Software released under GNU GENERAL PUBLIC LICENSE.
Browser extension to provide easy to use PGP like encryption to Gmail users.
This project consist in e-mail encryption in both client and safegmail server side.
PGP keys are handled by the server.
Goals of the project are:
-
Maximum security so message is never revealed to the server.
-
Follow OpenPGP standard as close as possible providing easy to use features.
-
Open Source project to assure transparency.
Flow Diagram:
Sender flow
-
Generate AES message key at client side.
-
Encrypt mail content with AES message key at client side.
-
Invoke server for getting the unique messageid by passing on question, answer, recepientId and messagekey as request arguments.
(notice that e-mail body is not transferred to server)
- Server side encryption for message key and recepient privatekey with hashed answer.
Receiver flow
-
Click on message link then answer question correctly in decryption webpage, then Copy & Paste e-mail body.
-
Invoke server for fetching AES message key to decrypt the message.
-
Server side decryption logic to return decrypted message key to client side.
-
AES JS decryption of the copied & pasted message.
Collaborators are Welcome!