On Sep 1, 2016 2:43 AM, "A.L.E.C" <alec@alec.pl> wrote:
>
> On 30.08.2016 15:53, Kyle Francis wrote:
> > Hey everyone,
> >
> > So I'm mostly finished with the implementation of the hybrid decryption
> > model. So far I have the following working:
>
> Ok, now when you have decryption covered, I have a question. What's
> next? As I understand the main reason for this is to keep secret keys on
> the client. So, if we keep them in Mailvelope store how do we implement
> creating signed messages? Mailvelope API does not support signing yet.
> Even if it would have it, how do we implement sign+encrypt, if we do
> this in Mailvelope we'd need to sync public keys from Enigma to
> Mailvelope. Did you consider this?
So the scope of work for my project was just for decryption. However it would be interesting to tackle signing and encrypting.
Signing should not be terribly complicated. We could make a call to Mailvelope via enigma.js for the public key (api call already exists, export PublicKey) and then pass to Crypt_GPG for signing.
For encrypting it should be possible to encrypt the message with only a symmetric key server side. If we then passed the session key to Mailvelope it should be possible to encrypt the session key with the applicable public keys from there by adding an api call. Then prepend those public key encrypted session keys to the message. No syncing should be required.
Thoughts?