You can generate a private key and a corresponding self-signed certificate (with the public key) here.

The certificate is used to encrypt messages for you. You can share your certificate with your friends without hesitation.

The private key is used to decrypt messages that were encrypted with your certificate. Keep this key in a safe place, and do not share it with anybody. For additional safety, the private key is encrypted with a password.

This web app allows you to create S/MIME messages within your browser.

S/MIME is the industry standard for secure e-mail messaging, and supported by most e-mail clients, including Microsoft Outlook, Mozilla Thunderbird, and Gmail. Messages are thereby encrypted, and can only be read by recipients using their private key (end-to-end).

Instead of sending such messages via e-mail, you can also store them as EML files on your computer. Whenever you need to access the encrypted documents, you simply double-click on the EML file to open it with your e-mail client.

How to use it

1. Pick the files to encrypt, and add an optional text message. The subject line is optional, but recommended. It will also be used as file name for your EML file. You can also drag these files from your file manager into this browser window.
2. Then, add your S/MIME certificate to the to field. You will later need the corresponding private key to decrypt and read the message.
3. Click Create EML file and download the resulting file.

What is encrypted?

The main message text and all attached files (with their filenames) are encrypted as defined by the S/MIME standard.

The subject line, as well as the from and to fields are not encrypted.

Note that the encryption is entirely carried out within the browser. No information is sent to any server.

What algorithms are used?

Messages are encrypted using AES-256-CBC, which is supported by virtually all S/MIME clients.

Regarding certificates and private keys, this tool currently supports RSA up to a key size of 4200 bits.

How many files can be attached?

This depends on your web browser and computer. On a standard desktop computer, up to 500 MB of files will work fine, and take about 2 minutes to encrypt. Some systems can handle up to 1.2 GB of files.

Note that the resulting EML file is about 1.8 times as large as the attached files. This is due to the format specifications of SMIME messages.

URL Switches

Fields may be prefilled using URL switches, e.g.

https://.../smime/#subject=Documents&zip=true

The following switches are available:

Sets the "from" field to an e-mail address or a certificate.

EMAIL should be of the form

• John Doe <john.doe@example.com>
• john.doe@example.com

CERTIFICATE is the base64 content of a X.509 certificate file.

CERTIFICATEURL is a HTTP URL pointing to a X.509 certificate. Note that the corresponding server must provide valid CORS headers for this to work.

Sets the "to" certificates. Multiple certificates or certificate URLs may be provided.

Sets the subject.

Sets the message.

Switches the ZIP option on or off.

Switches the meta component info option on or off.

Switches the ASCII filenames option on or off.

For small tasks, Thunderbird may already do it, but for more involved it is us ;).

Links

• https://e-2-e.ch/smimeJs
• sponsored by https://my-d.org
• To decrypt large SMIME messages, there is the counterpart
  https://e-2-e.ch/cryptoTool