Sichere Kommunikation - Einfach zu Bedienen (German)
The Fraunhofer SIT has launched an initiative in the shape of Volksverschlüsselung to promote the widespread usage of end-to-end encryption among the general public and thus bolster the protection of electronic communications of consumers and businesses. In releasing the Volksverschlüsselung software, the Fraunhofer SIT as developer and Deutsche Telekom AG as infrastructure operator are launching the first free Volksverschlüsselung service.
Encryption allows users to give additional protection to sensitive personal data, such as medical or financial information. The end-to-end security provided by Volksverschlüsselung also ensures that users maintain their digital autonomy.
End-to-end encryption ensures that a sender encrypts a message in such a way that only the intended recipient can decrypt it again. Even if the message passes through many servers along its route, its content always remains confidential. Cryptography guarantees that.
The software first generates cryptographic keys on the user's device; these keys are then used to encrypt and sign e-mails and data. Once the user has entered their registration key or been successfully identified by means of the DTAG Telekom login (corresponds to the login process say at the Customer Center) or an electronic ID card, digital certificates for encryption, authentication and signature are generated at the Volksverschlüsselung trust center.
Once the certificates have been received, the software automatically searches for e-mail programs, browsers and other applications on the user's device that can use cryptography. The keys and certificates are then automatically incorporated into the existing application programs so the certificates can be used.
Following this one-time step, e-mails can be encrypted and signed easily in programs such as MS Outlook and Thunderbird.
Volksverschlüsselung focuses squarely on user-friendliness. The software automatically carries out all the process steps, starting with key generation, certification, through to setting up and configuring the application programs on the user's various devices. The user no longer has to worry about installing the keys and certificates, or configuring the applications. Users with only limited technical know-how can therefore encrypt their e-mails and data with relative ease.
Volksverschlüsselung issues X.509 certificates and therefore supports all S/MIME-capable e-mail clients. Integration with webmail services depends on each provider and requires collaboration with the service providers. Fraunhofer SIT aims to promote close collaboration with service providers so that e-mail encryption is widely adopted and also becomes the norm on the web.
S/MIME stands for Secure / Multipurpose Internet Mail Extensions, i.e. an international standard that stipulates how encrypted e-mails are sent. S/MIME uses X.509 certificates.
Volksverschlüsselung has initially been designed for Windows PCs. In future, the encryption software should also be as easy to use on mobile devices as it is initially for Windows. The plan is to develop versions for Android and iOS, see next question.
Yes. We aim to provide all interested parties with free access to the source code. This way experts can check for themselves that there are no backdoors in the software. Moreover, we will also publish the communications protocol via which the Volksverschlüsselung software communicates with the trust center.
Volksverschlüsselung issues high-quality class 3 certificates. A key security feature of these certificates is that the certificate holder's identity can be reliably established as part of certification.
Volksverschlüsselung generates certificates that can be used by all e-mail clients, browsers and web applications that support X.509. The new software currently enables the e-mail clients MS Outlook and Thunderbird, as well as the browsers Internet Explorer, Chrome and Firefox to be configured automatically to use the certificates. Automatic integration is planned for further applications, as well as support for OpenPGP in a subsequent release.
An encrypted message is a message that cannot be read at all during transport. Only the message recipient can decrypt the message, i.e. "enable it to be read."
A signed e-mail uniquely clarifies the authorship of an e-mail. In other words, e-mails can no longer be sent under a false name or bogus e-mail address.