A new project: Secure Email [S-Mail]

So I’ve recently started a new, open-source project called S-Mail. It’s is an attempt to create a standard email service (based on standard postfix/SMTP) but also provide a web front end for secure email delivery. Upon joining, a 2048 bit RSA key pair is generated (via JavaScript) and the private key is encrypted with AES-256-CBC with the SHA256 hash of your password. The server stores your public key, a triple SHA256 hash of your password (so it doesn’t have your encryption key), and your encrypted private key. When an external email is received, it is encrypted with your public key and stored only in that format. When sending a local email, the server sends the recipient’s public key to you so that you can encrypt it locally first before sending it. You can also verify the key identities of the recipients by verifying the little word phrases which summarize your public key.

This service is really lacking features as it is the most basic start of a project possible but I’m attempting to at least develop a basic framework that people could theoretically use to exchange secure messages without having to exchange asymmetric keys. The “key” to making this system work includes choosing a strong passphrase to begin with and verifying a recipient’s key id.

The source code: Fossjon GitHub S-Mail

Below are some screenshots of the service working:

Joining
smail-join

Login
smail-login

Empty inbox
smail-inbox

External SMTP Receive
gmail-send

Inbox Receive
smail-inbox1

External SMTP Read
smail-reade

External SMTP Send
smail-send

Reading the external email
gmail-read

Internal SMTP Send
smail-local

Internal SMTP Read
smail-sread

A new project: Secure Email [S-Mail]

3 thoughts on “A new project: Secure Email [S-Mail]

  1. carlos says:

    Hi, I have a few questions. Is there a webservice where I could test this? Also, if release, would this be free or a subscription base service?

    Thanks.

    1. Yes absolutely you can test it, I’m still developing it and may be re-writing some parts of it so I can’t guarantee that data wont be deleted at the moment. Basically use it for fun right now🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s