What is a One-Time Certificate (OTC)?
Well, the answer is simple – it is a 256-bit key that is used only once. As we have written before, there are a plenty of advantages in using OTC and one minor drawback – to start using OTC you need to get both devices together to exchange the keys.
In return for that effort you get the maximum level of protection and an option to expire a message. Set the expiration time for a key and no one would be able to recover the message that was protected by that key. A better alternative to the “plausible deniability”.
How to use OTC?
Get two devices together. The exchange will be made via a peer-to-peer connection.
Add your correspondent to the app's address book.
Tap “Exchange one-time certs”
One device is used to generate the certificates, the other device will receive them. So tap “I will be a generator” on one device and “I will be a receiver” on the other.
On the “generator” device enter the email addresses of the sender and a receiver and tap “Generate”
The app will ask you to tap on the screen to collect random data. Since you need to create a 100 certificates, the more taps you make the better. If you tap less than 3200 times, the rest of the data will be obtained from the device's built-in secure random number generator. Anyway it won't accept less than 100 taps.
When finished tap “Done” and wait until “Transmission started...” appears indicating that the generator has finished processing the certificates and is ready to send them
At the same time the “generator” device will appear in the list of peers on the “receiver” device – tap it
On the “generator” device allow the connection and the exchange will start. Usually it takes about one second to exchange the keys
After confirmation of successful exchange you can use OTC. If something went wrong the certificates wouldn't be saved
Write a new message. Tap “Send” and the OTC page will be opened asking you to use a certificate. You can set an expiration date for that OTC. After that date on the first run of the app the certificate will be deleted and the message will become unreadable. Please note, that if you don't run the SenseMail app, the expired certificates won't be deleted
The other changes include:
Added "What's new" page showing on the first run and a button to call it from the menu
Added fetch and send a read receipt request
Added high/normal priority for a message. A blue/red dot to the right of the sender's address
Added "search important"
Code checked against OWASP (The Mobile Application Security Verification Standard) requirements
Added a list of all OTCs with a delete and resend options
Set an option for maximum protection for the local storage of settings, certificates etc. It won't appear in a system's backup
Set an option for maximum network protection. Any resource loaded through insecure connection will be blocked
Fixed save cert to overwrite it before delete
Fixed new messages count retrieval for a folder
Added total messages count for a folder
Fixed unseen count change for a folder
Added rename folder on long press
Forced change http to https while loading a full email
Added "Expire OTC now" button to the message actions