Authenticate encrypted messages with signatures.

[jaekwon]

Scramble currently doesn't sign any of the messages, so it is possible that the message being read was forged.

write_encrypted_message -> write_signed_and_encrypted_message
decrypt -> decryptAndVerifySignature

We should consider whether to have separate keys for encrypting & signing, i.e. the primary key is signing, and a subkey for encrypting. The theoretical security implications of using the same RSA key for signing & encrypting aren't relevant unless the user is signing or encrypting attacker-chosen texts though, so I think it'll be fine. We should get a cryptographer's input on this.

Also note that the resulting combined armored text is rfc3156 compatible. (see section 6.1 & 6.2).

[jaekwon]

sort of done: https://github.com/jaekwon/scramble/tree/signed_messages

issues

• Requires changes to openpgp.js, which is why I deleted the .min & .small files (see https://github.com/openpgpjs/openpgpjs/issues/108)
• Old messages will pop up an alert, because they aren't signed & thus are untrustworthy :)

todo

• The subject signature is initially unverified (for speed) but they should be verified when reading the email. done
• The subject should be encrypted (or undeniably linked) to the body, otherwise an attacker could forge mixed messages. done

[jaekwon]

The subject now gets included in the body like

Subject: this is the subject, which also gets encrypted separately

Here is the body

This should also help with RFC 3156 integration.