An End-to-End email encryption program - Protects email at rest and in motion

Superior protection for the real world

EndCryptor protects old encrypted emails - that were copied by an adversary when they traversed the internet - also then when the adversary gets current encryption keys by hacking into user's computer.

Easy to use

No knowledge of cryptography is required. The user interface is similar to a typical email client. User's current email account is used to deliver the encrypted emails.

End-to-End Encryption

The email is encrypted at sender's computer and it can be decrypted only at true receiver's computer.

Quantum attack resistant

It may be possible that before the year 2030 there will be computers that can break current classical public keys. EndCryptor uses classical public keys and new quantum attack resistant public keys. Note that otherwise current encrypted traffic can be copied and decrypted by quantum computers when (if) they become reality. When two persons communicate in turns the quantum protection starts from the second email (included).

Patented technology, state of the art cipher and public keys

The protocol that provides the features has been patented in USA.  The implementation of symmetric encryption and public keys uses publicly available source code developed by the scientists who designed the systems. 

Main features

EndCryptor offers features that are essential for real world protection: backward security and recovery from an attack. It is important that there is protection when a hacker gets access to current secret encryption/decryption keys.

EndCryptor is more secure than competitors

Comparison between EndCryptor and S/MIME and the PGP-family of email encryption products (PGP, OpenPGP, GnuPG, ...) in case of a successful spying attack which reveals victim's current secret keys - like private keys of public keys - to the attacker. 
  EndCryptor S/MIME and PGP-family
Backward security (= are encrypted messages sent to the victim before the attack protected?)  YES NO
Recovery from the attack will happen When the next message from the victim is decrypted. In quantum attack when next quantum attack resistant Diffie-Hellman key exchange is done. When the new public key of the victim is received. This usually happens at predetermined intervals - after several months or years. No protection against quantum attacks.
Identity theft will be revealed YES NO
Recently private key stealing attack has been done e.g. by a hacker attacking Hacking Team spyware company and malwares Sauron, APT30,Red October, Team Spy and Mask1 - which operated undetected about 5, 10, 5, 10 and 7  years, respectively - and stole among other things encryption keys. The main targets of e.g. Mask fall into following categories: government institutions, diplomatic / embassies, energy, oil and gas companies, research, private equity firms, activists.

Comparison between EndCryptor and browser based solutions
EndCryptor Browser based
Protection against MITM attack at startup due to hostile root certificate on user's computer YES NO

See: Kazakhstan decrypts internet traffic targeting e.g. Gmail, Facebook

See: The Risks of SSL

If an attacker generated root certificate is somehow (e.g. by malware, by forced user, by evel maid, by evel customs officer or by company policy) installed on user's computer then due to the nature of browser based encryption (SSL/TLS/https) this enables the decryption of the traffic. This decryption happens ouside of user’s computer between the user and the web server. Therefore the attack is classified as a Man-In-The-Middle (MITM) attack. Companies use this technique to decrypt their SSL traffic (includes browser traffic) - motivation is to find viruses.

An additional encryption done in the browser (like doing PGP by javascript) does not give protection against this kind of attack - the javascript code that does the PGP encryption can be modified when intercepted and PGP's private key can be delivered to the attacker.



1^. On August 2016 security companies Kaspersky and Symantec revealed a spying operation named as Project Sauron or Remsec which had run undetected about 5 years. The operation was a spying operation, which according to Kaspersky was: "designed to enable long-term cyber-espionage campaigns" and "has high interest in communication encryption software widely used by targeted governmental organisations. It steals encryption keys, configuration files, and IP addresses of the key infrastructure servers related to the software."  Symantec says about the malware that there is a "module that contains a string named “Sauron” in its code. Given its capabilities, it is possible the attackers have nicknamed the module after the all-seeing villain in Lord of the Rings." On July 2015 it was reported that a hacker stole massive amounts of data from Hacking Team's servers and uploaded it to internet for everybody to read. The company is a spyware developer for governments and law enforcements. The stolen data included a GPG private key of an engineer thus exposing all GPG encrypted traffic to this person. Did the victim use a server that automatically uses GPG and therefore stores the private keys?  On April 2015 network security company FireEye reported that malware named APT30 had been found to have been spying 10 years mainly in South East Asia. Among data it collected were files ending with .pgp. The malware "is particularly interested in regional political, military, and economic issues, disputed territories, and media organizations and journalists who report on topics pertaining to China and the government's legitimacy". On July 2014 F-Secure reported about CosmicDuke malware which had attacked against NATO and European government agencies. This malware stole among other things certificates and their private keys. On February 2014 Kaspersky Lab announced that they had found and analyzed Mask - "an advanced threat actor that has been involved in cyber-espionage  operations since at least 2007 ...  one of the most complex APT we observed ... more than 380 unique victims in 31 countries ... could be a nation-state sponsored campaign ... can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyse WiFi traffic, fetch all information from Nokia devices, screen captures and monitor all file operations ... 32-and 64-bit Windows versions, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone". Interestingly the keylogger module was named "PGPsdkDriver".  The Red October malware which was also found and analyzed by Kaspersky Lab (results published in January 2013) collected *.crt, *.cer (these are certificate related), *.pgp, *.gpg, pubring.*, secring.* (PGP, and GPG related) files and recorded key presses and values in password fields. The Red October was operating about 5 years and targeted diplomatic, governmental and scientific research organizations in different countries, mostly related to the region of Eastern Europe, former USSR members and countries in Central Asia. A report published on March 2013 from CrySys Lab in Hungary  says about TeamSpy malware: “Many of the victims appear to be ordinary users, but some of the victims are high profile industrial, research, or diplomatic targets”.The malware collected .pgp and .p12 (certificate related) files, victims include Embassy of NATO/EU state in Russia and multiple research/educational organizations in France and Belgium. TeamSpy was operating for almost a decade. The Winnti malware found in April 2013 collects certificates and their private keys. The Nimkey virus (detected 2010) steals keystrokes and certificates (e.g. to get the private key of a S/MIME certificate). First example  of a virus that stole PGP’s security database "keyring" was Caligula virus (1999), this attack did not use a keylogger, but was a proof of concept attack.

2^. Encrypted messages are numbered and they contain an encrypted list of earlier messages that are not decrypted. When you receive a message and decrypt it you know which messages sent by you were not decrypted when the received message was encrypted. The report of each contact's not decrypted messages is shown at request.

Email encryption software

Main Window:

Main Window

Email Composing Window:

Compose New Email

Add New Contact:

Add New Contact