World-Class Encryption


Penango uses S/MIME, the worldwide standard for secure e-mail. Penango interoperates with every major e-mail client that supports S/MIME out-of-the-box, including Microsoft Outlook, Outlook Express, Windows Live Mail, Entourage, Mozilla Thunderbird, Apple Mail, Novell Evolution, Eudora, IBM Lotus Notes, and more.

100% end-to-end encryption

Penango provides true end-to-end encryption since it encrypts your e-mail message in your browser before it gets sent to any servers, and your message stays encrypted until the recipient or recipients open and decrypt the message in their webmail or e-mail client. With Penango, your e-mail's contents are encrypted both in transit and at rest.

Encrypted attachments

Penango encrypts the body of your e-mail message as well as any attached files. It's that simple.

Standards-compliant security

Penango meets or exceeds the security standards of FIPS 140-2, HIPAA, Massachusetts 201CMR17, and other regulations.

In more detail, Penango supports the following standards:

  • E-mail formats: S/MIME v3, S/MIME v3.1, MIME, HTML e-mail (MHTML), Content-ID headers and mid/cid URIs, data URIs, inline attachments, IDNA, all character encoding schemes*
  • Protocols and wire formats: HTTP/S, SMTP, LDAP, TCP/IP, SSL 3.0/TLS 1.0–1.2, OCSP, PKIX (X.509 certificates), SOAP, XML, HTML, CSS, AJAX, JSON
  • RFCs: Internet Mail Format Standards, MIME Standards, PKIX, CMS, and S/MIME Standards, IDNA Standards**
  • Cryptography Interfaces*: CryptoAPI 1.0, CryptoAPI 2.0, CNG, CSP, NSS/PSM, PKCS #11
  • Algorithms, asymmetric*: RSA, DSA, ECC (ECDSA & ECDH with NIST-standard prime curves P-256, P-384, P-521)
  • Algorithms, symmetric*: 3DES, AES, Camellia; Hash: MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512*; Cipher Block Modes: CBC; Padding Schemes: PKCS #1v1.5–2.1, OAEP; Certifications: Suite B, FIPS 140-1, FIPS 140-2

*Support for algorithms and interfaces vary by operating system and platform; Penango uses the native, FIPS-compliant cryptography stacks offered by the underlying operating system or platform. Full support for SHA-256, SHA-384, and SHA-512 is enabled in IE on Windows XP SP3, complying with NIST SP 800 57 and SP 800 131 (June 2010 draft) regarding the deprecation of SHA-1.

**Specific RFCs available on request.