Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Mailvelope: OpenPGP Encryption for Webmail

Nick Daly nick.m.daly at gmail.com
Mon Dec 10 12:16:27 PST 2012


On Mon, Dec 10, 2012 at 1:42 PM, Fabio Pietrosanti (naif)
<lists at infosecurity.ch> wrote:
> Hi all,
>
> for whose who has still not see that project, i wanted to send a notice
> about MailVelope, OpenPGP encryption for webmail: http://www.mailvelope.com
>
> It's a client-side, plug-in based (similar to CryptoCat), OpenPGP email
> encryption plugin available for Chrome and Firefox.
>
> Source code is available under AGPL on
> https://github.com/toberndo/mailvelope .
>
> Does anyone ever security reviewed it?
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

This (could finally be) email encryption done right: encryption is
performed on the user's browser, so that the server storing the
communication never sees the contents of the message.

However, after installing it on Chrome, I have a few concerns:

1. Mailvelope appears to use its own keystore (at least on Windows), and not the
   GPG keystore.  Specifically, it doesn't use the GPG4Win keystore, which is
   the one I'd expect it to use.

2. When creating a new PGP key in Mailvelope, it has some pretty poor defaults.

   A. Keys are set to 1024 bits, instead of 2048 (or 4096).  Anything
      under 2048 is probably insufficient.

   B. Keys are set to never expire, and that can't be configured.
      Different keys should be used for different purposes and should
      expire differently.  It's not a bad idea to cause email-signing
      keys to expire after 3 - 5 years.

Both 2.A and 2.B can be fixed through GPA or another frontend, but
that's still bad key-creation practice.

However, it *does* show the long-form key ID (the last 8 bytes of the
fingerprint), which is probably the minimum necessary to avoid most
collision attacks.

Nick



More information about the liberationtech mailing list