-
Notifications
You must be signed in to change notification settings - Fork 5
Security
Joshua Thijssen edited this page May 27, 2020
·
9 revisions
I'm in no way a security expert, which makes it scary when trying to create a secure system for dealing with (personal) emails.
These are the things we thought about, or that still pose problems:
-
MailServer to MailServer uses TLS with ECDHE for perfect forwarding secrecy.
-
Everything depends at the moment on a single private RSA key (4096 bits). It is used for the following:
- logging into the mailserver to read emails
- logging into the mailserver to send emails
- decrypting emails
-
Once a private key is exposed, the following can happen
- we can write emails on behalf of somebody
- we can decrypt the catalog-key inside each message-header, which results in:
- we can decrypt the blob-keys inside each message-catalog, which results in:
- we can decrypt each blob of each message
-
Exposing a public key by itself means you need to know the actual email address. The only unencrypted email address reference is a SHA256 sum.
- Private key should have a pass-phrase. Can we force this?
- Can we store the private key securely in for instance the OSX keychain for example?
- Can we decrease the attack surface? When a private key is compromised, we might be able to send/receive emails (provided we also know the actual email address for this private key), but can we somehow make sure we can't decrypt the emails?
- Could every email be encrypted with a different key (like DH?). How would this work?