PGP/GPG does not work easily with web-mail

Tim Prepscius timprepscius at gmail.com
Thu Apr 10 07:40:56 CEST 2014


PGP actually does work well with web mail.

There are two libraries which do pgp encryption, there are 3 that I
know which do AES-SHA256-CBC-PKCS7.  There are at least two libraries
which do pkdf2 sha 256.

There is also one library which does AES-SHA256-GCM, but I'm not sure
if it does pkcs7 or not.  (or whether padding is incorporated into
GCM, need to research).

Looking up keys on a pgp key server is trivial, registering a key is
also trivial.

---

However there are some legitimate concerns.  The most important to my
mind are javascript injection attacks.

For instance, let's say the NSA takes over your web-mail server.  You
think, "well my users' data is fine, because all of the encryption is
happening client side, I never see any of the keys, etc."

However the NSA could *force* you to place code inside your server
which tells the client to send the keys to you randomly.
This would be difficult (not impossible) to detect, and when executed
*once* would completely destroy the privacy of the target machine
forever.

Generally these days, (at least the conversations I've been reading),
people are talking about making "plugins" out of the client side code
and protecting them through the app store.  So, I download the app for
the client, I check it's signature.  It *NEVER* downloads code again.

I think there are some other solutions to this problem, which I could
babble about, but won't right here.



However, there are still attacks.  For instance, I'm the NSA, I've
spent the hours necessary reading through your code to know that if I
write you an email with SO-and-SO pattern, when you display that
e-mail my script will be run.  That script then would destroy the
privacy.  This is a very hard attack to guard against.

---

In my webmail I'm developing (I wrote one previously using GWT which
was too complicated, too difficult to maintain and enhance, this one
is much simpler).  My goals are three fold:

1. raise the cost of the NSA exponentially.  I want them to have to
spend considerable time for each target, instead of just "hey Google,
give me these 20,000 peoples' email."

2. re-normalize the idea of privacy.  Google has pretty much destroyed
privacy.  And they are trying to destroy anonymity as well.  I believe
it is important to have by this year's end at least 10 services
running which re-normalize privacy in e-mail.  Each service hopefully
will castigate Google and call them for what they are.

3. give "good" security.  Nothing will protect you if you are
*actually* some terrorist or something, but it would be nice if we
weren't being big-brothered *all* of the time.

---

I encourage you to look at those others people referenced.  Also, if
you care to, take a look at mine as well.
https://github.com/timprepscius/mv

If you need any help setting up a server, let me know.  If you are
versed in sys-admin, it should take 5 minutes to get a VM running, or
use something like DigitalOcean.

The benefits of my server, (I think), is that you should be able to
change how it looks and feels without changing any of the fundamental
code.  Meaning you can change the html templates and css and what not,
and it will still function correctly.  It uses Backbone, so the
rendering is clearly separated from the code/models.



Anyhowz,

If you are looking for perfect security, web mail is not the way to go.
Hopefully a plugin will be able to provide near-ish the same security
that a standalone program with no javascript interpreter might.
But that doesn't mean that PGP WebMail won't be a billion-million
times better than gmail.  (can't wait to leave it! so close, soon
soon)

Good night,

-tim



More information about the Gnupg-users mailing list