How does it work?

From user perspective. In order to encrypt the mailbox, the user must generate a PGP encryption key pair. That set of keys consists of a private key used to decrypt emails and a public key, which is widely shared with anyone and it is used to encrypt emails addressed to the user. Lacre requires only the public key. This key is then used against all incoming emails addressed to the user to encrypt emails. Users can decrypt and read the emails only if they have has access to the private key. This means they must use a pgp enabled email client and needs to have their private key presents on the device. Without the key it is practically impossible to obtain the content of the email.

From server perspective, Lacre works as a postfix (SMTP server) filter. All incoming emails are passed to the filter that then checks whether a GPG key is present in the database for a given recipient. If a key is present, the email is being encrypted with the recipient's public key and transmitted to the IMAP server that then saves it on to the mailbox. If the incoming email is already encrypted or the recipient key is missing, Lacre does nothing and forwards the email to the IMAP server.

What are known Issues and limitations?

There is no such thing as 100% safe and secure solution and anyone claiming otherwise is just laying. Lacre isn’t a "silver bullet" and does come with some drawbacks. While it does protect emails at rest (those that have been recieved received and encrypted with Lacre), it does not fully protect emails in transit. Unless email is end-to-end encrypted between both sender and recipient, there is a brief moment between when plain text email arrives to the server and when Lacre does its job to secure it. This applies to all encrypted email solutions outthere by the way. Even if they don’t tell you that. That means emails could potentially be intercepted in realtime. This is why trusting your mail service provider is important!

Lacre does not protect your metadata. Email is a service that exchanges a lot of metadata. Depending on your service provider, you might be sharing a lot of data with others including your IP address, mail client software used, time of sending, subject, recipient, etc. In order to keep to standards, not all of that information is and can be encrypted. Currently Lacre does take care of subject encryption and we are looking for possibilities to encrypt all possible metadata. Although from a software perspective this could be achieved by Lacre already, it all depends on email client software and what the gold standard is. We hope in the future that more and more metadata will be covered by Lacre.

Warning: GPG requires your private key to be able to decrypt emails. If you lose your key you lose access to the encrypted emails with that key. That means you won’t be able to decrypt emails that are already encrypted. Lacre does give you the possibility to reset your configuration on the server by removing the key or uploading a new one, but that change applies only to the future emails. This is also a drawback when it comes to forward secrecy, which Lacre odes does not provide. This means that if your key becomes compromised, all past communication using that key will be decryptable.