Jon's FOSS Blog

Anything networking, coding, crypto, or security

A new project: Secure Email [S-Mail]

So I’ve recently started a new, open-source project called S-Mail. It’s is an attempt to create a standard email service (based on standard postfix/SMTP) but also provide a web front end for secure email delivery. Upon joining, a 2048 bit RSA key pair is generated (via JavaScript) and the private key is encrypted with AES-256-CBC with the SHA256 hash of your password. The server stores your public key, a triple SHA256 hash of your password (so it doesn’t have your encryption key), and your encrypted private key. When an external email is received, it is encrypted with your public key and stored only in that format. When sending a local email, the server sends the recipient’s public key to you so that you can encrypt it locally first before sending it. You can also verify the key identities of the recipients by verifying the little word phrases which summarize your public key.

This service is really lacking features as it is the most basic start of a project possible but I’m attempting to at least develop a basic framework that people could theoretically use to exchange secure messages without having to exchange asymmetric keys. The “key” to making this system work includes choosing a strong passphrase to begin with and verifying a recipient’s key id.

The source code: Fossjon GitHub S-Mail

Below are some screenshots of the service working:

Joining
smail-join

Login
smail-login

Empty inbox
smail-inbox

External SMTP Receive
gmail-send

Inbox Receive
smail-inbox1

External SMTP Read
smail-reade

External SMTP Send
smail-send

Reading the external email
gmail-read

Internal SMTP Send
smail-local

Internal SMTP Read
smail-sread

About these ads

3 responses to “A new project: Secure Email [S-Mail]

  1. carlos March 31, 2014 at 19:58

    Hi, I have a few questions. Is there a webservice where I could test this? Also, if release, would this be free or a subscription base service?

    Thanks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: