What we protect.

How encryption finds the recipient

No key server. No central directory. The protocol piggybacks on regular email.

When you write to a Gratin user for the first time, your client embeds your public key alongside the message — an Autocrypt-style header. Their client picks it up automatically (trust on first use) and uses it to encrypt the reply. On subsequent messages, both clients exchange a one-time nonce inside the encrypted body to upgrade the relationship to Paired — at which point downgrade attacks become detectable. No Chicon-run server is involved.