Pandor — end-to-end encryption of email correspondence
On the topic of the day, when everyone is talking about intercepted correspondence or hacked mailboxes (Deputy Prime Minister Arkady Dvorkovich was the victim of hackers), I want you to imagine Pandor — a decision to protect the contents of email correspondence.
Pandor — there is at the moment as an extension to the Google Chrome browser and works with web based Gmail. The extension adds interface elements to create encrypted messages based on OpenPGP. The main task — to make safe the correspondence as simple as possible for use by end users. With this idea I and my colleague Khalil Bouzidi came to Startup Weekend Monaco — decided to try their hand to create a rough business plan and, of course, a prototype. In fact, during the weekend we were only able to determine clearly what we want to do this. Everything has to be just one-click and users would not have to "agree" on the principle of an encrypted exchange of information. At startup, we made a presentation and videos as we can see the service from the user's point of view. By the decision of the jury, our project received first place.
A high score on the contest was foodusual us to bring the project to life. Within 2 months, we are free from the main work in the project and now has launched the beta version that I propose to evaluate. In parallel with the development, developed a business plan and a package of documents was served on the other competition in Monaco and have already passed the first round (of the 30 projects were selected 11).
Technical side Pandor
The service is built from the extension for the browser and server to exchange public keys. When you install the extension, create a profile on pandor.me, this profile is primarily for the exchange of public keys. At the moment we do not provide great functionality on the site. So let's move on with the main — extension for the browser.
The extension is built of 2 elements:
the
-
the
- Additions to the web interface of Gmail the
- Page Options
The Gmail interface is supplemented with only 1 button [@], when you click on that a window is created for the letter.
It's almost a classic window Gmail supplemented with information and correspondence will be protected.
Encryption is based on OpenPGP and was based on the library OpenPGPjs. The extension in the browser when you check generate the keys for the user and the browser encrypts the message before sending it. The encryption uses a service pandor.me to get the public keys of recipients, if the recipient does not yet have the profile and keys, the service automatically generates keys and creates the profile and sends an email access to receive them.
What can now extension:
the
-
the
- creation of encrypted correspondence (compose) the
- encryption of drafts (draft folder) the
- automatic opening of encrypted content in correspondence (thread) the
- when replying to an encrypted message is created as an encrypted response (reply) the
- obtaining the public key from the server
the development Prospects
Certainly the prospects of development, we now look to support other browsers, primarily Firefox, Safari, as it is associated only with the configuration of the Assembly. We are working on different approaches to synchronization keys mode "paranoia" to remove the key from the server and storing only on the user's machine. In the future we are considering encryption as well and attachments.
Perhaps abrowser can tell where we should move?
Комментарии
Отправить комментарий