Open let4be opened 9 years ago
But I guess this is going to be 2.1 feature :)
Nice, but correct. Not needed for MVP.
I'll grab that for 2.1, as it will require some backend modifications.
This would be needed if some non-Lavaboom user Alice knows about PGP, has created a key pair and distributed the public key without having a method to read encrypted emails sent to her. I have to say, I consider that unlikely. If Alice knows about PGP, as is likely when she distributes her public key, she will be suspicious of any website asking for her private key.
If her email program does indeed not support PGP/MIME, maybe add an option to send the email as OpenGP or ad-hoc encryption instead?
the key thing is all crypto happens only on client-side so this can be easily tracked - no data being sent after she enters her private key ;)
I think we may want to make this feature work in "offline" mode, i.e. encrypted email is being downloaded and then can be decrypted without an internet connection at all, so user could easily verify his private key isn't going anywhere
"Offline mode" is a neat idea!
Until then, a possibly easier alternative: When sending an email in Lavaboom, the ASCII-armored encrypted message flashes for about half a second before the window closes. Some PGP clients, for example Enigmail on Thunderbird, have problems with PGP manifestos but can decrypt ASCII-armored messages just fine. Maybe add this format as an option also for external addresses?
Not MVP though!
Hi,
which e-mail clients do support PGP manifests? Enigmail under Ubuntu unfortunately does not...
@flixi - can you answer this?
We've recently added custom public keys support for our contacts, so now we can send encrypted emails from lavaboom to regular email boxes like gmail.
I've just tested and got email of the following kind:
I guess 1nwEqFBpwhx3GV637BqU is the thread ID there
so basically we need to design some kind of UI for this where user could import his private key, decrypt it if needed and view the desired email