Frequently Asked Questions

SecureDolphin combines symmetric-key encryption and public-key encryption. E-mail messages are encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once. The encrypted message is sent to the receiver along with the one-time symmetric key. In order to protect the symmetrics key during transmission, it is encrypted with the receiver's public key. Only the private key belonging to the receiver can decrypt the symmetric key. Given that the message is encrypted with the symmetric key, only the intended recipient of the message, who has the private key, can decrypt and read the E-mail

Pretty Good Privacy (PGP) is a data encryption software and standard created by Phil Zimmermann in 1991. It relies on the same kind of cryptographic mechanisms as SecureDophin. However, a fundamental flow in PGP standard is the lack of secure and reliable mechanisms for exchanging keys between two parties, willing to engage in an E-mail exchange. SecureDolphin solves that problem!

When encrypting messages it is critical that the public key used to send messages to someone actually does 'belong' to the intended recipient. In order to establish the authenticity of the key, PGP relies on a "web of trust" - participants of web of trust vouch for each other, i.e. assert authenticity of the public key belonging to given recipient. That causes several major problems that have no satisfactory resolution in the realm of PGP but are addressed with SecureDolpin.

The first problem with PGP is that the integrity of the web of trust relies prudent and security concious behavior of individual participants. As the web of trust grows bigger, so does the likelyhood of vouching for a public key that is not tied to the individual, being vouched for. That may happen unintentionally due to genuine confusion or as a result of deliberate action by dishonest participant. It may also happen due to participant falling victim of malicious third party.

The second issue with PGP is that new participants in the web of trust struggle to find sufficiently large number of existing participants, who would vouch for their authenticity. Indeed, prudent participants would refuse to vouch for newcomers, who they have not personally met.

SecureDolphin uses fundamentally better and more secure key public key delivery mechanism - NameCoin network. NameCoin provides publicly accessible and tamperproof storage for small bits of information. SecureDolphin utilizes NameCoint for association of E-mail addresses with their corresponding public keys.

During the registration, the public key of SecureDolphin user is posted in the NameCoin network. The corresponding private key is securely stored in user's browser. Those, willing to send an E-mail to SecureDolphin registered account, use the SecureDolphin extension to lookup recipients public key in NameCoin and do one-click encryption of the E-mail message, entered in their web mail system.

NameCoin is a distributed network similar to BitCoin. BitCoin provides centralized, easily accessible and tamper proof ledger for funds, held by network participants. NameCoin provides similar ledger, except for names, registered by participants. For example, participant in NameCoin network may register her or his E-mail address, domain name, social network handle etc. he or she may also associate the name with a public key that can be used for establishment of secure communication with them. SecureDolphin enables quick and easy name registration in NameCoin network as well as encryption and decryption of messages, using keys attached to names.

NO ONE! Your private key, generated during registration with SecureDolphin, never reaches our servers or transmitted over network. Only you have it. Messages, sent to you can't be decrypted without that key.