Idea behind PYPEM is to have an email system that functions in the public domain while remaining secure and private. The assumption is that trust is not required and that messages can be left anywhere without the fear of an unintended recipient reading it. For instance encrypted messages can be left in open view on public forums, shared via insecure communication channels or printed onto physical media, if the communication location is shared by parties beforehand, not even the recipients address needs to be revealed. What follows is a high level overview of how the system functions.
Concept
Each client has a RSA key-pair, the public key is used as the address of the client. When sending an email message to somebody, the public key is used to encrypt a random AES key phrase that will be used for that particular email. The recipients public key is prefixed to the message and serves as an identifier to who the email is addressed to, however it is not necessary to include this information if the recipient knows that the message is for them. Once the recipient has the message, the AES key phrase is decoded with their private key and the rest of the message it decoded with that phrase.
Guarantees
Since anybody that has the public key which serves as the address of a client can send a message to any public address, RSA hash signing is used. This ensures that the sender was in fact the one who encrypted the email. Also it's impossible to read a message that's encrypted with someone else's public key. This guarantees that the sender and receiver are the only ones who are capable of communicating with each other. Another layer of security is the pairing that takes place, when the first exchange of messages takes place, the communicating parties give each other a secret passphrase that is used for all subsequent messages.
Server
Server is there to provide a centralized message storage and retrieval capability, the server actively ensures that each email transaction is current, this is done by the server requiring the sender to return a random passphrase that is encrypted using the sender's public key. Since only the party with the private key that corresponds to the public key that is claimed to be sending the message can decode the passphrase it's guaranteed that the sender is legitimately sending the message in real time.
Conclusion
An attacker could never read an email that is not intended for them and he can never pose as a sender of an email that he is not the sender of. The only thing the user needs to ensure is that he has the correct address for his contact.
PYPEM is currently available on Google Play store.
No comments:
Post a Comment