The “end to end encryption” is done when you send an email from one CTemplar account to another CTemplar account; however, when you send an email from CTemplar to a non CTemplar account (e.g: Gmail, Yahoo, Outlook) then the content will be sent in plain text to the other end, but it will be still in encrypted form in your CTemplar account.
If you want to send an “end to end encrypted” email to a non CTemplar account, then we have another feature. You can learn more about how to do that here.
Referring to the handling of encryption; when you sign up, your public and private encryption keys are generated, and the private key is protected using your password. Anyone can send you an encrypted email using your public key to encrypt data and then you can only decrypt that message using your private key.
Your private key is only accessible to you and your password is required to unlock that private key. We don’t store your password anywhere; we send an irreversible hash of the password to the backend. So only you have the access to your password, and only you can decrypt your content while using your private key.
Another question is how you see the plain content when you login and open an email from your CTemplar inbox:
When you login while using your password, a hash of your password is re-created and sent to backend for login authentication. After authentication, the backend returns your private key along with your emails. Thus, in your browser we get the encrypted data from back-end. In order to decrypt that data, we first decrypt your private key using your password, and then decrypt your email content with that decrypted private key.
Our website code is open source, if you want, you can check it yourself here: