How email encryption works

If you want to understand how Jumble email encryption works, this is the best place to start!

Hey I'm a pro, give me some details | Not a pro? stay with us!

What is Jumble?

Jumble provides a secure email service that integrates with existing email providers so you don’t need to change your email address or change how you interact with your emails.

Jumble was designed so that it could be used without any knowledge of data security, encryption or encryption keys, but if you’d like to know more then read on.

Jumble uses global data encryption standards to secure email data; in fact we use 3 different sets of encryption keys for each email you send.

asymmetric keys
Sending an encrypted email

How to send an encrypted email

You need a Jumble account and the other person’s email address; you do not need to exchange passwords, key files or anything else.

Register with Jumble for free and then install Jumble for your preferred email client.

Once installed, Jumble will appear inside your normal email compose window - to send an encrypted email simply click 'Secure Send'.

How to read an encrypted email

Every recipient will need to register with Jumble to access an encrypted email - registration is free and we never charge users to read secure emails.

Once Jumble software is installed, you can read encrypted emails simply by opening them - Jumble will automatically detect encrypted emails and will decrypt as you open them.

Decrypted emails are not saved anywhere and are secured again once you close the email.

If Jumble is not installed when you open an encrypted email, you will be given instructions on how to register with Jumble in order to access the email.

Automatic decryption inside the inbox
Online decryption

What if the other person can't install Jumble?

If your recipients can't install Jumble they will still be able to access your secure email via our website. Our website has an online email decryption page to help in these situations.

Note: all encryption and decryption is done within your browser so we never see your data.


Looking for more technical details?

This section has more technical details about Jumble. Encryption experts, stay with us.

How Asymmetric Key Generation/Distribution works

Jumble provides a secure email service in two ways:

  • Firstly, by creating and distributing encryption keys needed to secure your email via our key API
  • And secondly, by providing a software program (currently a Google Chrome browser extension) that uses these keys to secure your email

Any client can consume the API and request public and private keys:

  • Public keys are issued on-demand to anyone
  • Private keys are issued only to authorized individuals
  • Private keys are encrypted, only the users’ password can decrypt the private key

Key-pairs are uniquely associated with your email address and Jumble will generate a new key-pair for a specified email address when it’s not already available.

Jumble uses global data encryption standards; in fact we use 2 different sets of encryption keys for each email you send:

  1. A random single-use AES key is created for each email sent; this key is used to encrypt the actual email
  2. A set of RSA keys, called a key-pair, is uniquely associated with your email address and these keys secure the single-use AES key.
    Jumble generates a new RSA key-pair for a given email address when it’s not already available from our API but only releases the private section of the key-pair to someone who can prove they own the email address linked with the key-pair.

How Our Encryption Works

We use standard encryption algorithms that have been published and peer reviewed over many years. Specifically, we use 256-bit AES keys to encrypt the email data and then use a 2048-bit RSA public key to encrypt the AES key. All data is encrypted in the browser, which means nobody, including us, ever see your data; Jumble provides real end-to-end secure email.

Proving ownership of an email address

Once you register we’ll send an activation email to the address you provided with a link containing a single-use activation key.

Clicking this link will activate your account and shows us that you are able to access the email account linked with the address you registered with.