The Autocrypt standard has been developed to provide an automatic email encryption. This is done as follows:
- Each email sent includes the public key of the sender in the email header. This key will be imported automatically or manually by the recipient.
- PGP is used as encryption method.
Autocrypt has the following limitations:
- There is no check for automatically imported keys to see whether they are correct or a fake.
- For this reason, an automatically imported key is not used for verifying the sender's signature.
To manage Autocrypt keys and verify them later, you have the following options: