Corporate Responsibility

Volksverschluesselung: secure e-mail for Germany

  • Share
    Two clicks for more data privacy: click here to activate the button and send your recommendation. Data will be transfered as soon as the activation occurs.
  • Print
  • Read out
Symbolbild mit Schloss zur Volksverschlüsselung, eine Kooperation vom Fraunhofer-Institut SIT und der Telekom.

Die Deutsche Telekom und das Fraunhofer-Institut für Sichere Informationstechnologie SIT bieten eine einfache Möglichkeit zur Verschlüsselung von E-Mails für jedermann an.

Secure end-to-end-encryptionfor everybody from now on: End-to-end encryption for everyone: Deutsche Telekom and the Fraunhofer Institute for Secure Information Technology (SIT) offer their Volksverschluesselung software from now on in Germany.

The Volksverschluesselung service will allow Windows users to make their own computer encryption-capable with just a few clicks. The software can be downloaded at www.volksverschluesselung.de for free. The source text can also be viewed there.The user-friendly software was developed by the Fraunhofer SIT and the corresponding infrastructure is operated by Deutsche Telekom in a high-security data center.

Important factor for digital autonomy

"Encryption is the basis for autonomous digital communication. We are supporting Volksverschluesselung as an important factor in this autonomy and are stepping up to our digital responsibility in doing so," said Thomas Kremer, Board member for Data Privacy at Deutsche Telekom, in Berlin. "Burying your head in the sand and thinking 'no-one is interested in my e-mails anyway' makes users easy prey. We want people to take responsibility for their digital communications," he continued.

Prof. Michael Waidner, Head of Fraunhofer SIT: "Volksverschluesselung allows people to improve their digital autonomy and protect themselves against unwanted mass surveillance. With our new service, we are supporting the government's digital agenda and meeting the requirements of the charter to strengthen trustworthy communication which was presented and signed by representatives from business, science and government at the last IT Summit."

Volksverschluesselung generates cryptographic keys

Volksverschluesselung is software which generates both the required cryptographic keys, as well as suitably configuring the users' e-mail programs. For the actual encryption most users do not need a new program; most e-mail programs support encryption out of the box if suitable keys are available. Thus even unexperienced users can send encrypted e-mails.

Keys solely in the user’s hands

Volksverschluesselung generates the cryptographic keys directly on the user's device. These private keys remain solely in the user's hands and at no time fall into the infrastructure operator's hands. To use the encryption, the software simply needs to be installed and users need to identify themselves as part of a simple one-time process. With the initial version, users are identified electronically via the Deutsche Telekom login process or with the aid of an electronic ID card. Users also have the option of registering personally for a range of Fraunhofer events.

Registration is soon to be simplified

Registration is soon to be simplified in subsequent stages, for example those interested will be able to show their ID in Telekom Shops to register for Volksverschluesselung. Thomas Kremer: "Our priority is to give Volksverschluesselung a wide footing and have as many users as possible. There is nothing more frustrating than wanting to use encrypted communication, but finding no recipients to do so."

Volsverschluesselung is to be developed continuously

Once released, Volksverschluesselung is to be developed on a continuous basis. At present, Windows users can use e-mail programs such as Outlook or Thunderbird for encrypted e-mail communications. In further steps, versions for Mac OS X, Linux, iOS and Android are planned. The software initially supports the S/MIME standard; it will also support OpenPGP in a subsequent step.

Commitment to trustworthy communication

Fraunhofer SIT and Deutsche Telekom are fulfilling a commitment to bolstering trustworthy communications with Volksverschluesselung – a commitment that representatives from government, business and science have made with an eponymous charter as part of the 2015 IT Summit. The charter had been developed in the Encryption focus group within the "Building security, protection and trust within society and economy" platform of the IT Summit.

Below we have put together key questions and answers on Volksverschluesselung. You can find more questions and answers and information about Volksverschluesselung and encryption in general at www.telekom.com/verschluesselung and www.volksverschluesselung.de.

FAQ

The Fraunhofer SIT has launched an initiative in the shape of Volksverschlüsselung to promote the widespread usage of end-to-end encryption among the general public and thus bolster the protection of electronic communications of consumers and businesses. In releasing the Volksverschlüsselung software, the Fraunhofer SIT as developer and Deutsche Telekom AG as infrastructure operator are launching the first free Volksverschlüsselung service.

Encryption allows users to give additional protection to sensitive personal data, such as medical or financial information. The end-to-end security provided by Volksverschlüsselung also ensures that users maintain their digital autonomy.

End-to-end encryption ensures that a sender encrypts a message in such a way that only the intended recipient can decrypt it again. Even if the message passes through many servers along its route, its content always remains confidential. Cryptography guarantees that.

The software first generates cryptographic keys on the user's device; these keys are then used to encrypt and sign e-mails and data. Once the user has entered their registration key or been successfully identified by means of the DTAG Telekom login (corresponds to the login process say at the Customer Center) or an electronic ID card, digital certificates for encryption, authentication and signature are generated at the Volksverschlüsselung trust center.

Once the certificates have been received, the software automatically searches for e-mail programs, browsers and other applications on the user's device that can use cryptography. The keys and certificates are then automatically incorporated into the existing application programs so the certificates can be used.

Following this one-time step, e-mails can be encrypted and signed easily in programs such as MS Outlook and Thunderbird.

Volksverschlüsselung focuses squarely on user-friendliness. The software automatically carries out all the process steps, starting with key generation, certification, through to setting up and configuring the application programs on the user's various devices. The user no longer has to worry about installing the keys and certificates, or configuring the applications. Users with only limited technical know-how can therefore encrypt their e-mails and data with relative ease.

Private users can use the infrastructure and software free of charge.

Volksverschlüsselung issues X.509 certificates and therefore supports all S/MIME-capable e-mail clients. Integration with webmail services depends on each provider and requires collaboration with the service providers. Fraunhofer SIT aims to promote close collaboration with service providers so that e-mail encryption is widely adopted and also becomes the norm on the web.

S/MIME stands for Secure / Multipurpose Internet Mail Extensions, i.e. an international standard that stipulates how encrypted e-mails are sent. S/MIME uses X.509 certificates.

Volksverschlüsselung has initially been designed for Windows PCs. In future, the encryption software should also be as easy to use on mobile devices as it is initially for Windows. The plan is to develop versions for Android and iOS, see next question.

The software is only available for Windows so far. Versions for Mac OS X, Linux, iOS and Android are planned.

Yes. We aim to provide all interested parties with free access to the source code. This way experts can check for themselves that there are no backdoors in the software. Moreover, we will also publish the communications protocol via which the Volksverschlüsselung software communicates with the trust center.

Volksverschlüsselung issues high-quality class 3 certificates. A key security feature of these certificates is that the certificate holder's identity can be reliably established as part of certification.

Volksverschlüsselung generates certificates that can be used by all e-mail clients, browsers and web applications that support X.509. The new software currently enables the e-mail clients MS Outlook and Thunderbird, as well as the browsers Internet Explorer, Chrome and Firefox to be configured automatically to use the certificates. Automatic integration is planned for further applications, as well as support for OpenPGP in a subsequent release.

An encrypted message is a message that cannot be read at all during transport. Only the message recipient can decrypt the message, i.e. "enable it to be read."

A signed e-mail uniquely clarifies the authorship of an e-mail. In other words, e-mails can no longer be sent under a false name or bogus e-mail address.

FAQ