Features:

• Both the sender and the receiver must have EndCryptor installed. An email account on email server is needed - same account (i.e. user's current email account) can be used for unencrypted emails and encrypted emails. Encrypted emails are typed using EndCryptor and they are sent and received using EndCryptor. An encrypted email is a file that is an attachment in an ordinary email. The sending and receiving is enabled by defining user's email account's SMTP and IMAP settings into EndCryptor.
• The solution is a true decentralized end-to-end encryption solution. Users can change their email addresses and email service providers and the encryption still works - of course contacts must be informed of the change of an email address. Thus there is no central server of Enternet Oy for all users which is needed for email delivery (which could be attacked by hostile parties, nor is there any javascript code that is delivered to users by a central server when using the product, nor is there any server that stores the private keys of users' public keys). This approach also means that Enternet Oy cannot be fooled/forced to deliver hostile code to specific users and that Enternet Oy is not able to decrypt or monitor the email traffic of users.
• The cipher used is 256-bit keysize ChaCha20.
• Encryption keys are determined using elliptic curve public key technology (classical: Edwards curve Ed25519 and corresponding Curve25519, quantum attack resistant: SIDH 3.3 supersingular isogeny Diffie-Hellman keys designed by Microsoft). The protection against quantum computers starts from the second exchanged email if the parties communicate in turns.
  
• At the beginning of the email exchange the user published long term public keys are responsible for the protection of the email. EndCryptor puts inside the first encrypted emails newly created short term public keys that initialize the patented protocol that continuously exchanges internal short term public keys when emails are being exchanged.
• Each message ends with an authentication mac and signature. This ensures to the receiver that the message was created by the claimed sender and that the message was not altered during traversal, read more.
• After the decryption the correctness of the plaintext is verified using Poly1305 authentication code.
• The sent and received messages are stored in encrypted form on a user’s computer – the user can view their decrypted contents when correct entry password to EndCryptor has been given. The stored messages can be searched, moved between different user creatable mailboxes. 
• Messages can be exported in eml format. They can be imported into email archiving solutions. The exported files are digitally signed to detect tampering. They can also be viewed by many email client programs or dragged and dropped into an existing local email folder (e.g. into Mozilla Thunderbird). The export feature allows the user to have a complete cleartext archive of the communication.
• The stored messages can be backed up by copying and the backups can be decrypted using a personal or a companywide (optional) export key. EndCryptor can take a backup of the security database and restore it. That backup can be encrypted. The stored emails can also be backed up by EndCryptor immediately after they have been written to disk.



Properties under classical attack when the security database of e.g. Alice is exposed
(suppose that Alice is communicating with Bob):

• Old and future messages sent from Alice are protected.
• Backward security: encrypted messages that have been decrypted by Alice are protected.
• Recovery from an attack: when the next new message from Alice to Bob has been decrypted then the messages from Bob to Alice cannot anymore be decrypted by adversary.
• Certain kind of protection against identity theft: either the theft attempt fails or it succeeds but then all future messages exchanged between Alice and Bob will be rejected. Protection against identity theft is important since a user may have blind reliance on the protection given by a digital signature. If the security data is exposed to a hacker then identity theft can be tried. 
• Reports messages that have not been decrypted. The sender of a message can be sure that the receiver has decrypted the message. Important e.g. when the message contains some latest technical document that must be used by the receiver ².
• Possibility to delete the keys of a missing message - if a message is encrypted but not received then the intended receiver can delete its decryption keys. This requires that the receiver has received a newer message from the sender.
• Protection against replay attack where an adversary copies an encrypted message during its traversal in the net and later resends it: 1) a message can be decrypted only once  2) the decryption keys of missing messages can be deleted.
• EndCryptor stores the received SSL/TLS certificates from the email server and counts the number of times a certificate is used and shows the properties of the certificates. It is possible to require that the Certificate Transparency SCT List extension in the certificate must be validated - this e.g. prevents the usage of certificates that are issued by a non-public Certificate Authority. These kind of certificates can be used to decrypt SSL/TLS traffic. It can be specified which certificates are allowed to be received. Certificates can be imported and exported to/from the collection of certificates. The allowing/denying of specific certificates is a highly advanced option and is motivated by the attacks using the infrastructural problems of SSL/TLS which must be used when connecting to an email server. If an attack using hostile certificate succeeds the already encrypted EndCryptor message that is an attachment in the email stays protected but the attacker gains user’s user’s username and password to the email server. To read about the risks involved when using only SSL based (or web-based HTTPS) solution see the risks of SSL and Kazakhstan intercepting browser traffic.
• Compression of plaintext. Required amount of random bytes are added to hide the length of this compressed plaintext - encrypted messages have different sizes even if their decrypted content is the same.
• A message may have more than one receiver. Contacts can be grouped.
• File wiping, calculation of a cryptographic hash value (checksum) of a file.
• If an Internet connection is considered to be too risky then EndCryptor can be run entirely disconnected from the network. When a message is encrypted a list of its receivers can be stored in a text format, the message and the list of its recipients can be stored in user given folder. The encrypted message and this list are moved to the actual sending machine using removable media. When decryption is needed the encrypted message is delivered to the receiving EndCryptor again using removable media. EndCryptor can be set to monitor some user given folder for new encrypted messages. A custom made program can be defined so that it is used whenever a message is being sent.
• The security database and the stored sent and received messages can be moved to removable media and accessed from it. Thus it is possible to use EndCryptor both from office and laptop computers. The size of an empty security database is about 1 MB.

Notes:

1^. On August 2016 security companies Kaspersky and Symantec revealed a spying operation named as Project Sauron or Remsec which had run undetected about 5 years. The operation was a spying operation, which according to Kaspersky was: "designed to enable long-term cyber-espionage campaigns" and "has high interest in communication encryption software widely used by targeted governmental organisations. It steals encryption keys, configuration files, and IP addresses of the key infrastructure servers related to the software."  Symantec says about the malware that there is a "module that contains a string named “Sauron” in its code. Given its capabilities, it is possible the attackers have nicknamed the module after the all-seeing villain in Lord of the Rings." On July 2015 it was reported that a hacker stole massive amounts of data from Hacking Team's servers and uploaded it to internet for everybody to read. The company is a spyware developer for governments and law enforcements. The stolen data included a GPG private key of an engineer thus exposing all GPG encrypted traffic to this person. Did the victim use a server that automatically uses GPG and therefore stores the private keys?  On April 2015 network security company FireEye reported that malware named APT30 had been found to have been spying 10 years mainly in South East Asia. Among data it collected were files ending with .pgp. The malware "is particularly interested in regional political, military, and economic issues, disputed territories, and media organizations and journalists who report on topics pertaining to China and the government's legitimacy". On July 2014 F-Secure reported about CosmicDuke malware which had attacked against NATO and European government agencies. This malware stole among other things certificates and their private keys. On February 2014 Kaspersky Lab announced that they had found and analyzed Mask - "an advanced threat actor that has been involved in cyber-espionage  operations since at least 2007 ...  one of the most complex APT we observed ... more than 380 unique victims in 31 countries ... could be a nation-state sponsored campaign ... can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyse WiFi traffic, fetch all information from Nokia devices, screen captures and monitor all file operations ... 32-and 64-bit Windows versions, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone". Interestingly the keylogger module was named "PGPsdkDriver".  The Red October malware which was also found and analyzed by Kaspersky Lab (results published in January 2013) collected *.crt, *.cer (these are certificate related), *.pgp, *.gpg, pubring.*, secring.* (PGP, and GPG related) files and recorded key presses and values in password fields. The Red October was operating about 5 years and targeted diplomatic, governmental and scientific research organizations in different countries, mostly related to the region of Eastern Europe, former USSR members and countries in Central Asia. A report published on March 2013 from CrySys Lab in Hungary  says about TeamSpy malware: “Many of the victims appear to be ordinary users, but some of the victims are high profile industrial, research, or diplomatic targets”.The malware collected .pgp and .p12 (certificate related) files, victims include Embassy of NATO/EU state in Russia and multiple research/educational organizations in France and Belgium. TeamSpy was operating for almost a decade. The Winnti malware found in April 2013 collects certificates and their private keys. The Nimkey virus (detected 2010) steals keystrokes and certificates (e.g. to get the private key of a S/MIME certificate). First example  of a virus that stole PGP’s security database "keyring" was Caligula virus (1999), this attack did not use a keylogger, but was a proof of concept attack.

2^. Encrypted messages are numbered and they contain an encrypted list of earlier messages that are not decrypted. When you receive a message and decrypt it you know which messages sent by you were not decrypted when the received message was encrypted. The report of each contact's not decrypted messages is shown at request.