[Cryptography] SafeWebdrop: An encrypted message exchange mechanism for the CryptoBone

Ralf Senderek crypto at senderek.ie
Sun Apr 2 01:55:34 EDT 2023



On Fri, 31 Mar 2023, Patrick Chkoreff wrote:

> Ralf:
>
> That looks like very useful idea, building a solution as simply as possible 
> on capabilities already used for other purposes.
>
> It seems to formalize and generalize a common practice where an organization 
> deploys its own internal messaging system on its servers, avoiding the 
> insecurity of email and the baggage of routing.  It reminds me of qmail, but 
> fully encrypted and on a single server.
>
> I'd like to try it, but I don't see where to get the SafeWebdrop scripts. 
> Did I miss something?

Well, at the moment I am working on these scripts to make them fool-proof.
The script that accepts and stores the safewebdrops is the most complicated.
So be patient, I will publish my work once everything is ready for code review.

While coding, I changed the protocol in CASE 2 to:

      C  -> S:  A, C, {C, hash(message)} RSAprivC, b64(message)

C sends a 4-part information to the server, comprising of the recipient name A,
the sender's name C, a RSAsignature of C and the message hash with the private
key of C and the base64 encoded message. The same change applies to CASE 3.

I will update the description of the protocol here:
      https://safewebdrop.com/protocol.php


      --ralf


More information about the cryptography mailing list