Implement viewing of encrypted emails for non-lavaboom users

lavab / web

AngularJS web client of Lavaboom's email service

https://mail.lavaboom.com

38 stars 21 forks source link

Implement viewing of encrypted emails for non-lavaboom users #416

Open let4be opened 9 years ago

let4be commented 9 years ago

We've recently added custom public keys support for our contacts, so now we can send encrypted emails from lavaboom to regular email boxes like gmail.

I've just tested and got email of the following kind:

I guess 1nwEqFBpwhx3GV637BqU is the thread ID there

so basically we need to design some kind of UI for this where user could import his private key, decrypt it if needed and view the desired email

let4be commented 9 years ago

But I guess this is going to be 2.1 feature :)

flixi commented 9 years ago

Nice, but correct. Not needed for MVP.

pzduniak commented 9 years ago

I'll grab that for 2.1, as it will require some backend modifications.

mlooz commented 9 years ago

This would be needed if some non-Lavaboom user Alice knows about PGP, has created a key pair and distributed the public key without having a method to read encrypted emails sent to her. I have to say, I consider that unlikely. If Alice knows about PGP, as is likely when she distributes her public key, she will be suspicious of any website asking for her private key.

If her email program does indeed not support PGP/MIME, maybe add an option to send the email as OpenGP or ad-hoc encryption instead?

let4be commented 9 years ago

the key thing is all crypto happens only on client-side so this can be easily tracked - no data being sent after she enters her private key ;)

I think we may want to make this feature work in "offline" mode, i.e. encrypted email is being downloaded and then can be decrypted without an internet connection at all, so user could easily verify his private key isn't going anywhere

mlooz commented 9 years ago

"Offline mode" is a neat idea!

Until then, a possibly easier alternative: When sending an email in Lavaboom, the ASCII-armored encrypted message flashes for about half a second before the window closes. Some PGP clients, for example Enigmail on Thunderbird, have problems with PGP manifestos but can decrypt ASCII-armored messages just fine. Maybe add this format as an option also for external addresses?

flixi commented 9 years ago

Not MVP though!

MatejKovacic commented 9 years ago

Hi,

which e-mail clients do support PGP manifests? Enigmail under Ubuntu unfortunately does not...

joergG commented 9 years ago

@flixi - can you answer this?