Tutanota wants to offer web calendar with end-to-end encryption
Tutanota plans to release an online calendar in 2016 that uses end-to-end encryption. The Germany-based company believes that encryption is becoming increasingly important for privacy. That is why it wants to offer an encrypted alternative to, for example, Google Apps.
The company argues that companies such as Google and Microsoft should not have access to private data such as doctor’s appointments. Because of this, it wants to release a web calendar that uses end-to-end encryption. By performing the encryption locally before synchronizing the data to the server, only the user should be able to access the data.
Tutanota has some experience in bringing services with end-to-end encryption. It already offers a secure e-mail service. Tutanota also wants to eventually release a complete set of services that can compete with, for example, Google Apps. The company uses a GPL v3 license for the e-mail service. With the accompanying app for Android and iOS, this service can also be used on devices other than the PC. According to Tutanota, the encryption and decryption of data is done locally at the time of login.
For the email encryption, the service uses aes128 and 2048bit rsa. When a user registers with the service, a private key and a public key are generated locally. Its private key is encrypted with the registered password. Independent of the end-to-end encryption, the transport of the e-mail between the user and the Tutanota server is secured with ssl and dns-based Authentication of Named Entities. In the future, the company plans to add two-factor authentication.