An End-to-End email encryption program - Protects email at rest and in motion released:  May 20, 2019

News: EFAIL attack on OpenPGP and S/MIME


The free trial period is 60 days. Requires Windows  Vista or Windows 7, 8, 10.

Buy Now. Pricing and ordering.

Free Tools

Contact us:

Contact form


We communicate in English and in Finnish (Vastaamme tarvittaessa suomeksi)

Enternet, Inc. (Enternet Oy)
VAT nr.: FI08210504

Quickstart guide

Cryptographic technical details

Features pdf

Documentation pdf

YouTube video on sending email (1:10)

 YouTube video on installation (2:38)

Privacy Policy

Superior protection for the real world

EndCryptor protects old encrypted emails - that were copied by an adversary when they traversed the internet - also then when the adversary gets current encryption keys by hacking into user's computer.

Easy to use

No knowledge of cryptography is required. The user interface is similar to a typical email client. User's current email account is used to deliver the encrypted emails.

End-to-End Encryption

The email is encrypted at sender’s computer and it can be decrypted only at true receiver’s computer.

Quantum attack resistant

It may be possible that within 10 years there will be computers that can break current classical public keys. EndCryptor uses classical public keys and new quantum attack resistant public keys. Note that otherwise current encrypted traffic can be copied and decrypted by quantum computers when (if) they become reality.

Patented technology, state of the art cipher and public keys

The protocol that provides the features has been patented in USA.  The implementation of symmetric encryption and public keys uses publicly available source code developed by the scientists who designed the systems. 

Main features

EndCryptor offers features that are essential for real world protection: backward security and recovery from an attack. It is important that there is protection when a hacker gets access to current secret encryption/decryption keys.

EndCryptor is more secure than competitors

Comparison between EndCryptor and S/MIME and the PGP-family of email encryption products (PGP, OpenPGP, GnuPG, ...) in case of a successful spying attack which reveals current secret keys - like private keys of public keys - to the attacker. 
  EndCryptor S/MIME and PGP-family
Backward security (= are encrypted messages sent to the victim before the attack protected?)  YES NO
Recovery from the attack will happen When the next message from the victim is decrypted. In quantum attack when next quantum attack resistant Diffie-Hellman key exchange is done. When the new public key of the victim is received. This usually happens at predetermined intervals - after several months or years. No protection against quantum attacks.
Identity theft will be revealed YES NO
Email encryption software

Recently this kind of attack has been done e.g. by a hacker attacking Hacking Team spyware company and malwares Sauron, APT30, Red October, TeamSpy and Mask 1  - which operated undetected about 5, 10, 5, 10 and 7  years, respectively - and stole among other things encryption keys. The main targets of e.g. Mask fall into the following categories: government institutions, diplomatic / embassies, energy, oil and gas companies, research, private equity firms, activists.

Without backward security and recovery from attack a single successful spying attack into your computer leads to the exposure of all previous and future encrypted communication sent to you! In some solutions also all communication sent from you is exposed – this happens if the solution is such that the sender of a message can decrypt it after its encryption!  After a successful attack the adversary does not need to access your computer anymore. What the adversary then needs is encrypted messages created before and after the attack. Using the information provided via the attack they can be decrypted. In the light of recent leaks about state level data interception and collection it is known that encrypted messages (emails, chats …) are routinely collected and stored - in the hope that the keys are later obtained.

The spying attack can e.g. be the utilization of dedicated spyware, worm, virus or the usage of a newly published security hole through which the computer can be accessed from the network and then the usage of a keylogger to capture the entry password to the encryption software's database (S/MIME certificate, keyring or whatever it is called) and the password's and the data's transmittal to the attacker. This exposure of the security data can happen other ways also: the user turns from friend to foe and reveals his own security data to the adversary; or is forced (e.g. by a court order) or lured to reveal current security data; etc.

After the exposure old and new encrypted messages sent to the victim can be decrypted unless the software is prepared to face the exposure of its security database.

If recovery from attack is provided then after the recovery the attacker must be able to obtain  the security data again in order to be able to continue decrypting new messages - this may, however, now be impossible e.g. if the program containing the security hole has been updated and the bug fixed.

EndCryptor is a solution that considers the unwanted but realistic possibility that at some point in time the security data - private keys, etc. - are revealed to an adversary. Our results in case of a classical attack: old sent and received communication of the victim is protected and also future sent communication from the victim is protected. The restoration of total security happens when the next message from the victim has been decrypted.

The features offered - backward security and restoration of security - are new on the offline communication market i.e. in email communication 2.