Solution | EEZY KEYZ

EEZY KEYZ^® Email Encryption System

There have been different email encryption products available since the 1990s. However, the reliable solutions have been too complex to take in use and too difficult to use for end-users. During recent years different cloud-based encryption providers have introduced user-friendly and convenient solutions. Unfortunately, these cloud-based solutions do not offer high-enough security level and control for the demanding customers. As a result, many organizations have prohibited the use of email and have decided to rely on alternative systems when communicating confidential information. Secure alternative systems are often less efficient and user-friendly than email, so confidential information tends to end up in the email in spite of prohibitions.

EEZY KEYZ® has been developed as a military-grade encryption solution while simultaneously being as user-friendly as normal email. It is easy-to-adopt, operate and use on customer’s existing hardware. The customer-tailored and dedicated encryption system brings a lot of benefits. Firstly, there is no need to depend or trust cloud providers or service providers. The customer stays in complete control of its data, including email messages, attachments and encryption keys. This helps avoiding political risks relating to encryption products; in many countries’ vendors can be forced to turn over encryption keys to the authorities. With EEZY KEYZ® this is not possible because only the customer has access to the keys.

It is possible to tailor the system features to perfectly match customer’s needs; including the backend system features, encryption application features, used algorithms, etc. The result is an encryption system which allows easy, quick and secure way to deliver confidential information in any format (image, video, documents, etc.) whenever and wherever.

How it works

0. Users’ encryption keys are automatically stored on the key server when users register to the system.
1. When user inserts the message recipients, the encryption client software automatically retrieves the public keys of the recipients from the key server.
2. User composes the email message normally. The software automatically encrypts all messages and attachments and digitally signs the messages by default.
3. User sends the email normally without any extra steps. The encrypted email messages pass through company email servers like any other messages.
4. Receivers receive the encrypted email in their inbox like any other email.
5. The message is automatically decrypted on user’s device temporarily when viewed. The message and attachments are stored encrypted both on the user’s device and email server.

Technical overview

The EEZY KEYZ® system consists of encryption clients and the backend system. For Android and iOS there are standalone EEZY KEYZ® email clients. For the desktop there will be an EEZY KEYZ® Outlook Plugin and Firefox and Chrome browser extensions later in 2019. All of these clients are compatible with each other in regards of encrypting and decrypting emails.

The clients handle the creation of the ECC keys and encryption and decryption of the email messages and attachments automatically, while the backend system handles the storing and delivering of the required ECC keys. The private ECC keys are stored encrypted with AES 256-bit encryption. They are only available to the correct users who know the passphrase which is used to decrypt the private key. The public ECC keys are available to all users. The email messages and related data are encrypted with AES 256, while the ECC is used to encrypt the used AES keys.

Encryption

The default encryption of the EEZY KEYZ® system utilizes Elliptic Curve Cryptography and Advanced Encryption Standard. The used default algorithms and curve are listed below:

The used symmetric encryption algorithm is AES-GCM 256
The used public-key cryptography uses EC keys. The used cryptography schemes are ECDH for shared secret generation between users and ECDSA signature to validate sender authenticity encryption. The default EC curve is secp256r1 offering 128 bits of security.
The used signature algorithm is ECDSA-SHA2-512
The used hash algorithm is SHA2-512
Messages and attachments are also stored locally encrypted
The message-related metadata is also encrypted and only the information retrieved from the encrypted container is regarded as trusted

Backend system

The EEZY KEYZ® backend system functions as the key exchange and key storage system. The encryption clients communicate automatically with the backend system. The default backend system is as follows:

The Customer Admin handles the user and key management through the Admin portal running on the backend system:

Addition/Creation & deletion of users
Activation, Deactivation & Destruction of the encryption keys
Adjustable encryption key lifecycle (Admin decides the length of the active period of the newly generated keys)

The backend system runs in Docker containers:

The backend system requires minimal maintenance (certificate renewal & installing updates)

Default logging:

Changes in the encryption key states & timestamps of each Private key fetch

enterprise

Customer-tailored EEZY KEYZ®

Contact our sales for more information!

Send a request

EEZY KEYZ® technology

Read our white paper!

Download

Important cookie information

To measure the traffic on our website in order to improve our site and give you the best possible experience, this site uses cookies that don’t collect personal information. Our website will issue cookies unless you adjust your browser setting to refuse cookies. Turning off cookie functionality on your browser may affect your ability to access and/or use certain parts of our website. Please read our Privacy and cookie policy for more information.