search

google / end-to-end

End-To-End is a crypto library to encrypt, decrypt, digital sign, and verify signed messages (implementing OpenPGP)
Apache License 2.0
4.13k stars 298 forks source link

Secure Private Key Synchronization (RFC) #320

Closed tanx closed 8 years ago

tanx commented 9 years ago

Hi,

Tankred from Whiteout here. Me, Werner Koch, @koto and other PGP projects discussed a secure way to synchronize a user's private key between devices during the OpenPGP summit in April. The goal was to formalize and hopefully standardize a very simple protocol that allows interoperability between mail user agents.

We've already gotten feedback from other vendors using OpenPGP.js such as 1&1 (GMX/Web.de) that use Mailvelope, and we would also like to hear what the End-to-End community has to say about it. Here is our current proposal:

https://github.com/whiteout-io/mail-html5/wiki/Secure-OpenPGP-Key-Pair-Synchronization-via-IMAP

Thanks for any feedback!

sirdarckcat commented 8 years ago

thanks tankred. closing this as I assume we discussed this on the second summit

tanx commented 8 years ago

Yeah. I think you mentioned generating the user's key from a backup code in a deterministic way.