So I’ve recently started a new, open-source project called S-Mail. It’s is an attempt to create a standard email service (based on standard postfix/SMTP) but also provide a web front end for secure email delivery. Upon joining, a 2048 bit RSA key pair is generated (via JavaScript) and the private key is encrypted with AES-256-CBC with the SHA256 hash of your password. The server stores your public key, a triple SHA256 hash of your password (so it doesn’t have your encryption key), and your encrypted private key. When an external email is received, it is encrypted with your public key and stored only in that format. When sending a local email, the server sends the recipient’s public key to you so that you can encrypt it locally first before sending it. You can also verify the key identities of the recipients by verifying the little word phrases which summarize your public key.
This service is really lacking features as it is the most basic start of a project possible but I’m attempting to at least develop a basic framework that people could theoretically use to exchange secure messages without having to exchange asymmetric keys. The “key” to making this system work includes choosing a strong passphrase to begin with and verifying a recipient’s key id.
The source code: Fossjon GitHub S-Mail
Below are some screenshots of the service working:
Hi, I have a few questions. Is there a webservice where I could test this? Also, if release, would this be free or a subscription base service?
Thanks.
Yes absolutely you can test it, I’m still developing it and may be re-writing some parts of it so I can’t guarantee that data wont be deleted at the moment. Basically use it for fun right now 🙂
https://quickchatr.com still in development 🙂