How to implement email encryption for web mail?
We faced this question with that project at Stuttgart Media University. We implemented an RSA encryption without the need of changing the email software SquirrelMail.
The user clicks on a bookmarklet and our user interface is rendered into the existing web site. The user may generate a new key and download it, or he may upload an existing one. The key itself is encrypted with a user provided password.
The remaining workflow is nearly the same as always, but a button appeared to send the email in an encrypted way. Plus all emails, whether encrypted or plain text, may be signed.
Incoming emails are automatically decrypted and the signature is verified.
- AES-256 / RSA 2048 hyrbid encryption
- Exclusively local key management
- Plain text never leaves local machine
- Identity is verified over email ownership
- Cross site injection JS bookmarklet
- New interface elements for enhanced funcitonality is injected
- PHP webserver with prototypical API to save and receive public keys
- mySQL DB