Sipher
Sipher

End-to-End Encryption

SipherMail's end-to-end encryption (E2EE) protocol is called SIPHER-E2EE-V1. It uses RSA-OAEP 4096-bit for key exchange and AES-256-GCM for message encryption — all performed client-side in your browser or mobile app. We never see your unencrypted messages or private keys.

How it works

  1. Key generation: When you enable E2EE, your browser generates an RSA-OAEP 4096-bit key pair using the Web Crypto API. The private key never leaves your device in unencrypted form.
  2. Key storage: The private key is encrypted with AES-256-GCM using a key derived from your passphrase (PBKDF2, 310,000 iterations, SHA-256, 256-bit key). The encrypted private key is stored on SipherMail's servers.
  3. Sending: When you send an E2EE email, the message body is encrypted with a random AES-256-GCM session key. That session key is then encrypted with each recipient's RSA-OAEP public key. The server stores only ciphertext.
  4. Receiving: Your browser fetches the encrypted email, decrypts the session key using your RSA private key (unlocked with your passphrase), then decrypts the message body with the session key.

Enable E2EE

  1. Go to Settings → Security → End-to-End Encryption.
  2. Click Enable E2EE.
  3. Choose a strong passphrase. This is separate from your login password. Write it down — there is no recovery if lost.
  4. Your key pair is generated and the encrypted private key is uploaded to the server.
  5. Share your public key fingerprint with contacts you want to exchange E2EE email with.

⚠️ Passphrase warning

Your E2EE passphrase cannot be recovered if lost. There is no "forgot passphrase" option. If you lose your passphrase, you will permanently lose access to all E2EE-encrypted messages. Store your passphrase in a password manager.

Multi-recipient encryption

E2EE emails can be sent to multiple recipients. Each recipient's public key is used to encrypt a copy of the session key. Recipients without a SipherMail public key receive a standard (non-E2EE) fallback copy of the email.

Mobile parity

E2EE is fully supported on iOS and Android. The same SIPHER-E2EE-V1 protocol runs in the mobile apps. You can read and compose E2EE emails on any device where you've unlocked your private key with your passphrase.

E2EE vs server-side encryption

All mailbox data is encrypted at rest on SipherMail servers (server-side encryption). E2EE goes further: messages are encrypted before they leave your device, so even SipherMail cannot read them. E2EE is optional and must be explicitly enabled.

Next steps

    SipherMail - Your Mail. Your Cipher.