The free trial period is 60 days. Requires Windows Vista or Windows 7, 8, 10.
We communicate in English and in Finnish (Vastaamme tarvittaessa suomeksi)
Enternet, Inc. (Enternet Oy)
Superior protection for the real world
EndCryptor protects old encrypted emails - that were copied by an adversary when they traversed the internet - also then when the adversary gets current encryption keys by hacking into user's computer.
Easy to use
No knowledge of cryptography is required. The user interface is similar to a typical email client. User's current email account is used to deliver the encrypted emails.
The email is encrypted at sender’s computer and it can be decrypted only at true receiver’s computer.
Quantum attack resistant
It may be possible that within 10 years there will be computers that can break current classical public keys. EndCryptor uses classical public keys and new quantum attack resistant public keys.
Patented technology, state of the art cipher and public keys
The protocol that provides the features has been patented in USA. The implementation of symmetric encryption and public keys uses publicly available source code developed by the scientists who designed the systems.
EndCryptor offers features that are essential for real world protection: backward security and recovery from an attack. It is important that there is protection when a hacker gets access to current secret encryption/decryption keys.
EndCryptor is more secure than competitors
Recently this kind of attack has been done e.g. by a hacker attacking Hacking Team spyware company and malwares Sauron, APT30, Red October, TeamSpy and Mask 1 - which operated undetected about 5, 10, 5, 10 and 7 years, respectively - and stole among other things encryption keys. The main targets of e.g. Mask fall into the following categories: government institutions, diplomatic / embassies, energy, oil and gas companies, research, private equity firms, activists.
Without backward security and recovery from attack a single successful spying attack into your computer leads to the exposure of all previous and future encrypted communication sent to you! In some solutions also all communication sent from you is exposed – this happens if the solution is such that the sender of a message can decrypt it after its encryption! After a successful attack the adversary does not need to access your computer anymore. What the adversary then needs is encrypted messages created before and after the attack. Using the information provided via the attack they can be decrypted. In the light of recent leaks about state level data interception and collection it is known that encrypted messages (emails, chats …) are routinely collected and stored - in the hope that the keys are later obtained.
The spying attack can e.g. be the utilization of dedicated spyware, worm, virus or the usage of a newly published security hole through which the computer can be accessed from the network and then the usage of a keylogger to capture the entry password to the encryption software's database (S/MIME certificate, keyring or whatever it is called) and the password's and the data's transmittal to the attacker. This exposure of the security data can happen other ways also: the user turns from friend to foe and reveals his own security data to the adversary; or is forced (e.g. by a court order) or lured to reveal current security data; etc.
After the exposure old and new encrypted messages sent to the victim can be decrypted unless the software is prepared to face the exposure of its security database.
If recovery from attack is provided then after the recovery the attacker must be able to obtain the security data again in order to be able to continue decrypting new messages - this may, however, now be impossible e.g. if the program containing the security hole has been updated and the bug fixed.
EndCryptor is a solution that considers the unwanted but realistic possibility that at some point in time the security data - private keys, etc. - are revealed to an adversary. Our results in case of a classical attack: old sent and received communication of the victim is protected and also future sent communication from the victim is protected. The restoration of total security happens when the next message from the victim has been decrypted.
The features offered - backward security and restoration of security - are new on the offline communication market i.e. in email communication 2.
bpc = bits per character (byte). EndCryptor was used with the default settings.
|Tutorial on public keys||The risks of SSL|
|Compare to competitors||Avoid security through obscurity|
|Cryptographic technical details||Hash function used|
|Features pdf (2019-03-06)||
|Quickstart||Useful Tips - Screenshots|
|Cryptographic strength||Passphrase Generator|
On August 2016 security companies Kaspersky and Symantec revealed a
spying operation named as Project
or Remsec which had run
undetected about 5 years. The operation was a spying
operation, which according to Kaspersky was: "designed to enable long-term cyber-espionage campaigns" and "has high interest in communication encryption software widely used by targeted governmental organisations. It steals encryption keys, configuration files, and IP addresses of the key infrastructure servers related to the software." Symantec says about the malware that there is a "module that contains a string named “Sauron” in its code. Given its capabilities, it is possible the attackers have nicknamed the module after the all-seeing villain in Lord of the Rings." On July 2015 it was reported that a hacker stole massive amounts of data from Hacking Team's servers and uploaded it to internet for everybody to read. The company is a spyware developer for governments and law enforcements. The stolen data included a GPG private key of an engineer thus exposing all GPG encrypted traffic to this person. Did the victim use a server that automatically uses GPG and therefore stores the private keys? On April 2015 network security company FireEye reported that malware named APT30 had been found to have been spying 10 years mainly in South East Asia. Among data it collected were files ending with .pgp. The malware is 'particularly interested in regional political, military, and economic issues, disputed territories, and media organizations and journalists who report on topics pertaining to China and the government’s legitimacy'. On July 2014 F-Secure reported about CosmicDuke malware which had attacked against NATO and European government agencies. This malware stole among other things certificates and their private keys. On February 2014 Kaspersky Lab announced that they had found and analyzed Mask - "an advanced threat actor that has been involved in cyber-espionage operations since at least 2007 ... one of the most complex APT we observed ... more than 380 unique victims in 31 countries ... could be a nation-state sponsored campaign ... can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyse WiFi traffic, fetch all information from Nokia devices, screen captures and monitor all file operations ... 32-and 64-bit Windows versions, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone". Interestingly the keylogger module was named 'PGPsdkDriver'. The Red October malware which was also found and analyzed by Kaspersky Lab (results published in January 2013) collected *.crt, *.cer (these are certificate related), *.pgp, *.gpg, pubring.*, secring.* (PGP, and GPG related) files and recorded key presses and values in password fields. The Red October was operating about 5 years and targeted diplomatic, governmental and scientific research organizations in different countries, mostly related to the region of Eastern Europe, former USSR members and countries in Central Asia. A report published on March 2013 from CrySys Lab in Hungary says about TeamSpy malware: “Many of the victims appear to be ordinary users, but some of the victims are high profile industrial, research, or diplomatic targets”. The malware collected .pgp and .p12 (certificate related) files, victims include Embassy of NATO/EU state in Russia and multiple research/educational organizations in France and Belgium. TeamSpy was operating for almost a decade. The Winnti malware found in April 2013 collects certificates and their private keys. The Nimkey virus (detected 2010) steals keystrokes and certificates (e.g. to get the private key of a S/MIME certificate). First example of a virus that stole PGP’s security database 'keyring' was Caligula virus (1999), this attack did not use a keylogger, but was a proof of concept attack.
2 ^. In online communication (e.g. chatting, SSL or https) the corresponding term for backward security is Perfect Forward Secrecy (PFS) – which means that if a message is decrypted securely now it cannot be decrypted again in the future by opponent even if the opponent obtains the encryption keys of that future time. To read more of the risks of web based solutions read The risks of SSL page.
3 ^. Encrypted messages are numbered and they contain an encrypted list of earlier messages that are not decrypted. When you receive a message and decrypt it you know which messages sent by you were not decrypted when the received message was encrypted. The report of each contact's not decrypted messages is shown at request.
Email Composing Window:
Add New Contact: