TOPKI | End-to-end encryption | Windows PKI


Sending a secure email using end-to-end encryption (e2ee) is possible today for every user with standard applications like Outlook but also with smartphones like the iPhone or several Android devices. By this a seamless end to end encryption is possible where the originator may perform mail encryption directly on his endpoint device. Only the intended recipient may decrypt and read the encrypted mail on his device. Eavesdropping of a message with end to end encryption is even not possible for intelligence agencies. At the same time a cryptographic email signature provided by the originator can prove the origin and authenticity of the message. The S/MIME encryption being used is supported natively by all popular email applications with a built-in S/MIME client without the need for additional encryption software. You do not need so called secure email gateways for a central email encryption service any more. Quite the contrary, using them would undermine the end to end encryption at the expense of security because e-mails are decrypted and re-encrypted here on their route.

Tasks for E2EE

In order to provide a really global end to end security with ordinary partners some fundamental tasks have to be done:

  • You have to use recognized certificates from a globally trusted root CA
  • Certificate issuance and management must be done mostly automatically
  • Easy email encryption to external partners must be possible
  • A user may encrypt, decrypt or sign data on all of his devices


End-to-end-encryption between any device


Certificate Distribution for E2EE

The Secardeo solution “TOPKI” (Trusted Open PKI) fulfills all the required tasks for seamless end to end encryption (e2ee) for a user. In order to perform iOS or Outlook email encryption, the required private keys and certificates are being distributed automatically to the user’s devices. With it he can also read S/MIME encrypted emails on all of his devices. Using TOPKI, a user does not have to care about how to encrypt emails on the endpoint device. Your advantages are:

  • use of globally accepted email certificates
  • uninterrupted end to end encryption of emails
  • Secure email with standard desktop clients like Outlook, Thunderbird, Notes, Acrobat
  • encryption with your mobile devices like iPhone, iPad, Samsung Galaxy without additional encryption apps
  • Completely transparent to your users
  • Automatic certificate registration, issuing and renewal
  • Automatic provisioning of partner S/MIME certificates at your client
  • secure archival of private keys within your organization