Encrypted email service VirTru

AES256bit email encryption with VirTru

VirTru is a free browser addon and mobile app to securely encrypt your email messages using the Advanced Encryption Standard 256-bit algorithm, a worldwide standard encryption cipher that is believed to be uncrackable. Encryption takes place in your computer, VirTru’s servers never have access to the unencrypted data but they hold the decryption key, they manage it to facilitate email reading to the authorised party.

Email encryption keys have perfect forward secrecy, a scheme with unique decryption keys for each message, if one of them were to be compromised, it could only be used to read an specific message and not everything in the inbox.

VirTru browser addon integrates amiably with Yahoo, Gmail and Outlook, it also works with other services but in Gmail a blue bar on top of the compose window lets you know that you are writing a secure email with VirTru and it has the option to stop message forwarding and set an expire date from within the window. VirTru stops messages from being readable after the date you set by blocking access to the decryption keys stored in their server.

Encrypted email service VirTru
Encrypted email service VirTru

If the person receiving the message does not have Virtru installed he will be asked to sign up for an account to be able to read it. Another option the receiver has is to use VirTru’s secure virtual reader, a Javascript viewer embedded in your Internet browser to read encrypted messages, this will not require them to install anything and it contains a link to VirTru addon in case they wish to install it to reply securely to the email. You can use OpenID or OAuth protocols to verify your identity with existing email providers, this saves time but I doubt too many people in corporate environments know what it is or have an OpenID.

One of the company’s founder is a former NSA employee and, although rejecting mass surveillance, they are open about providing your encryption keys to the US government if they are served with a court order, although since VirTru does not hold the data and only has the decryption keys, the government would need both. Not very difficult to do since Yahoo, Gmail and Outlook are all wiretapped by the NSA. This is clearly a tool with faith that the US government will not to abuse their espionage powers and that breaks the deal for me, it is understandable that a company will abide by court orders and that is why some security providers no longer hold customers decryption keys

I personally would stay away from any company holding the encryption keys for me, it makes life easier but if your information is so important that you need bullet proof encryption, the risk of the decryption keys being compromised it is too high when they are in somebody else hands. As an individual Countermail would be a better choice and for businesses, ProtonMail has high protection against government spying.

If you want a free email encryption solution there is always rolling your own OpenPGP keys which is not that hard to do with extensions like Mailvelope.

Visit Virtru homepage

Leave a Reply

Your email address will not be published. Required fields are marked *