What is end-to-end encryption?

PostGuard offers end-to-end encryption (E2EE) to increase the security of email and file sharing. Before sending an email or sharing a file, the email or file is encrypted. This means that the email or file is transformed in such a way that only authorized parties can decrypt it. Only the intended recipients can decrypt the email or file using a special secret key. “End-to-end”-part of E2EE means that the files and emails are encrypted in transit, from sender to receiver.

How does identity-based encryption work?

PostGuard uses Identity-Based Encryption (IBE), which is a type of encryption that is easier to use than traditional public-key encryption. In particular, it addresses two problems: key management and recipient authentication. In traditional public-key encryption, each recipient has her own public key, which needs to be located and authenticated by the sender before it can be used to encrypt. In identity-based encryption, the public keys are generated directly from the identity of the recipient. The sender only needs to locate one master public key, and can encrypt any messages under any recipient's identity. To decrypt, the recipient then needs to authenticate herself to a trusted third party, which moves away the responsibility of authenticating the recipient from the sender.

What is Yivi and why does PostGuard use it?

To decrypt and read encrypted emails and files, recipients only need to prove that they really are the intended recipient. This is done with the authentication app Yivi. PostGuard uses Yivi because it is a free, easy-to-use and privacy-friendly authentication app. Moreover, Yivi offers attribute-based authentication. This means that recipients are able to selectively disclose specific attributes (like having an email address, phone number or surname) of an email or file.