[Cryptography] SafeWebdrop: An encrypted message exchange mechanism for the CryptoBone
Ralf Senderek
crypto at senderek.ie
Sun Apr 2 01:55:34 EDT 2023
On Fri, 31 Mar 2023, Patrick Chkoreff wrote:
> Ralf:
>
> That looks like very useful idea, building a solution as simply as possible
> on capabilities already used for other purposes.
>
> It seems to formalize and generalize a common practice where an organization
> deploys its own internal messaging system on its servers, avoiding the
> insecurity of email and the baggage of routing. It reminds me of qmail, but
> fully encrypted and on a single server.
>
> I'd like to try it, but I don't see where to get the SafeWebdrop scripts.
> Did I miss something?
Well, at the moment I am working on these scripts to make them fool-proof.
The script that accepts and stores the safewebdrops is the most complicated.
So be patient, I will publish my work once everything is ready for code review.
While coding, I changed the protocol in CASE 2 to:
C -> S: A, C, {C, hash(message)} RSAprivC, b64(message)
C sends a 4-part information to the server, comprising of the recipient name A,
the sender's name C, a RSAsignature of C and the message hash with the private
key of C and the base64 encoded message. The same change applies to CASE 3.
I will update the description of the protocol here:
https://safewebdrop.com/protocol.php
--ralf
More information about the cryptography
mailing list