With the release of the eM Client for iOS and Android we added a QR export function to the
desktop version of eM Client 9.2.
We have implemented this feature for a quick and easy import of settings and other data (such as
account settings, templates, signatures, QuickTexts, certificates, tags, and more) into mobile
devices which can use a camera function to bring over your settings with one single scan, in
comparison to moving an exported XML file from one computer to another.
How does it work?
Let us explain in a few simple steps how this feature works on the technical side.
- The data is encrypted on the original device (e.g. desktop eM Client) via 256bit AES symmetric
encryption algorithm with a random encryption key.
- This encrypted data is sent securely to a service running on our server.
- A unique identifier is generated by the server to access the data.
- The original device generates a QR code with the mentioned unique identifier and
encryption key.
- The QR code is scanned by the device that wants to import these settings (the eM Client
mobile app) getting the correct URL address.
- The mobile device downloads the encrypted settings data from our server.
- The eM Client mobile app decrypts the data with the encryption key found in QR code.
Is the QR Export secure?
Since the steps are so simple, one might wonder if the data you bring over is safe or if the eM
Client company has any access to them - we are happy to confirm that your data is absolutely
safe, because of these reasons:
-
The eM Client company never has direct access to this data. When it’s stored on our servers
for the purpose of export/import it is in an encrypted form which we cannot decipher.
Decryption can be done only by using the encryption key, which is only available to the
device you’re exporting from and the device you’re importing to (end-to-end encryption).
- This data is stored on our servers only for a limited time (no longer than 30 minutes), for
one-time import only.
- The data is stored in-memory, so it cannot be retrieved from a server database or file
storage - this means that even if someone gained access to our server within that time
frame, they would not be able to locate this data since it’s in the operating memory only.