Proposal safer email.
I am (have been for two months) thinking of starting an email service that is compatible with the current email system, but adds features.
-If server is seized by authorities they got nothing;
-RSA/public key encryption on every email. Every user has a public key and incoming mail is encrypted on the server right away. Public key is available for every email upon request, then other party encrypts and not the server. (this to integrate with other providers who can adopt this protocol)
-Probably need downloadable apps (can be simple javascript) to prevent 'man in the middle' attacks.
-Private key is generated via a standard procedure, client side, on every login. User password (such as 'correct horse battery staple') will be the 'seed' for the procedure to generate private keys.
I need help for this project. Please respond for any suggestions.
2 comments
[ 3.3 ms ] story [ 16.4 ms ] threadThe server should never directly store the private keys. Maybe more efficient than generating every time again is to use symmetric encryption on the client side to store the assymetric keys on the server in encrypted form.