How does it work?

From server perspective, Lacre works as a postfix (SMTP server) filter. All incoming emails are passed to the flter that then checks whether a GPG key is present in the database for given recipient. If key is present, email is being enrypted with the public key of the recipient and passed to further to IMAP server that then saves it on to the mailbox. If incoming email is already encrypted or recipient key is missing, Lacre does nothing and forwards the email to IMAP server.

From user perspective. In order to encrypt the mailbox, user must generate PGP encryption key pair. That set of keys consists of a private key used to decrypt emails and public key, which is widely shared with anyone and it is used to encrypt emails addressed to the user. Lacre requires only public key. This key is then used against all incoming emails addressed to the user to encrypt emails. User can decrypt and read the emails only if he has access to the private key. This means he must use pgp enabled email cient and needs to have the private key present on the device. Without the key it is practically impossible to obtain the content of the email.

what are known Issues and limitations?

There is no such thing as 100% safe and secure solution and anyone claiming otherwise is just laying. Lacre isn’t “golden solution” and does come with some drawbacks. While it does protect emails at rest (those that have been recieved and encrypted with lacre), it does not fully protect emails in transit. Unless email is end to end encrypted between both sender and recipient, there is a brief moment between plain text email arriving to the server and when Lacre does it’s job to secure it. This applies to all encrypted email solutions outthere btw. even if they don’t tell you that. That means emails could be potentially intercepted in realtime. This is why trusting your mail service provider is important!

Lacre does not protect your metadata. Email is a service that exchange a lot of metadata. Depending on your service provider, you might be sharing a lot of data with others including your IP address, mail client software used, time of sending, topic, to whom email was sent etc. In order to keep to standards, not all of that information is and can be encrypted. Currently Lacre does take care of topic encryption and we are looking for possibilities to encrypt all possible metadata. Although from software perspective this could be achieved by Lacre already now, it all depends on email client software and what is the golden standard. We hope in the future more and more metadata will be covered by Lacre.

GPG requires your private key to be able to decrypt emails. If you loose your key you loose access to the encrypted emails with that key. That means you won’t be able to decrypt emails that are already encrypted. Lacre does give you the possibility to reset your configuration on the server by removing the key or uploading a new one, but that change applies only to the future emails. This also provides drawback when it comes to forward secrecy which Lacre odes not provide. This means that if your key becomes compromised, all part communication using that key will be decryptable.