Tuta introduces user key verification to boost mailbox and calendar security

Tuta is introducing key verification, expanding its privacy features across both the encrypted mailbox and calendar. The new feature enables users to confirm the authenticity of public keys when communicating, which prevents potential tampering and interception by attackers. This addresses a key security challenge, where an adversary might attempt a man-in-the-middle attack by substituting their own public key to read private communication undetected.

Building on its quantum-resistant encryption algorithms, Tuta continues to encrypt all mailbox data end-to-end. This process uses asymmetric cryptography involving a private and a public key. When sending an encrypted message to another Tuta user, the message is automatically secured with their public key, making the process seamless and invisible for the sender.

Alongside automating encryption, Tuta asks users to confirm each other's keys independently. Verification is most effective when done in person or via a trusted channel. Once users exchange and save verified key codes, the client checks that the correct key is always used for future encrypted messages, ensuring consistent authenticity and defense against interception.