Open link2xt opened 5 months ago
link2xt
commented
2 months ago It is also possible to encrypt directly to the key with openssl pkeyutl but it only supports encrypting to RSA and seems like a bad idea as it is encrypting data directly to the key instead of encrypting session key.
link2xt
commented
1 week ago Will probably go for a long-term OpenPGP key and hardcode it into the client for now. Still an improvement over the current state and we can do key rotation by creating new keys and switching to new key in the client on every release, or introducing some way to distribute them to clients over IMAP.
Currently
/notifyendpoint accepts unencrypted token: https://github.com/deltachat/notifiers/blob/ba21f67ce32be634ed0b9434bf78109f48a12f17/src/server.rs#L196We need a way to encrypt the token on the client side so email server does not see actual FCM or APNS token. For encryption key we can use the key from TLS certificate of
notifications.delta.chat, this is already managed by acmetool and rotated so we will not have to deal with key management.For experiments current certificate can be obtained manually with
openssl s_client -showcerts -servername notifications.delta.chat -connect notifications.delta.chat:443 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p;/-END CERTIFICATE-/q'.Then
openssl cms -encrypt -recip certs.pemcan be used to encrypt the token using Cryptographic Message Syntax, the result is essentially an S/MIME message encrypted for the TLS certificate key.On the server side the message is decryptable with
openssl cms -decrypt -in msg.msg -inkey /path/to/privkey.RustCrypto has crates for working with CMS and X.509 certificates, https://crates.io/crates/cms and https://crates.io/crates/x509-cert
Disadvantage is that the service will now need access to the private TLS key, so will need to start as root, read the private key and drop privileges. I also thought about signing a separate key with the TLS key, but afaik TLS key is already used as an encryption key in TLS, so reusing it for signatures is not considered a good practice and makes key management more complicated.