Strategy Session

How does KeyPact work?

 

How does KeyPact work?

KeyPact is a platform for controlled, end-to-end encrypted communication and file exchange. It consists of four components: KeyPact Mail, File Explorer, and integrations with Google Mail and Microsoft Outlook.

KeyPact Mail

KeyPact Mail enables end-to-end encrypted email between KeyPact users. This communication takes place entirely within the KeyPact environment and does not go through the public internet.

Every user has access to:

  • a cryptographically generated email address (bijv. (e.g. 109f+2b9819a3de9ca889bc80b3b080d620b0@keypactmail.com))
  • a KeyPact ID: a unique cryptographic identity that allows users to explicitly add and accept each other.

Only mutually accepted users can send messages or share files. Emails from outside can be received at the KeyPact address, but internal communication remains strictly shielded.

File Explorer

In the KeyPact File Explorer, all data is encrypted with AES-256-GCMFiles can be viewed and edited directly in the browser, without having to download local copies. This limits unnecessary data duplication and reduces the risk of data leaks, while the platform remains fully device-independent.

Folders can additionally be secured with a PIN code. Shared files can be revoked at any time.

When sending or receiving messages via KeyPact Mail, attachments are automatically and structuredly saved in the appropriate folders, such as inbox and outbox.

Gmail & Microsoft Outlook Integration

Users can one or multiple Gmail and Microsoft Outlook/Office 365 accounts Linking to KeyPact via OAuth 2.0. This makes the KeyPact protocol available for end-to-end encrypted email communication within these existing mail environments.

KeyPact exclusively uses Native APIs from Google and Microsoft and does not store any emails or metadata within the KeyPact environment. Encrypted messages remain visible in the regular Gmail or Outlook mailbox, but can only be decrypted via KeyPact.

Cryptography and Future-Proofing

KeyPact is designed from the ground up as a cryptographic platform, not as an email or file system with “extra encryption” added on. Security is not an addition, but the foundation.

End-to-end encryptie als uitgangspunt

All communication within KeyPact is end-to-end encrypted. This means that only the involved end users have access to the content. Servers, administrators and external parties cannot decrypt messages and files, neither technically nor legally.

For symmetric encryption KeyPact uses AES-256-GCMa proven and widely accepted standard that provides both confidentiality and integrity protection. This encryption is applied to email messages, attachments, and files.

Forward Secrecy and the Double Ratchet Mechanism

KeyPact makes use of forward secrecy in combinatie met het double-ratchet-mechanisme, vergelijkbaar met moderne secure messaging-protocollen. Dit betekent dat:

  • elke communicatiecontinuïteit werkt met voortdurend vernieuwde sessiesleutels;
  • het compromitteren van één sleutel geen toegang geeft tot eerdere of toekomstige communicatie;
  • langdurige observatie of latere sleutelonthulling geen historisch datalek oplevert.

Hierdoor blijft communicatie beschermd, zelfs wanneer een individueel apparaat of account op enig moment wordt gecompromitteerd.

Post-quantum sleuteluitwisseling

Voor de sleuteluitwisseling past KeyPact ML-KEM-1024 toe, a post-quantum cryptographic algorithm that is resistant to attacks from future quantum computers.

This is a fundamental distinction from classical solutions that rely solely on RSA or elliptic curve, which are known to be vulnerable to quantum attacks in the long term. By combining ML-KEM-1024 with existing, robust symmetric encryption, a Hybrid and future-proof cryptographic architecture.

What this means in concrete terms

For organisations, this means that:

  • confidential communication remains protected in the long term;
  • compliance and policies are not dependent on cloud providers or foreign jurisdictions;
  • encryption is not an optional feature, but structurally enforces that data is only accessible to authorised parties.

KeyPact therefore offers not a temporary security layer, but a cryptographic foundation designed for long-term use in critical and sensitive environments.