Contact I Encryption
Confidence and confidentiality are two different things. We have therefore compiled some information about encryption when communicating by email … for you to be confident that your information remains confidential.
Please send us your public by email to info(at)leywerk.es.
Frequently asked questions about encryption
Note: Please take into account that we are a law firm and that we do not provide technical assistance regarding encryption. We assume no responsibility for the content, the integrity, and timeliness of the provided information herein. The same applies to security, up-to-dateness and/or usability of the mentioned technical solutions, e-mail-providers and software for the encryption of emails and data, to which we cannot make any recommendations. Any link or reference to websites belonging to third parties is for information purposes only. We do not assume any liability for the contents, the accurateness of the information and the opinions expressed on those websites that are out of our control and do not reflect our own opinion.
Why is encryption important?
Emails are similar to a postcard. When transmitted over the Internet, the e-mail can be read and the content or sender information be modified. You should send therefore unencrypted e-mails only when you are ready to take that risk.
However, confidential communication requires encryption providing the highest level of protection end-to-end encryption.
End-to-end encryption is a method of secure communication that encrypts an email over its entire transmission path from the sender to the recipient avoiding that its content is available in plain text on intermediate or end servers and thirds may read or change it. For this, the email client or webmail of the sender and recipient must have a corresponding function.
The standard technology used in transport encryption, Transport Layer Security (TLS), more widely known also under the previous name SSL (Secure Sockets Layer), encrypts 'only' the transmission channel when sending emails; but not the content of the email.
This means that the transport between two email servers (SMTP) is encrypted; but without further measures not the email on the email server of the sender or the recipient. Here the data is available in plain text, at least for a short period to time.
This is more more a less like this:
If you check-in your luggage it is unlikely that happens something during the flight (transport). Your luggage is in the storage space of the aircraft and is protected. However, at the departure and arrival airports everyone can access your luggage (unauthorized).
In the case of transport encryption, the luggage is your email. It is protected during the flight (transport) but without further technical measures not at the airport of the place of departure (server of the sender) or the place of arrival (server of the recipient).
This is different with end-to-end encryption. The luggage - the email - is placed in a secure container on departure, stowed in the aircraft and only the recipient can open the container upon arrival. The luggage - the email - is protected from end-to-end.
Transport encryption is therefore useful and you should activate it. For sensitive data, however, you should not rely on this and additionally encrypt the email end-to-end.
We use OpenPGP (openpgp.org). This is arguably the most wideley used encryption standard since 1997. OpenPGP is available for all important operating systems such as Windows, Mac OX, GNU/Linux, Android and iOS and it is free and compatible with PGP - the standard OpenPGP originally derived from.
Both sender and recipient of the e-mail have two keys: a public key and a private key.
The public key is used to encrypt the e-mail. The sender encrypts his e-mail with the recipient's public key and vice versa. That's why we need to exchange our public keys once.
The private key is used for decryption. This key remains with you and must be kept secret and carefully because without your private key you can not read the e-mail. You should therefore make a backup copy of the private key and save the password.
You can generate and manage your key yourself. To do this, you must install an extension in your email client (vid ‘What do you need to set up your device?’).
Our public key can be downloaded under the following link:
Futhermore you can search and download our public keys from the usual key serves on the internet (e.h. onpool.sks-keyservers.net).
Please send us your public key by e-mail to info(at)leywerk.es. You just have to open and send us an email. You don’t have to do or to attach nothing more. Our system detects the attached key automatically.
Each key has a fingerprint. This is a random sequence of numbers and letters created to verify the authenticity of a key. Also, it helps to differentiate several keys for the same email address. Please match the fingerprint that we publish on our website.
You need an email client that supports encryption (for example, Outlook, Thunderbird, Mail). Many email clients have easy-to-use extensions. For example, for Outlook is available the plug-in Gpg4win (gpg4win.org); for Mozilla Thunderbird the add-on Enigmail (enigmail.net) or for Mac users who use the app Mail, the GPG Suite (gpgtools.org).
There are available extensions for smartphones and tablets, for example, the apps iPGMail or PGP Everywhere for iPhone and iPad. Check your app store.
Some webmail services such as Gmail, GMX, mailbox.org, Posteo, or web.de offer end-to-end encryption that works with an easy-to-use web browser extension such as Mailvelope.
Furthermore, some webmail service providers offer server-based end-to-end encryption that does not need any extension (i.e. startmail.org, protonmail.com). The advantage is that you don’t have to care. You can send e-mails normally even when the recipient does not use encryption. This solution works with passwords and the recipient can use a link to read the email. The cons are that the provider has the private key and the comfort for the recipient is good, but not the best.
It’s possible to send confidential data in encrypted attachments. PDF or Word documents, for example, can be password protected and encrypted. The password can then be transmitted to the recipient in a different way, e.g. by phone. This is easy to implement, albeit less secure than end-to-end encryption because the email itself is not encrypted. The text of the mail is therefore accessible. However, the attachment is secure.
Nothing is 'unhackable' and confidentiality is a precious good. If you have any confidential information or documentation for us, we recommend you to send it to us by regular mail or courier or to hand it over to us personally. Although this might be old-fashioned, it is always safer than sending an email, even if it is encrypted.
44EC 0CAC AAA7 8D69 3F33 26C3 C57B 018B 6F66 76B2
You can download our public key here: PGP-Key (*.asc)
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org
-----END PGP PUBLIC KEY BLOCK-----
Information about key exchange
Please send us your public key by email to info(at)leywerk.es.
You can find further Information on key exchange under the link
Our public key