search

EFForg / cryptobot-email

GNU Affero General Public License v3.0
61 stars 11 forks source link

Encrypted responses #3

Closed micahflee closed 10 years ago

micahflee commented 11 years ago

If the email includes a public key, the bot should import this public key to use when responding. If the bot doesn't include a public key, but the email is digitally signed, the bot should search key servers for the signing key and import that to respond.

After importing the public key it should inspect the user IDs of the key for the email address it's expected to reply to. If the email address isn't listed on the key, it should respond twice, once encrypted with the public key, and once in plaintext explaining that they might have sent the wrong public key.

After responding, the bot should delete this public key from the gpg homedir.

micahflee commented 11 years ago

Do people ever attach their public keys non-ASCII armored?

micahflee commented 11 years ago

I'm working on this in the encrypted_response branch: https://github.com/EFForg/cryptobot-email/tree/encrypted_response

schoen commented 11 years ago

I was just talking to Micah about the problem of how to handle keyservers (if the user doesn't attach or enclose their own public key).

I think that the bot should actually search the keyservers in this case, but because it's only a bot, it should treat this as an opportunity to inform the user about the keyservers. For example, maybe it could say something like

Hi! Because you didn't send me a copy of your public key yet, I can't send you an encrypted reply. I did try to look up your e-mail address on the public PGP keyservers, which collect public keys that supposedly belong to particular e-mail addresses. I found 2 keys there that people said belong to you.

(key data)

Unfortunately, I can't know for sure if those are really your keys or not. If I were a human being, you could tell me if they do (maybe in a phone call or IM chat). Since I'm only a bot, I won't be able to understand what you say about them. Instead, I'll need you to actually e-mail me a copy of the right key to use...

glamrock commented 11 years ago

@schoen That seems like a reasonable option. Using most-recent key isn't always the best option (and introduces risk of rogue keys, and more susceptibility to keyserver derps).

(e.g. my "most recent" key doesn't actually work)

micahflee commented 10 years ago

It doesn't have an encrypted response yet, but it does successfully detect and import attached pubkeys.