End-to-End Encryption

Recommended

Military-Grade Security

End-to-End Encryption (E2EE) provides the highest level of security. Your emails are encrypted on your device before leaving it, and can only be decrypted on your device. CenterLeap never sees your plaintext emails - ever.

Security Level

Maximum

Military-grade

Speed

Moderate

~100-200ms

Provider Access

Never

Impossible to read

Password Reset

Risky

Loses email access

How End-to-End Encryption Works

RSA Key Pair Generated on Your Device

When you register, an RSA-4096 key pair is generated entirely in your browser. Your private key never leaves your device in plaintext form.

Emails Encrypted Before Transmission

When you receive an email, it's encrypted in your browser using your unique AES-256 content key before being sent to our servers for storage. The server only ever sees encrypted data.

Decryption Happens Only on Your Device

When you read an email, the encrypted data is downloaded to your browser. Decryption happens entirely client-side using keys that only exist on your device.

Your Device(Encryption here)

Already Encrypted

CenterLeap Server(Only sees gibberish)

Still Encrypted

Storage(Encrypted)

Why "Military-Grade" Security?

E2EE uses the same encryption standards trusted by military and intelligence agencies:

AES-256-GCM

Approved by NSA for TOP SECRET classified information. Would take billions of years to crack with current technology.

RSA-4096

Asymmetric encryption for secure key exchange. Used by banks, governments, and military systems worldwide.

Combined with client-side key management, this means even a government with unlimited resources cannot read your emails without your password.

Advantages

Maximum security - Strongest encryption available
CenterLeap NEVER sees plaintext - True zero-knowledge architecture
Protected from everything - Breaches, legal requests, insider threats
Client-side keys - Encryption keys only exist on your devices
Future-proof - Quantum-resistant options available

Disadvantages

Slower performance - Client-side decryption takes ~100-200ms
Password reset loses emails - No recovery without password/recovery key
No server-side search - Cannot search email content from server
Device-dependent - Need to unlock vault on each device
More CPU usage - Your device does all the crypto work

E2EE is Best For

Legal Communications

Attorney-client privileged communications requiring absolute confidentiality

Medical Records

HIPAA-compliant communications containing protected health information

Financial Data

Banking information, tax documents, and financial statements

Trade Secrets

Proprietary business information and intellectual property

Whistleblowing

Sensitive disclosures requiring maximum source protection

Personal Privacy

When you want absolute certainty that nobody can read your emails

Critical: Your Password is Everything

With E2EE, your encryption password is the ONLY way to access your emails. CenterLeap has no backdoor, no master key, and no way to help you if you lose access.

You MUST save your recovery key because:

- It's your only backup if you forget your password
- Without it, your emails are permanently encrypted
- CenterLeap support cannot help you recover access
- This is a security feature, not a bug

Technical Specifications

Symmetric EncryptionAES-256-GCM

Asymmetric EncryptionRSA-4096

Key DerivationPBKDF2-SHA256 (310,000 rounds)

Content Key256-bit random

IV GenerationCryptographically random

Decryption LocationClient-side only

Average Decryption~100-200ms

Key StorageEncrypted in browser/device

Similar to Signal Protocol

CenterLeap's E2EE follows the same principles as Signal, WhatsApp, and other industry-leading secure messaging apps:

Keys generated and stored only on user devices
Server only sees encrypted ciphertext
Perfect forward secrecy with per-message keys
Open cryptographic standards (no proprietary algorithms)

← Previous: Server-Side Encryption All Encryption Tiers →