CTemplar Whitepaper

How does encryption work in CTemplar?

CTemplar uses OpenPGP for end-to-end encryption of emails. This is the most widely used email encryption standard and is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.

CTemplar uses OpenPGP.js. JavaScript library in its frontend web code is an open-source and well-maintained library and is audited by Cure53, a German cybersecurity company. This library provides the functionality of creating keys and encryption/decryption of messages. CTemplar uses bcrypt.js for salted hashing of passwords in its web client code.

Generation of Keys :

When a user signs up on CTemplar, its RSA private and public keys are generated using the user’s password as the passphrase of the private key. These keys are stored on the CTemplar server and retrieved on successful login by the user. The private key is encrypted using the user account password, and the user password is never sent to the server in plain text form. It is hashed using a salt from the user’s username. Therefore, the hash can’t be used to get the actual password. This way, only the user knows the actual password, which is required to decrypt the email, so even CTemplar is unable to see into its user’s email content.

Encryption/Decryption of Messages:

Messages are encrypted using 4096-bit encryption under the OpenPGP standard protocol on the client-side. The message is encrypted using the recipient’s public keys and then sent to the server.

  1. If all recipients are CTemplar users, then the public keys of all recipients are retrieved from the server, and the message is encrypted using those public keys along with the user’s public key. Then the encrypted message is sent to the server. The recipients receive the encrypted message, and they use their private key to decrypt that message, and only the recipients of that message can decrypt it.
  2. If recipients include CTemplar and non-CTemplar users, then the message is sent to the server in plain text, the server encrypts the message for CTemplar users and sends the plain message to non-CTemplar users.
  3. If recipients are only non-CTemplar, then the message is sent to the server in plain text, the server encrypts the message for the user, stores it, and then sends the plain text to non-CTemplar users.
  4. If the recipients are non-CTemplar and the user wants to send an encrypted message to a non-CTemplar user, then they can set an encryption password and a hint for it. The new public/private RSA keys will be generated, and the private key will be protected using the password, user-provided, and the message will be encrypted using the new public key. The recipients will receive an email with a link. When the user opens that link, they will be redirected to the CTemplar web client, where they will be asked for the password that the sender used to encrypt the private key. After entering the correct password, the content of the email will be decrypted, and the user will be able to see the decrypted plain text of the email. Users can reply to that encrypted message from there without the need to sign-up or sign-in with CTemplar. This is a fully end-to-end encrypted communication with non-CTemplar users.

Password Management:

CTemplar hashes every password before sending it to the server for authentication or sign-up purposes. A unique salt is created from the user’s username which is then used to hash the password using bcrypt.js.

The user’s actual password is never sent on the network and never reaches the CTemplar’s server. Only the user knows the actual password, and the irreversible hash is sent to the CTemplar’s server for authentication or sign-up.

After the user provides the password for log in, we hash it using becrypt.js and send the hashed password for authentication. On successful authentication CTemplar server returns the authorization token, and then the user info and emails are retrieved using that token. The user’s actual password is used to unlock the private key on the web client, and then that private key is used to decrypt the user emails on the client-side. So even the CTemplar server doesn’t have any way to look into user emails, only the user knows the actual password, which can be used to decrypt the private key.