Open topa opened 11 years ago
The user should be able to turn encryption on/off as you described :)
The key can be generated by us, but people still have to share their keys somehow.
I would restrict sharelock to the use in closed groups in the beginning because key sharing is easier and it's less complicated to handle for us in the first place.
We also have to check if social networks are blocking encrypted messages. I had some troubles with facebook and sharelock.
Michael Jaser Gesendet mit Sparrow (http://www.sparrowmailapp.com/?sig)
Am Samstag, 1. Dezember 2012 um 11:57 schrieb Paul Torka:
I've thought a bit about our concept of decryption-key sharing and I came to the conclusion that this is way to complicated. Let's assume a social network for the following lines. Most of the people have tons of friends and so I think it is awkward to share a key for each friend. Also the user don't want to decide by sharelock who can read his or her messages encrypted or rather decrypted. But he want to use his defined groups or settings. This means if a user posts something on the wall it is intended for everyone or the defined group/circle. If a user sends a private message this message is intended for a single person. Besides it must me very easy for the user to use our encryption. So I think that sharekock should provide a secret password for encryption and the user shouldn't care about this. We generate this ultra secure password, put it into sharelock, and throw it away. So hopefully nobody will have access to the password. Maybe sharelock should provide selective encryption. For example if you click on the sharelock icon encryption is enabled/disabled.
What do you think?— Reply to this email directly or view it on GitHub (https://github.com/peerigon/sharelock/issues/2).
Embedding the key is no solution - we can't call this "secure" in any way because everyone could extract the decryption key. The only way to solve this is by providing a server that enables key sharing like @meaku mentioned it.
I've elaborated a possible solution. Maybe we can talk about it the next days.
I've thought a bit about our concept of decryption-key sharing and I came to the conclusion that this is way to complicated. Let's assume a social network for the following lines. Most of the people have tons of friends and so I think it is awkward to share a key for each friend. Also the user don't want to decide by sharelock who can read his or her messages encrypted or rather decrypted. But he want to use his defined groups or settings. This means if a user posts something on the wall it is intended for everyone or the defined group/circle. If a user sends a private message this message is intended for a single person. Besides it must me very easy for the user to use our encryption. So I think that sharekock should provide a secret password for encryption and the user shouldn't care about this. We generate this ultra secure password, put it into sharelock, and throw it away. So hopefully nobody will have access to the password. Maybe sharelock should provide selective encryption. For example if you click on the sharelock icon encryption is enabled/disabled.
What do you think?