Tutanota automatically encrypts all your emails, calendars and contacts.
Tutanota offers more than just easy email encryption. Tutanota makes sure that all your data is always encrypted and can only be accessed by one single person: You.
Tutanota brings automatic encryption to all your devices. Whether you're at home, at work or on the go, encrypting your emails, your calendars, and your address book has never been easier.
Here we explain everything that you need to know about what is encrypted in an end-to-end encrypted email in Tutanota, in an encrypted calendar event and in an encrypted contact entry.
Email encryption utilizes encryption keys to render the content of an email unreadable to anybody but the sender and the recipient. Thus, encrypting emails end-to-end protects sensitive information from prying eyes.
Encrypting emails on the go is very easy with Tutanota.
PGP is a widely used standard to encrypt emails. In comparison to PGP, Tutanota offers multiple advantages.
When you encrypt your emails with PGP, the following data is encrypted:
When you encrypt your emails with Tutanota, the following data is encrypted:
Tutanota uses the same algorithms as PGP - AES and RSA - to encrypt emails. By designing the encryption ourselves, we can make sure that as much data as possible is being encrypted. This flexible design also allows us to implement encrypted features such as the encrypted calendar and a fully encrypted address book at a much faster pace.
The entire client code of Tutanota is published on GitHub to make sure that security experts can check the code and verify that no encryption backdoors are included.
The examples shown below demonstrate how Tutanota's implementation of end-to-end encryption is superior to PGP. Our method allows us
All these features are impossible to implement with the PGP standard.
Tutanota encrypts as much data as possible directly on your device. You can verify this yourself: When logged in in a web browser, press F12 to open the developer console. Then click on 'Network' and 'Preview' to see what data is sent to the server. This view is updated every time you open an email, a contact or a calendar entry. All texts that are rendered in non-readable form by humans are sent to the server end-to-end encrypted and Base64-encoded.
The screenshot shows the encrypted email contents. Similar to PGP, Tutanota encrypts the data of an email end-to-end with a hybrid encryption protocol based on AES and RSA.
Your signature is appended to new mails automatically. With Tutanota, your signature is stored end-to-end encrypted on our server and synchronized to all of your devices.
As Tutanota does not use PGP, it can encrypt a lot more data of an email than just the contents. This is illustrated by the next screenshot.
The most important thing is that Tutanota encrypts the "subject" as well as the names of the "sender" and the recipient ("toRecipients").
The only data that is not encrypted in a Tutanota email are the email addresses and the date of an email sent or received.
Regarding email security, there are two different cases:
In both cases, all emails are stored fully encrypted on our servers. We never store unencrypted emails on our servers. However, the non-encrypted emails are not protected with end-to-end encryption, but are only encrypted once they reach our servers.
The Tutanota Calendar is a true zero-knowledge calendar because our servers knows nothing about your encrypted events. All data that you store in the calendar is encrypted: The "description", the "endTime", the "location", the "startTime", the "summary", the "uid" (the ID of the event), the "alarmInfos" (which are the reminders that you can define to be notified about upcoming events), and the "repeatRule" (which is the rule to define in what interval and until what date the event should be repeated).
The Tutanota Calendar also encrypts notifications. This is a very innovative approach, but if a calendar does not encrypt the notifications, it renders the entire encryption useless as all data would be transmitted with the push notification in unencrypted form. These alarms are even stored locally on your devices to hide them from our servers. This means we do not know anything about your calendar events, not even when an event is taking place.
In contrast to that, current standards such as iCal do not encrypt any data. If you store your events with an online service for easy access and syncing, you can be sure that someone else is seeing all your calendar events.
In the zero-knowledge Tutanota Calendar all your data is always encrypted so that no one, not even we as the developers, can see your private appointments.
Tutanota contacts are encrypted entirely, just like the Tutanota Calendar. You can store all your contacts details in Tutanota knowing that no one but yourself can get access to this very personal information of your family members, your friends or your business contacts.
Tutanota automatically encrypts the "birthdayISO", the "comment", the "company", the "firstName", the "lastName", the "nickname", the "role", the "title", the "addresses", the "mailAdresses", the "phoneNumbers", and the "socialIDs".
Our motto at Tutanota is to encrypt everything that is possible to encrypt. With our encrypted mailbox, calendar, and address book, we prove that online services can work just as smoothly and easily as you are used to while making sure that your data is secured to the maximum at the same time. At Tutanota your data belongs to you.
We hope you enjoy the security you get with Tutanota.