Jon's FOSS Blog

Anything networking, coding, crypto, or security

A new project: Secure Email [S-Mail]

So I’ve recently started a new, open-source project called S-Mail. It’s is an attempt to create a standard email service (based on standard postfix/SMTP) but also provide a web front end for secure email delivery. Upon joining, a 2048 bit RSA key pair is generated (via JavaScript) and the private key is encrypted with AES-256-CBC with the SHA256 hash of your password. The server stores your public key, a triple SHA256 hash of your password (so it doesn’t have your encryption key), and your encrypted private key. When an external email is received, it is encrypted with your public key and stored only in that format. When sending a local email, the server sends the recipient’s public key to you so that you can encrypt it locally first before sending it. You can also verify the key identities of the recipients by verifying the little word phrases which summarize your public key.

This service is really lacking features as it is the most basic start of a project possible but I’m attempting to at least develop a basic framework that people could theoretically use to exchange secure messages without having to exchange asymmetric keys. The “key” to making this system work includes choosing a strong passphrase to begin with and verifying a recipient’s key id.

The source code: Fossjon GitHub S-Mail

Below are some screenshots of the service working:



Empty inbox

External SMTP Receive

Inbox Receive

External SMTP Read

External SMTP Send

Reading the external email

Internal SMTP Send

Internal SMTP Read

3 responses to “A new project: Secure Email [S-Mail]

  1. carlos March 31, 2014 at 19:58

    Hi, I have a few questions. Is there a webservice where I could test this? Also, if release, would this be free or a subscription base service?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: