Is it possible to communicate with non-DC user? (interoperability with email)

belkka · December 12, 2025, 7:21pm

thanks. now I experimented with k9 mail and discovered that following steps allow to initiate an unencrypted communication (when only email address is available, without keys), then upgrade to e2ee via Autocrypt as in Example Data Flows and State Transitions — Autocrypt 1.1.0 documentation

disclaimer

to the best of my knowledge

Autocrypt doesn’t aim to prevent active attacks.
you should do key verification.
out of band verification = good
in-band verification = bad
instructions in Is it possible to communicate with non-DC user? (interoperability with email) - #5 by adbenitez describe distributing key (vcard or .asc) out of band
what I describe below implies distributing keys in-band, with no verification

I assume it must be possible and reasonable to perform key verification shortly after keys were distributed over insecure channel, but not sure how (DC invite link seems to include key fingerprint in URL fragment… ).

prerequisites

person A (email enjoyer) must ensure encryption and Autocrypt are enabled in their MUA (e.g., turn on in k9 mail account settings).
person B (deltachat enjoyer) must use a “classic email” DC profile, that could operate with unencrypted emails.

how to exchange keys between Autocrypt-capable MUA and DeltaChat using unencrypted emails

Scenario 1: person A initiates communication with person B

person A sends an (unencrypted) email to person B.
person B accepts the incoming request in DC, and sends an (unencrypted) message back, in the same chat. DC implicitly attaches their key in the Autocrypt header. the chat picture is “grey envelope”, indicating that chat is unencrypted.
I thought it should have been theoretically possible to send an encrypted reply at this point, but I don’t see how to do it in DC.
person A replies to person B’s message in their MUA. in my case, k9 mail automatically encrypts the reply using, apparently, the key from received Autocrypt header, as expected from Autocrypt-capable agent.
person B receives another incoming chat request, different from the first chat at step 2. in this chat DC says “Messages are end-to-end encrypted.” and chat picture is NOT a “grey envelope”. person B could accept the request, and continue encrypted communication in this chat, ignoring the first (unencrypted) chat.

Scenario 2: person B initiates communication with person A

person B uses DC to create an unencrypted group with person A (tap , “New E-Mail”, enter Subject, “Add Recipients”), and sends a first message. DC implicitly attaches their key in Autocrypt header.

then continue as in steps 3 and 4 of Scenario 1:

person A replies. their MUA (tested with k9 mail) automatically encrypts the reply, AND implicitly attaches their key in the Autocrypt header.
person B accepts an incoming request for a new e2ee chat, and continues further communication in this chat, ignoring the unencrypted group previously created at step 1.