codejodler at gmx.ch
Tue Dec 19 12:48:25 CET 2017
For those who don't like to read it up, the core is that autocrypt exchanges public PGP keys 'in the background' (i.e. in headers) communication with a first, empty mail sent between the communication partners. After that, following communication with that partner uses that key.
From user side, if you send a mail to someone whos MUA also is supporting autocrypt, the communication will be encrypted automaticly without configuration.
You might aks what's the providers role (when normally the thing is done between MUA) ? Here are some details.
(1) They will be adding an autocrypt header for senders whose MUA does not support it yet. (For that to work, they need the user to upload their PGP key to the provider first, see below.) If a MUA has already added autocrypt header, they won't touch it.
(2) Also, that provider says they generally add DKIM signature to the autocrypted communication to prevent 'man-in-the-middle' manipulation.
(3) They offer automatic encryption of any incoming mails, even if they're not encrypted by sender.
(4) They also support a OpenPGP-Header which contains links for recipients where to find the public key.
Of course, for all that, one has to create a PGP pair first. You then upload your key(s) to their server from their Web GUI. They give links to descriptions using Enigmail or Mailvelope.
They recommend that MUAs inform users about changes of key or encryption state (on/off).
More information about the Users