Volksverschluesselung: secure e-mail for Germany
Jun 29, 2016
Secure end-to-end-encryption for everybody from now on
- Fraunhofer SIT and Telekom launch free solution
- User-friendly software for everyone
- End-to-end encryption without backdoors
Jun 29, 2016: End-to-end encryption for everyone: The Fraunhofer Institute for Secure Information Technology (SIT) and Deutsche Telekom are launching their Volksverschlüsselung software on June 29. It consists of user-friendly software developed by the Fraunhofer SIT and the corresponding infrastructure operated by Deutsche Telekom in a high-security data center. The Volksverschlüsselung service will allow Windows users to make their own computer encryption-capable with just a few clicks. The software can be downloaded at www.volksverschluesselung.de for free. The source text can also be viewed there.
"Encryption is the basis for autonomous digital communication. We are supporting Volksverschlüsselung as an important factor in this autonomy and are stepping up to our digital responsibility in doing so," said Thomas Kremer, Board member for Data Privacy at Deutsche Telekom, in Berlin. "Burying your head in the sand and thinking 'no-one is interested in my e-mails anyway' makes users easy prey. We want people to take responsibility for their digital communications," he continued.
Prof. Michael Waidner, Head of Fraunhofer SIT: "Volksverschlüsselung allows people to improve their digital autonomy and protect themselves against unwanted mass surveillance. With our new service, we are supporting the government's digital agenda and meeting the requirements of the charter to strengthen trustworthy communication which was presented and signed by representatives from business, science and government at the last IT Summit."
Volksverschlüsselung is software which generates both the required cryptographic keys, as well as suitably configuring the users' e-mail programs. For the actual encryption most users do not need a new program; most e-mail programs support encryption out of the box if suitable keys are available. Thus even unexperienced users can send encrypted e-mails.
Volksverschlüsselung generates the cryptographic keys directly on the user's device. These private keys remain solely in the user's hands and at no time fall into the infrastructure operator's hands. To use the encryption, the software simply needs to be installed and users need to identify themselves as part of a simple one-time process. With the initial version, users are identified electronically via the Deutsche Telekom login process or with the aid of an electronic ID card. Users also have the option of registering personally for a range of Fraunhofer SIT events.
Registration is soon to be simplified in subsequent stages, for example those interested will be able to show their ID in Telekom Shops to register for Volksverschlüsselung. Thomas Kremer: "Our priority is to give Volksverschlüsselung a wide footing and have as many users as possible. There is nothing more frustrating than wanting to use encrypted communication, but finding no recipients to do so."
Once released, Volksverschlüsselung is to be developed on a continuous basis. At present, Windows users can use e-mail programs such as Outlook or Thunderbird for encrypted e-mail communications. In further steps, versions for Mac OS X, Linux, iOS and Android are planned. The software initially supports the S/MIME standard; it will also support OpenPGP in a subsequent step.
Fraunhofer SIT and Deutsche Telekom are fulfilling a commitment to bolstering trustworthy communications with Volksverschlüsselung – a commitment that representatives from government, business and science have made with an eponymous charter as part of the 2015 IT Summit. The charter had been developed in the Encryption focus group within the "Building security, protection and trust within society and economy" platform of the IT Summit.
Below we have put together key questions and answers on Volksverschlüsselung. You can find more questions and answers and information about Volksverschlüsselung and encryption in general at www.telekom.com /verschluesselung and www.volksverschluesselung.de.
What is Volksverschlüsselung?
The Fraunhofer SIT has launched an initiative in the shape of Volksverschlüsselung to promote the widespread usage of end-to-end encryption among the general public and thus bolster the protection of electronic communications of consumers and businesses. In releasing the Volksverschlüsselung software, the Fraunhofer SIT as developer and Deutsche Telekom AG as infrastructure operator are launching the first free Volksverschlüsselung service.
What is end-to-end encryption?
End-to-end encryption ensures that a sender encrypts a message in such a way that only the intended recipient can decrypt it again. Even if the message passes through many servers along its route, its content always remains confidential. Cryptography guarantees that.
How does the Volksverschlüsselung software work?
The software first generates cryptographic keys on the user's device; these keys are then used to encrypt and sign e-mails and data. Once the user has entered their registration key or been successfully identified by means of the DTAG Telekom login (corresponds to the login process say at the Customer Center) or an electronic ID card, digital certificates for encryption, authentication and signature are generated at the Volksverschlüsselung trust center.
Once the certificates have been received, the software automatically searches for e-mail programs, browsers and other applications on the user's device that can use cryptography. The keys and certificates are then automatically incorporated into the existing application programs so the certificates can be used.
Following this one-time step, e-mails can be encrypted and signed easily in programs such as MS Outlook and Thunderbird.
What is special about Volksverschlüsselung?
Volksverschlüsselung focuses squarely on user-friendliness. The software automatically carries out all the process steps, starting with key generation, certification, through to setting up and configuring the application programs on the user's various devices. The user no longer has to worry about installing the keys and certificates, or configuring the applications. Users with only limited technical know-how can therefore encrypt their e-mails and data with relative ease.
What costs/charges are incurred?
Private users can use the infrastructure and software free of charge.
Can Volksverschlüsselung also be used with webmail?
Volksverschlüsselung issues X.509 certificates and therefore supports all S/MIME-capable e-mail clients. Integration with webmail services depends on each provider and requires collaboration with the service providers. Fraunhofer SIT aims to promote close collaboration with service providers so that e-mail encryption is widely adopted and also becomes the norm on the web.
What is S/MIME?
S/MIME stands for Secure / Multipurpose Internet Mail Extensions, i.e. an international standard that stipulates how encrypted e-mails are sent. S/MIME uses X.509 certificates.
Can Volksverschlüsselung also be used via apps on mobile devices?
Volksverschlüsselung has initially been designed for Windows PCs. In future, the encryption software should also be as easy to use on mobile devices as it is initially for Windows. The plan is to develop versions for Android and iOS, see next question.
On which systems does the Volksverschlüsselung software run?
The software is only available for Windows so far. Versions for Mac OS X, Linux, iOS and Android are planned.
Will it be possible to check Volksverschlüsselung for backdoors?
Yes. We aim to provide all interested parties with free access to the source code. This way experts can check for themselves that there are no backdoors in the software. Moreover, we will also publish the communications protocol via which the Volksverschlüsselung software communicates with the trust center.
Why do I have to identify myself?
Volksverschlüsselung issues high-quality class 3 certificates. A key security feature of these certificates is that the certificate holder's identity can be reliably established as part of certification.
What applications are supported?
Volksverschlüsselung generates certificates that can be used by all e-mail clients, browsers and web applications that support X.509. The new software currently enables the e-mail clients MS Outlook and Thunderbird, as well as the browsers Internet Explorer, Chrome and Firefox to be configured automatically to use the certificates. Automatic integration is planned for further applications, as well as support for OpenPGP in a subsequent release.
What is the difference between encrypting and signing a message?
An encrypted message is a message that cannot be read at all during transport. Only the message recipient can decrypt the message, i.e. "enable it to be read." A signed e-mail uniquely clarifies the authorship of an e-mail. In other words, e-mails can no longer be sent under a false name or bogus e-mail address.
Can I help further develop Volksverschlüsselung?
Yes. To do so, please contact Fraunhofer SIT (email@example.com).