrypted calendar, encrypted cloud storage and many more features much easier and faster than it would have been possible with an implementation of PGP. We also plan to add Perfect Forward Secrecy to Tutanota.

Secure email as easy as possible

With Tutanota we have developed an encrypted mail service that combines a high level of security with a high level of comfort. With its easy-to-use automatic encryption, we enable everyone to send confidential data securely via mail.

With Tutanota you will never have to worry about the confidentiality of your private mails. Get your own secure mail account now for free.