Thanks to


Hosted by OpenShift

Copyright © TS.Holden 2013-2017

Further Information

Technical Information

Email Guardian encrypts your emails and files using the RSA algorithm with a 4096 bit key.
The application is not installed at a system level, for example there is not a Windows registry entry, so it may be stored on a portable device and run on different systems.
The application listens on the loopback address (, so direct connections to the application from external systems are not possible.
The default IP port is 10004, this can be changed in v1.3.
The application limits the amount of data transferred from a browser to 20,000 bytes.

Browser websockets are used with the "wss" protocol. The certificate app/EP/SSL_KEYS/cacert.pem must be loaded into the browser as an Authority Certificate. You can generate your own certificates, for example see Modify the file or Run.bat to pass the following arguments to java


To use Email Guardian first add an "Your Reference(s)" entry, along with a password for that reference. This password is not saved by the application.
The next step is to add the references of your contacts into the "Mapped Reference(s)" table.
In this basic mode you have one public key that all your contacts will use.

By adding more than one "Your Reference(s)" you can use more than one public key, and create a mapped references group for each of your public keys.


On adding your reference the application will create private and public keys for that reference. Pass your public key onto your contacts. They can send you encrypted emails, however you will need their public key to send them encrypted emails.

Key Storage

The private key is stored in a protected file and the password entered when adding the "Your Reference(s)" entry is used to retrieve the private key from the file.


To start the application select an entry in the "Your Reference" list, and then the "Mapped Reference" you will be sending to.

Next, enter the password for "Your Reference", to enable you to decrypt received communications.

Finally, click on the button labelled "Start".

To send/receive email to another reference, click on the "Stop" button and repeat the process.

Public Key Exchange

Your public key can be retrieved by the browser into an email or web site posting.

Public keys from your contacts can be loaded from the browser into the application. An Uploaded key is checked for correct size and format, if the conditions are not met the key is not saved.

Scratch Pad

Compose and encrypt text only emails in the Scratch Pad, then use the broswer extension to copy the encrypted message to the email.

You can copy and paste into/from the scratch pad for unsupported browsers and applications.

Decrypted Output

When the "Limit Decrypted Output" box is checked decrypted emails are not returned to the browser for display. They will be viewable in the Browser I/O tab.


A signature is an addition to a sent email message that has been "signed" by a private key. The corresponding public key is used to check that the email was signed by the private key. This helps verify the email came from the claimed sender.
The Use of signatures is optional.


Files are encrypted using the public key of the reference selected in the "Their Reference" List.
Files are decrypted using the private key of the reference selected in the "Your Reference" List.
The application cannot attach file to emails, this needs to be perfomed manually.

Run app

The application can be run directly from the browser.

Firefox: Unzip the application directory into either your home directory or Desktop. The browser will look for the application directory in these locations and run the application if found.
For another location you can run the application and click on "Run app", the location will be saved in the browser storage.
The location can be set from the Settings button. Enter the folder containing the application folder. For example, enter /home/me for /home/me/emailGuardian

Chrome/Chromium: Linux: Run the script RunAppInstallForLinux. If you move the application folder you must re-run this script. A C compiler is required. The script may be used on other Unix-like systems, but may require changes. For OSX see

Chrome: Windows: Not supported.