Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Simple End-to-end email encryption

    General Discussion
    2
    3
    232
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RTE
      RTE last edited by RTE

      Hi there,

      I saw a nice concept of a simple end-to-end email encryption at Xeams (Product video on YouTube https://youtu.be/01tZuL0xE10).
      This concept likes to be more simple and comfortable than any other S/MIME or PGP implementations.
      Is there a possibility to implement a similar solution in Kopano?

      Greetings

      1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano last edited by

        Hi @RTE,

        the linked youtube video does not really explain how their system is supposed to work. I managed to find to find a bit more detailed explanation (along with the price tag) at https://xeams.com/video-e2e-encryption.htm.

        So it basically works like this:

        • the user composes a message in the client of his choice
        • the user signals that he intents this message to be encrypted by adding a code word along with the encryption secret in the subject of the message (for example encmessage{password})
        • when sending the message the mailserver encrypts the message
        • the recipient retrieves the message with a subject without the code word or secret and instead of the original body and attachments he sees a body explaining that the message was encrypted. all attachments and the original message have been put into a single pdf file that needs the previously given secret to open it

        While it is “easy” this has some drawbacks:

        • its not really end to end, as encryption only happens on the mailserver
          • which means that if this functionality is not properly configured (or accidentally disabled, server compromised, …) messages will be sent unencrypted without the direct knowledge of the user
        • presumably the unencrypted message along with the encryption secret will still be stored in plain in the sent items of the user
          • which means everyone with access to this folder could decrypt sent messaged
        • it relies on a non-free/non-open file format, for which the recipient needs to install a certain software to be able to decrypt messages.
          • my wife receives her pay slip as an ecrypted pdf. afair the pdf client on her samsung phone was not able to open the file.
        • I am sure if I think about longer I would find more drawbacks (leaking secrets through logging, unencrypted communication, etc)

        In short the only really secure encryption is the one happening directly in the client the sender is using.

        Having that said. IF you really want to pursue such a functionality I would think you could either do this with a spooler plugin (our sending component on the server side can be extended with plugins written in python and is able to modify messages as they pass through, afaik only the modified message will be stored in the sent items). The other possibility would be to modify the message in your mta.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        1 Reply Last reply Reply Quote 0
        • RTE
          RTE last edited by RTE

          Hi Felix @fbartels ,

          thanks for you quick and wide answer.
          You bring nice drawbacks about the not really e2e situation!
          Perhaps there is an option to integrate such a PDF encryption solution into the DeskApp?

          Greetings

          1 Reply Last reply Reply Quote 0
          • First post
            Last post