New in this release


Release October 18, 2017

Fixed a bug relating to synchronization of quantum attack resistant key exchange.

Release October 7, 2017

Some bug fixes. New feature: user's log term public key can now be automatically generated once a year. If wanted it is also uploaded to the Web Direvtory.

Release September 27, 2017

EndCryptor protects now against attacks done by current classical and future quantum computers. Scientists consider that it may be possible that such quantum computers could be built within 10-15 years that could break current classical public keys. Therefore cryptographers are developing new kind of public keys - which currently are understood to resist quantum attacks. There are several possible solutions.

The quantum attack resistant public keys introduced in this release are called Supersingular Isogeny Diffie-Hellman keys. The implementation library of these SIDH 2.0 keys is designed by Microsoft (it is available under the MIT license). 

Release August 9, 2017

Fixed a bug that occurred when deleting emails that were stored on removable media. Because of the bug the email body and attachments were not deleted if they were on removable media (the encryption keys were wiped and the email body was wiped).

Release August 7, 2017

Fixed a bug that under certain rare conditions prevented the last part of a message being shown.

Release July 27, 2017

Update to previous release and bug fixes.

Release July 24, 2017

Improved deletion of received emails from IMAP server.

Release April 18, 2017

Improvements to some internal operations.

Release March 15, 2017

Some modifications to how Outlook handles endcryptor files.

Release December 22, 2016

Some bug fixes.

Release December 7, 2016

The Web Directory can now be accessed using TLS 1.1 or 1.2 if the Net Framework in the machine supports them, previously TLS 1.0 was used.

Release 2.5.3 September 26, 2016

Introducing Web Directory - an online directory for public keys. It stores user's email address and the public key related to it. When the user adds a new contact the directory is searched for the email address and the public key is returned.

User's email address and public key are added after the user has received verification email which proves that the user is in control of the email address.

When a long term public key is received in encrypted email from a user that is in Web Directory it also contains a signed proof that the sender's public key is related to sender's email address.

The usage of Web Directory is not mandatory. The user can easily delete all his/her data from the Web Directory.

Release 2.5.2 June 13, 2016

Fine tuning the selection method of emails from email server in IMAP. Some minor modifications to user interface.

Updated - 2.5.201 -  on June 28, 2016.  The official Sha3-256 is now used to calculate the cryptographic hash (message digest) of an attachment if the receiver has at least this release 2.5.201 - otherwise the Keccak-256 algorithm is used. The SHA3-256 and the Keccak-256 differ only in the padding that is appended to the end of the input. They have identical security properties.

Release 2.5.1 October 19, 2015

EndCryptor can now take backups of the security database and the stored emails. The security database can be restored from the backup. The stored emails can be backed up immediately after they have been written to disk.

Release 2.5.0 September 23, 2015

Long term public keys are introduced. The first encrypted emails can now be encrypted using these long term public keys. The protocol initialization now happens automatically when such encrypted emails are being exchanged. The user can publish the long term public key on company website and on social media. One only needs the recipient's public key to send encrypted email to that person.

Example of a public key:

Base64 format:


Hex format:

BB09 B1DA 05F4 BB5B 87BA EB69 3224 1ADC
3CCF 5173 DBDC 9969 F253 BF38 4A6F C4A9

The keys are Ed25519 public keys. 

In EndCryptor at the beginning of the email exchange the user published long term public keys are responsible for the protection of the email. EndCryptor puts inside the first encrypted emails newly created short term public keys that initialize the patented protocol that continuously changes internal short term public keys when emails are being exchanged.

Easy backing up of stored emails. The encrypted stored emails that are viewable by user can now be backed up by simply copying them to a backup storage.  The user has an Export Key file and its password which are used to decrypt the backed up files. It is also possible to use a companywide Export Key.

When this release starts it converts a possible old security database to a new format.

Release May 13, 2015

The installation of a license and email account configuration can now be done automatically by placing a file in a specific folder by company's system administrator. The actual user need not know the technical details of company's email servers.

Updated - -  on May 15, 2015. Fixed a bug that occurred when reading IMAP response from certain IMAP server software.

Updated - -  on May 26, 2015. Support for Gmail's Oauth2 authentication mechanism.

Updated - -  on May 27, 2015. Clarified help message concerning DNS query on proxy setting if Gmail is used. 

Updated - -  on June 3, 2015. If initialization files are certified then this can be restricted to happen to only those recipients that are in the same domain as the sender - useful if the certificate is not issued by globally trusted CA.

Updated - -  on June 30, 2015. Bug fixes. 

Updated - -  on July 27, 2015. Minor change to user interface relating to ordering  of a license.

Release December 10, 2014

Improvements to some error handling scenarios.

Updated - -  on December 16, 2014.
Updated - -  on December 26, 2014.
Updated - -  on January 5, 2015.

Release September 3, 2014

There is a new option available when messages are sent manually by them saving to disk. Some bug fixes.

Updated - -  on September 10, 2014.
Updated - -  on October 6, 2014.
Updated - -  on October 23, 2014. The Handshake Password is now by default not used, can be used if wanted.
Updated - -  on October 30, 2014. Fixed bug in email account testing that occured under certain conditions.
Updated - -  on November 18, 2014. Maintenance to message editor.
Updated - -  on November 21, 2014. Message editor now shows email address when recipients are selected.
Updated - -  on December 1, 2014. Fixed a bug in search where the number of emails to be searched was sometimes not updated. Minor change to UI of message editor.

Release August 20, 2014.

EndCryptor now uses Microsoft's Schannel for SSL in more direct way than previously. Now the latest version of TLS that the computer being used supports can be used. If the user decides to view the connection log e.g. when doing a receive test the cipher suites wanted by client and the suite selected by server can be seen as well as the TLS version wanted and selected. There are also new options on how to process the received certificate from the email server.

It is now possible to use a Bcc: (Blind Carbon Copy) field in outgoing email envelope.

Updated - -  on August 25, 2014.

Example from connection log:
<Client's TLS suggestions:>
Highest supported TLS version: 1.2
Ciphersuites wanted by client, most wanted topmost:
Compression methods wanted by client, most wanted topmost:
<Server selected TLS values:>
TLS version: 1.2
Cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Compression method: NULL

Release August 4, 2014

This is a maintenance release, e.g. fixes an issue in Message Editor on Undo operation after certain Paste operations.

Release July 10, 2014

Support for Socks proxies, versions 4 and 5. This means e.g. that the Tor anonymisation network can be used now.

Release June 27, 2014.

Maintenace to email sending and receiving program.The IMAP receiving in IDLE state now does not give error prompt if the server suddenly cancels the connection - the program tries to make a new connection silently.

Release April 30, 2014.

Support for the ChaCha20 cipher and Poly1305 authenticator. If both the sender and the receiver use at least this version 2.4.5 then these primitives will be used - ChaCha20 to encrypt the message and Poly1305 to authenticate the decrypted plaintext.

Release March 27, 2014.

Support for the Edwards curve Ed25519 for signing and the Curve25519 for Diffie-Hellman calculation. Use Tools->Options for selection.

Updated ( on April 16, 2014.

Release February 19, 2014.

Maintenance to user interface.The installation file now contains the Microsoft.mshtml.dll that is required by Windows 8.
Updated ( on March 6, 2014.

Release January 22, 2014.

Maintenance to user interface. Update fix released for New Contact dialog on January 28, 2014.

Release November 12, 2013.

The outgoing file can now be placed into user defined folder if the Save button is pressed. It is possible to send using custom made program. EndCryptor can be set to monitor user given folder for incoming files. Some minor renaming of buttons in user interface.

Updated November 18, 2013. The IMAP receive test now reports correctly whether or not the server supports the IDLE command. Support for IMAP SASL-IR (SASL initial client response extension) which reduces the time needed for making the IMAP connection

Release October 7, 2013.

It is now easier to create the settings for an email account.

Release September 17, 2013.

The encrypted emails now end with Keccak mac (message authentication code). This is done if both the sender and receiver have done the contact initialization using at least this release If there is the Keccak mac then also the signature and the ephemeral public key in the message are encrypted.

Release September 2, 2013.

The NIST (National Institute of Standards and Technology of USA) informed the crypto community last week that the forthcoming official specification of SHA3 will change the tunable parameters of Keccak – the SHA3 competition winner- so that it will be faster but still highly secure. Since EndCryptor uses the settings of the winning specification (bitrate 1088 and capacity 512) the name of the hash function used is changed from SHA3 to Keccak.

Release August 27, 2013.

The entry password is now given in more user friendly dialog.

Older releases are not shown here.