Ive been thinking a lot about creating an email app using Xojo that focuses on encryption and security. I tweeted about it a bit and @scott boss replied and were considering creating an open source group project. I’d like to start a discussion and see if we can get something rolling.
I have a few ideas, but Im not married to any of this. In the end, I just want a secure cross platform / devise email app thats easy for anyone to use. Heres some ideas, but Im no expert on this and some of this might be crazy.
Make it obvious if emails are encrypted or not.
Make it automatic and crazy easy to send and receive secure emails.
Support IMAP & SMTP for multi device access to messages.
Use the MBS CURLS IMAP Example.
Use Xojo.Crypto RSA to Encrypt / Decrypt Messages.
Store the Private Keys so they are always encrypted except for when decrypting.
Consider a future standard of embedding the public key in the email message so the recipient can reply using the included key.
Consider generating one key set per message sent. Keys could be generated occasionally in the background.
When replying include the public key, or a small portion of it, to make it easier to know which private key to use to decrypt it.
If a public key for the recipient cannot be found, offer to include text in the message how to reply back with a link to get the secure email app and info why encrypted email is important, along with an included public key.
Over time, make this app a full fledged email app with drag and drop, html email, and other features that folk expect.
That’s very ambitious. I only do a quarter of an email client and know how much work this is.
Why open source and not have people pay for the app?
I don’t think that CURLS IMAP will work with every IMAP server. IMAP is a rather weird protocol. Haven’t tested how good the email parsing is.
From what I’ve read in the last years following the Snowden information even now nobody seems much interested in encryption.
You can’t trust public PGP keys. See start of article in German at http://www.heise.de/ct/ausgabe/2015-6-Gefaelschte-PGP-Keys-im-Umlauf-2549724.html .
Be aware, that depending on the type of encryption used, and various other factors, you may not be able to legally offer, sell or give it away to any one outside of the United States (seeing as you are in Florida). I know the author of PGP ran afoul of these same laws a few years back.
[quote=238404:@Hal Gumbert]Ive been thinking a lot about creating an email app using Xojo that focuses on encryption and security. I tweeted about it a bit and @scott boss replied and were considering creating an open source group project. I’d like to start a discussion and see if we can get something rolling.
I have a few ideas, but Im not married to any of this. In the end, I just want a secure cross platform / devise email app thats easy for anyone to use. Heres some ideas, but Im no expert on this and some of this might be crazy.
Make it obvious if emails are encrypted or not.
Make it automatic and crazy easy to send and receive secure emails.
Support IMAP & SMTP for multi device access to messages.
Use the MBS CURLS IMAP Example.
Use Xojo.Crypto RSA to Encrypt / Decrypt Messages.
Store the Private Keys so they are always encrypted except for when decrypting.
Consider a future standard of embedding the public key in the email message so the recipient can reply using the included key.
Consider generating one key set per message sent. Keys could be generated occasionally in the background.
When replying include the public key, or a small portion of it, to make it easier to know which private key to use to decrypt it.
If a public key for the recipient cannot be found, offer to include text in the message how to reply back with a link to get the secure email app and info why encrypted email is important, along with an included public key.
Over time, make this app a full fledged email app with drag and drop, html email, and other features that folk expect.[/quote]
So, not trying to be a pain, but I’m failing to see what problem this solves. S/MIME does all this already. I really wish some things about it were different, but it works. It’s even built into most clients.
I think the biggest problem you’d face is adoption of yet another email encryption system. Well that, and mail clients are very complex pieces of software.
It feels to me like “Email is Dead” - Spam, phishing, lack of encryption… Office Productivity replacements would be Slack, etc. Personal communication would be various secure mobile apps like cyber dust, twitter, snapchat, etc.
It does sound like a interesting project, just not sure how “future proof” it is? On the plus side, you have some very good ideas re: Public Key discovery, lookup, etc. I guess the question is, does anyone use Email for secure communication or is that the point?
I’d be happy with that… What email apps support that? Is it easy to use for non techy people?
I know what you mean, but email is still huge. When I contact someone, it’s not usually via the method you mentioned, but I do know what you mean.
The goal is to have a super easy email client that anyone could use. If one existed for many platforms, I don’t think we’d be interested in this idea. https://gpgtools.org/ is REALLY easy to use, but only works on Mac OS and takes effort to install it.
Yeah. Making it a productive email client will be hard. I’d be ok with taking steps to get there to have security. If people interested in security spread the word it could grow. It doesn’t have to be free. I thought it would be used more if open and free.
Yeah, S/MIME isn’t too bad, but has a few shortcomings. You request a free certificate for your address from any number of vendors. This generates your key too. The certificate will only last a year though. Or you can buy one that lasts longer. It’s just like SSL on a domain.
To use it in Apple Mail, you just need to import the certificate into your keychain and the rest happens automatically. When you send an email, you can opt to sign, encrypt, or sign+encrypt. Your public key is included with the message.
Trading keys is done by sending a user a signed (but unencrypted) message to give them your key. They reply, which gives your their key. Now that you have each other’s public keys, you can encrypt messages to each other.
This works on iOS too, you can import the certificate and key. I think GMail may even support it. It’s pretty much the standard way to encrypt email.
Now the bad. Once your certificate expires, that’s it. You cannot renew it. You can generate a new one with a new key, but now you’ll need two keys and certificates per address. The new one to send new encrypted messages, the old one to decrypt past received messages, and new messages sent encrypted with the old key. You’ll need to do the key exchange with each recipient again.
This song and dance is such a chore, it is why I stopped bothering. I think it could have been more widely used if key exchange and maintenance wasn’t insane.
@Hal: there is 2 kinds of users. The ones who want free don’t care if software is open-source or not. The users who want quality and pay for apps don’t care about open-source either.
If you really want to tackle this try with as many IMAP accounts for CURLS MBS first. Can the MBS plugin send raw commands? Can it do Yahoo? What about 2-factor? NTLM?
I’ve been using Python for a while and had big problems with it. Python was pain in the behind itself. But the IMAP lib had problems that showed up only after a while and were impossible to debug.
And you need to spend some time with the IMAP protocol itself because at some point in time you will need to send raw commands.
Let’s not talk about the weird s.h.i.t I’ve seen when parsing emails. Handling encodings never works 100%.
the key for me is for the app to handle most of the heavy lifting of keys/certificates. Making it easy for the not-techies (and techies) to send secure mail. Most of my friends (geeks) dont do secure email as it is a PITA (pain in the a…) to deal with the keys/certs, keeping them up to date, sharing them etc…
if the email client could do lots of that work for us, then more people would be willing to use secure communications.
Hey I am just saying that United States has laws requiring the identification and registration of any hardware or software that includes certain levels of encryption technology. And while those rules were relaxed they were not removed.
I am not trying to enforce the laws, I am just attempting to remind people that they exist, and to consider the true cost of their efforts.
Does XOJO itself violate this? I have no idea… Perhaps they made the proper notifiications and got the proper clearances…
Open source software is automatically exempt, as is any software available to everybody. For example, Xojo does not require registration because anybody can go to their website to purchase a copy. This is the Wassenaar Arrangement in action. Export restrictions only come into play when the software is available only to a subset of the population, such as the military.
This only applies to the SOURCE CODE… not to compiled applications…
Wassenaar Arrangement has nothing to do with software written by the individual citizens of a member state, it is an agreement between those member states governments. It is up to the governments of each member state to enact laws to control the actions of their citizens. It is those laws to which I refer.
but I will leave your actions up to you… and hope you are correct in your assumptions