Why Joanie Can Encrypt: Easy Email Encryption with Easy Key Management

Email privacy is of crucial importance. Existing email encryption approaches are comprehensive but seldom used due to their complexity and inconvenience. We take a new approach to simplify email encryption and improve its usability by implementing receiver-controlled encryption: newly received messages are transparently downloaded and encrypted to a locally-generated key; the original message is then replaced. To avoid the problem of moving a single private key between devices, we implement per-device key pairs: only public keys need be synchronized via a simple verification step. Compromising an email account or server only provides access to encrypted emails. We implemented this scheme on several platforms, showing it works with PGP and S/MIME, is compatible with widely used mail clients and email services including Gmail, has acceptable overhead, and that users consider it intuitive and easy to use.

• Publication year

  2019

• Venue

  European Conference on Computer Systems

• Publication date

  2019-03-25

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1145/3302424.3303980
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• IMAP REPLACE Extension

  2019cited by this paper
• Confidante: Usable Encrypted Email: A Case Study with Lawyers and Journalists

  2017cited by this paper
• Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client

  2015cited by this paper
• "We're on the Same Page": A Usability Study of Secure Email Using Pairs of Novice Users

  2015cited by this paper
• Private Webmail 2.0: Simple and Easy-to-Use Secure Email

  2015cited by this paper
• IMAP Extensions: Quick Flag Changes Resynchronization (CONDSTORE) and Quick Mailbox Resynchronization (QRESYNC)

  2014cited by this paper
• Confused Johnny: when automatic encryption leads to confusion and mistakes

  2013cited by this paper
• SafeSlinger: easy-to-use and secure public-key exchange

  2013cited by this paper
• STEED — Usable End-to-End Encryption

  2011cited by this paper
• Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification

  2010cited by this paper
• Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

  2008cited by this paper
• SSARES: Secure Searchable Automated Remote Email Storage

  2007cited by this paper
• google,我,萨娜

  2006cited by this paper
• Securely Available Credentials (SACRED) - Credential Server Framework

  2004cited by this paper
• Remembrance of Data Passed: A Study of Disk Sanitization Practices

  2003cited by this paper
• Enabling Email Confidentiality through the use of Opportunistic Encryption

  2003cited by this paper
• Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0

  1999influential reference
• OpenPGP Message Format

  1998cited by this paper
• Whole-word phonetic distances and the PGPfone alphabet

  1996cited by this paper
• Internet Message Access Protocol - Version 4rev1

  1994cited by this paper
• DEPARTMENT OF HEALTH & HUMAN SERVICES

  1991cited by this paper
• Developer

  year unknowncited by this paper

• Encryption Struggles Persist: When Tech-Savvy Students Face Challenges with PGP in Thunderbird

  2025cites this paper
• VeracOS: An operating system extension for the veracity of files

  2025cites this paper
• Systematic Literature Review: Key Management Service For Securing Encryption Key

  2023cites this paper
• Chapter 8 Privacy-Enhancing Technologies

  2022cites this paper
• Easy Encryption for Email, Photo, and Other Cloud Services

  2021cites this paper
• Tap: an app framework for dynamically composable mobile systems

  2021cites this paper
• Encrypted cloud photo storage using Google photos

  2021cites this paper
• Making It Easier to Encrypt Your Emails

  2019cites this paper