The latest articles on Forem by Bob Bricoleur (@bob_bricoleur). https://forem.com/bob_bricoleur https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3861168%2Ff4e2154f-8e3d-48cb-a629-9e2876070e91.png https://forem.com/bob_bricoleur en Bob Bricoleur Sat, 04 Apr 2026 16:21:01 +0000 https://forem.com/bob_bricoleur/x25519-vs-rsa-for-email-encryption-practical-benchmarks-in-2026-396i https://forem.com/bob_bricoleur/x25519-vs-rsa-for-email-encryption-practical-benchmarks-in-2026-396i <h2> Why I switched from RSA to X25519 for email encryption </h2> <p>While building an encrypted email service, I had to choose between RSA and X25519 (Curve25519) for key exchange. Here are real benchmarks from our Node.js implementation:</p> <h3> Key Generation </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Algorithm</th> <th>Time</th> <th>Key Size</th> </tr> </thead> <tbody> <tr> <td>X25519</td> <td>~0.1ms</td> <td>32 bytes</td> </tr> <tr> <td>RSA-2048</td> <td>~50ms</td> <td>256 bytes</td> </tr> <tr> <td>RSA-4096</td> <td>~500ms</td> <td>512 bytes</td> </tr> </tbody> </table></div> <p>X25519 is <strong>500-5000x faster</strong> for key generation.</p> <h3> Our ECIES Pattern </h3> <p>We use X25519 + HKDF + AES-256-GCM (ECIES pattern):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Generate ephemeral X25519 keypair 2. ECDH(ephemeral_priv, recipient_pub) → shared_secret 3. HKDF(shared_secret, info) → aes_key (32 bytes) 4. AES-256-GCM(aes_key, plaintext) → ciphertext + auth_tag </code></pre> </div> <p>The envelope is a compact JSON:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"v"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"X25519-HKDF-AES256GCM"</span><span class="p">,</span><span class="w"> </span><span class="nl">"epk"</span><span class="p">:</span><span class="w"> </span><span class="s2">"&lt;base64 ephemeral public key&gt;"</span><span class="p">,</span><span class="w"> </span><span class="nl">"iv"</span><span class="p">:</span><span class="w"> </span><span class="s2">"&lt;12 bytes&gt;"</span><span class="p">,</span><span class="w"> </span><span class="nl">"tag"</span><span class="p">:</span><span class="w"> </span><span class="s2">"&lt;16 bytes&gt;"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ct"</span><span class="p">:</span><span class="w"> </span><span class="s2">"&lt;ciphertext&gt;"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Why not PGP? </h3> <p>PGP is the standard for email encryption but:</p> <ul> <li>Key management is painful for regular users</li> <li>No forward secrecy (same key for all messages)</li> <li>Large keys and slow operations</li> </ul> <p>X25519 ECIES gives us ephemeral keys per message (forward secrecy) with minimal overhead.</p> <h3> Browser Implementation </h3> <p>Web Crypto API supports X25519 natively in modern browsers, so we can encrypt/decrypt client-side without any library:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">keyPair</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">crypto</span><span class="p">.</span><span class="nx">subtle</span><span class="p">.</span><span class="nf">generateKey</span><span class="p">(</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">X25519</span><span class="dl">"</span> <span class="p">},</span> <span class="kc">true</span><span class="p">,</span> <span class="p">[</span><span class="dl">"</span><span class="s2">deriveKey</span><span class="dl">"</span><span class="p">]</span> <span class="p">);</span> </code></pre> </div> <h3> Trade-offs </h3> <ul> <li> <strong>Pro:</strong> Fast, small keys, forward secrecy, browser-native</li> <li> <strong>Con:</strong> Less widely adopted than RSA, no direct signing (use Ed25519 separately)</li> </ul> <p>Would love to hear from others implementing email encryption. What patterns are you using?</p> <p><em>Built with Node.js crypto module (server) + Web Crypto API (client)</em></p> security encryption email privacy Bob Bricoleur Sat, 04 Apr 2026 15:23:56 +0000 https://forem.com/bob_bricoleur/whats-your-email-setup-for-privacy-in-2026-3ocn https://forem.com/bob_bricoleur/whats-your-email-setup-for-privacy-in-2026-3ocn <p>Curious what people using these days for email privacy. The<br> landscape seems to have changed a lot:</p> <ul> <li>ProtonMail went mainstream but some complain about lock-in</li> <li>Tutanota rebranded to Tuta, mixed reviews</li> <li>Self-hosted is more accessible but deliverability is still hard</li> <li>New players popping up with different approaches (E2E,sovereign hosting, etc.)</li> </ul> <p>What's your current setup? Especially interested in:</p> <ol> <li>Provider or self-hosted?</li> <li>E2E encryption — do you actually use it?</li> <li>Custom domain or provider domain?</li> <li>How do you handle the fact that the other side usually uses Gmail anyway?</li> </ol> cybersecurity discuss privacy security