Encryption is not used as widely as it should be, especially for email. One reason is that it's very hard to use; study after study has shown that email users, especially senders, cannot use email encryption correctly. All too often, email is sent unencrypted or encrypted to the wrong recipient, without the sender even realizing it. The essential problem is the certificate: recipients may not have one, or senders may not know how to find it. This project addresses these problems in two ways. First, it makes certificate generation and selection automatic and transparent; when a sender tries to transmit an email message, the recipient's site automatically generates the certificate and returns it to the sender's email client; that program in turn uses the certificate to encrypt the email. Second, when email arrives unencrypted, the recipient's mail client encrypts it with a locally generated key, thus obviating any need for the sender to know or do anything. The schemes rest on one fundamental principle: a significant reason for the complexity of cryptography is that it tries to defend against extremely powerful adversaries. This provides strong protection, but at the expense of usability. The approach of this project is to assume a somewhat less capable adversary; in turn, it achieves a significant reduction in complexity. For automatic key distribution, the sender's email client consults the recipient's site's Lightweight Directory Access Protocol (LDAP) database. If a certificate already exists; it is returned and used for encryption; if it does not, a key pair and certificate are generated. The certificate is stored in the database and returned to the querier; the private key is passed to the recipient. The system also implements receiver-controlled email encryption: when email is received, a modified Internet Message Access Protocol (IMAP) client downloads the message, encrypts it with a locally generated key, and replaces the original email with an encrypted version. This functionality can be incorporated into a standard email client or it can be done via a standalone daemon. Either way, there is no key distribution problem nor any need for sender action. The emails are not protected in transmission, except by Transport Layer Security (TLS); however, they are protected for their likely long lifetime in an IMAP store. If the email had been encrypted by the sender, it is decrypted and then re-encrypted; the same can be done with messages protected by a locally generated key. This allows for key and algorithm refresh, again protecting email in storage.
SaTC: TTP: Small: Easy Email Encryption