How does encryption work in CTemplar?
CTemplar uses OpenPGP for end-to-end encryption of emails. It is the most widely used email encryption standard. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.
CTemplar uses OpenPGP.js JavaScript library in its frontend web code, it is an open-source and well-maintained library and is audited by Cure53, a German cybersecurity company. This library provides the functionality of creating keys and encryption/decryption of messages. CTemplar uses bcrypt.js for salted hashing of passwords in its web client code.
Generation of Keys :
When a user signs up on CTemplar, its RSA private and public keys are generated using the user password as the passphrase of the private key. These keys are stored on the CTemplar server and retrieved on successful login by the user. The private key is encrypted using the user’s account password, and the user password is never sent to the server in plain form. It is hashed using a salt from the user’s username. Therefore the hash can’t be used to get the actual password. This way, only the user knows the actual password, which is required to decrypt the emails, so even CTemplar is unable to see into its user’s email content.
Encryption/Decryption of Messages:
Messages are encrypted using 4096-bit encryption under the OpenPGP standard protocol on the client-side. The message is encrypted using the recipient’s public keys and then sent to the server.
- If all the recipients are CTemplar users, then the public keys of all the recipients are retrieved from the server, and the message is encrypted using those public keys along with the user’s public key. Then the encrypted message is sent to the server. The recipients receive the encrypted message, and they use their private key to decrypt that message, only the recipients of that message can decrypt it.
- If recipients include CTemplar and Non-CTemplar users, then the message is sent to the server in plain text, the server encrypts the message for CTemplar users and sends the plain message to Non-CTemplar users.
- If recipients are only Non-CTemplar, then the message is sent to the server in plain text, the server encrypts the message for the user itself, store it, and then send the plain text to non-CTemplar users.
- If the recipients are non-CTemplar and the user wants to send an encrypted message to a non-CTemplar, then they can set an encryption password and a hint for that. The new public/private RSA keys will be generated, and the private key will be protected using the password, user-provided, and the message will be encrypted using the new public key. The recipients will receive an email with a link. When the user opens that link, they will be redirected to the CTemplar web client, where they will be asked for the password that the sender used to encrypt the private key. After entering the correct password, the content of the email will be decrypted, and the user will be able to see the decrypted plain text of the email. Users can reply to that encrypted message from there without the need to sign-up or sign-in on CTemplar. This is a fully end-to-end encrypted communication with non-CTemplar users.
Password Management:
CTemplar hashes every password before sending it to the server for authentication or sign-up purposes. A unique salt is created from user’s username which is then used to hash the password using bcrypt.js. So the user actual password is never sent on network and never reaches the CTemplar server. Only the user knows the actual password, and the irreversible hash is sent to the CTemplar server for authentication or sign-up. After the user provides the password to log in, we hash it using becrypt.js and send the hashed password for authentication, on successful authentication, CTemplar server returns the authorization token, and then the user info and emails are retrieved using that token. The user’s actual password is used to unlock the private key on the web client, and then that private key is used to decrypt the user emails on the client-side. So even the CTemplar server doesn’t have any way to look into user emails, only the user knows the actual password, which can be used to decrypt the private key.
