The private testing has started!

Pages White paper

Please, mind this article is being drafted or rewritten and may contain imperfections. It has not been yet reviewed for final publication.

The primary goal of this paper is to provide a more in-depth look into how Liverado operates. Liverado is an encrypted email service that seeks to give a higher level of security and privacy than standard email services. To do this, Liverado uses end-to-end encryption algorithms to ensure that no unencrypted data is ever sent to the servers.

Introduction

This article's primary goal is to gain a deeper understanding of how Liverado operates.

Liverado is a secure encrypted email service designed to provide higher security and privacy than standard email services.

To do this, Liverado uses a combination of end-to-end encryption with a zero-access encryption algorithm to ensure that no unencrypted data is sent to the server. If the server exclusively stores encrypted data, the chances of your email being intercepted and read by others are virtually zero.

Security features

Liverado has implemented some features to protect the privacy of our users better:

  • Our servers are located in Switzerland.

  • We only use physical servers to protect your data (cloud servers are prone to legal and unauthorized access risks).

  • Once you click "Delete", your data will be permanently deleted. Singapore's PDPA does not specify a specific period for data retention.

  • HTTP Strict Transport Security (HSTS ensures that you can only access our website via HTTPS using an encrypted connection to prevent anyone from reading and tampering with your communication with our website Connection.

  • Subresource Integrity (SRI) verifies that the JavaScript code used by our website has not been tampered with when the website is loaded.

  • We do not require any personally identifiable information to create an account. You can complete registration anonymously.

  • We do not log, monitor, store, log or share any of your submissions (such as IP address).

  • We support anonymous payments using Bitcoin (BTC) and Monero (XMR).

  • You can access Liverado over the Tor network.

Account creation

When a user registers on Liverado, a PGP key pair is generated, using the account's password as the password for the private key.

We use the OpenPGP.js library for encryption.

Please refer the process:

A process of generate a encryption key

(Source: OpenPGP.js)

And we use Elliptic Curve Cryptography (ECC), specifically Ed25519 IETF Recommended Algorithm.

Implementations must implement Ed25519 for use with EdDSA and Curve25519 for use with ECDH.

In cryptography, Curve25519 is an elliptic curve that provides 128-bit security (256-bit key size). It is designed for use with the Elliptic Curve Diffie-Hellman (ECDH) key agreement scheme. It is one of the fastest ECC curves and is not part of any known patent.

Compared to RSA, it provides faster encryption and decryption at a lower performance cost.

Account passwords are encrypted using a salted hash (explained further) before being sent to the server using Secure Remote Password version 6 (SRPv6) protocol.

Authentication

When you log in with your password, the password is hashed and sent to the backend for verification. This way, even if someone is spying on that network, they won't be able to access your credentials anytime.

For adding security, we also offer the option to enable multi-factor authentication (MFA).

Message encryption and decryption

How to send encrypted messages to other Liverado recipients

  1. The Liverado user composes a message.

  2. The Liverado system will retrieve the public keys of the recipient from the servers and encrypt the message using the public keys.

  3. The encrypted message is sent to the servers.

  4. The Liverado recipient receives the encrypted message and decrypts the message using the private key.

  5. The servers store an encrypted copy of the sent message in the sender's sent folder. At the same time, the servers store an encrypted copy of the received message in the recipient's inbox folder.

Note: Only the recipient can decrypt the message.

How to send unencrypted (normal) messages to non-Liverado recipients

  1. The Liverado user composes a message.
  2. The message is sent to the servers in clear text.
  3. The servers sends a plain text message to a non-Liverado recipient. At the same time, the servers encrypts the message for Liverado users (The server stores encrypted copies of sent messages under your sent folder).

How to send an encrypted (password protected) message to non-Liverado recipients

If a Liverado user wants to send encrypted messages to non-Liverado users, a password-protected email can be used. This is a fully end-to-end encrypted communication with non-Liverado users.

  1. The Liverado user will need to preset a password for the message. The message will be zero-knowledge symmetric encryption using the provided cypher.

  2. The recipient will receive an email with a secure link.

  3. When the recipient clicks on the link, the internet browser will open the Liverado web client, where they will be asked to enter the password (set in step 1) the sender used to encrypt the message.

  4. After entering the correct password, the content of the email will be decrypted, allowing the recipient to read the email.

Note: The recipients does not need a Liverado account to reply to this encrypted message.

Ready to join Liverado? Start your free 14-day trial today.