A Look Under the Hood
For those interested in just a bit more detail, here you go…View Diagram: How Secure Messages are Sent & Received with Enlocked
How your email normally works
When you draft an email using your current system, the communications with your own server is likely using SSL / HTTPS, which means the session in which you create that message is secure. But as soon as you hit the send button, if any of the recipients are external, that message is sent in the clear, able to be read by anyone along the way. What’s more, anyone with access to one of your recipients’ inbox can also read it. Further, your email provider (or administrator) can reset your password and read any email you’ve sent or saved. Given all the recent disclosures of government snooping, email messages sent by you over public carrier networks or stored with the major email providers are far from private.
Sending a Secure Email Message with Enlocked
Enlocked changes all that, easily, simply and securely. It encrypts your message locally on your system - before sending it out to your email provider—so the privacy of your message is protected. Only you and your authorized recipients can decode the encrypted message and nobody, not even Enlocked, has the passwords required to unlock users’ private keys.
The way this is done depends on how you send your email. The important thing is that the encryption is done “client side” to provide “end-to-end encryption” as the technical folks say.
- If you use our Enlocked Anywhere web-based service, we’ve implemented a complete encryption / decryption engine that runs in the background of your browser session. So, when you hit the “Send Secured” button, it uses your PGP key plus the public PGP keys of your recipients to encode the message. Then either we’ll send it on your behalf (we can’t read it since you’ve already encrypted it) or you can send the encrypted message as an attachment with your own email application.
- If you use one of the Enlocked plugins for Gmail or Outlook, or one of the Enlocked apps available for Apple or Android devices, the encryption is also done locally. When ready, your standard email transport takes care of sending the now unreadable contents the rest of the way.
To send a secure message with Enlocked there is no separate login or need to use another email application, no special email addresses to use, no keys to exchange with your recipients—just a "Send Secure" button.
Reading a Secured Message with Enlocked
When you receive an encrypted message, the process is simply reversed.
If you are using Enlocked Anywhere, once you login your browser requests your encrypted key from our server. Then, when you enter your password, your key is decrypted for use during your session. The Enlocked Anywhere page is more than just HTML… it contains the code necessary to use your key and read the encrypted content. When you drag and drop a secure attachment onto the Enlocked Anywhere page, this software running in your browser (locally, on your machine!) uses that key, decodes the message—including any attachments—and displays the content in your window.
If you’ve installed the Enlocked plugin for Gmail / Chrome on your system, or one of our mobile apps for your Apple or Android device, it follows a similar process. The plugin or app requests your encrypted key from the Enlocked server, and then you enter your password to unlock the key. The key is useless without the password, and the password never leaves your system. When you select a secure message, the plugin or app opens the secure attachment, uses your unlocked key to decrypt the message locally on your device , and then displays it on your phone, tablet or computer.
How does it work when sending to someone without an account?
One thing to be aware of, is the case when you send an Enlocked-secured email to someone who does not have an Enlocked account. Since these first time users have not yet stored their protected key, we create a temporary key for them. Should you have concerns about the potential access to this key, simply send your recipient an initial Enlocked message without anything sensitive, telling them you’ll be using Enlocked and ask them to reply. Once you receive a secure response, you’ll know that they have a new key with their own password that nobody knows or has access to except them. Not even Enlocked. Even with a legitimate court-ordered or government request, all that Enlocked can turn over is the encrypted key, which is useless without the user’s password.
Here's a detailed overview of the process:
- The message is composed using the Enlocked mobile app, Enlocked plugin, or Web-based Enlocked Anywhere
- Attachmentments, if any, can be added
- Clicking the "SEND SECURE" button initiates the encryption process
- All processing is performed locally on the device
- Once sender's credentials are confirmed, public keys of recipient(s) are retrieved from the Enlocked server
- Messages are encrypted locally using sender's & recipient's public keys
- The encrypted content, including all attachments, is bundled into a single HTML attachment which includes "How to Read" instructions for recipients
Send Secure Message
- The secure HTML message attachment is passed to your email client, or if you wish can be sent by Enlocked on your behalf
- Messages can only be read with the sender's or recipient's private keys, which are protected with a passphrase that not even Enlocked knows
Message Sent Via Standard Email Providers
- Enlocked never sees or stores your messages
- Messages can only be read with the sender's or recipient's private keys, which are protected with a passphrase that your email provider does not know
Receive Secure Message
- The encrypted message is received, with reader instructions
- The recipient opens the HTML attachment containing the secure message
Secure User Authentication
- Recipient is prompted to sign-in to Enlocked. New users will be prompted to create their own account & confirm their email address.
- The secure user authentication process is initiated
- Recipient's email address & password are transformed LOCALLY into bcrypt hash which means Enlocked NEVER SEES YOUR PASSWORD
- The bcrypt hash is checked against the Enlocked User Database
- Once matched, the private key is retrieved, LOCKED by your passphrase, from the Enlocked server
- The private key is then unlocked locally
Decrypt / Read Message
- The message is decrypted with the Recipient's key using the Enlocked mobile app, Enlocked plugin, or Web-based Enlocked Anywhere
- Message attachments are unpacked as separate files
- The message & attachments can now be read
- All processing is performed locally on the device
- For users who have installed the Enlocked Plugins, or are using the Enlocked Mobile App, steps 5, 6 & 7 are performed automatically, and the readable message is displayed in your email application or Enlocked Mobile App
- In addition to storing public keys & passcode-protected private keys, the Enlocked Server also distributes these keys to authenticated users
- Enlocked Plugin for Outlook is stored & distributed from the Enlocked server (Enlocked mobile apps & browser plugins are available from their respective App Stores)
- The Enlocked Anywhere web-application software is stored remotely on the Enlocked server, and is delivered on-demand after user sign-in to run locally in the user's browser
How it Works
Try it Out
See how easy it is to send and receive secure email from the browser, your desktop, or your mobile device.Send a Test Message
Download the Enlocked App for your mobile device to read & send secure email on the go.Download Enlocked App
Integrate Enlocked into your email client for easy, one-click convenience. Download Enlocked plugins now!Get Enlocked Plugins