-
Notifications
You must be signed in to change notification settings - Fork 5
Security
We try to keep bitmaelum as secure as possible. This page will describe some of the ways we come up to make BitMaelum mail as secure as possible.
- All communications are done over a HTTP over TLS (HTTPS) layer.
- Accounts, organiations and server routing id's are based on a EC25519 keypair which is used for most of the actions:
- generating JWT tokens for logging into the mail server to read messages
- generating JWT tokens for logging into the mail server to send messages
- decrypting message catalogs
We provide proof that the message originated from the sender's mail server by using the server_signature. This is a header added to a message by the mailserver. In theory this could also be used for any proxy-servers (if supported). We might be able to link this together to form a solid chain that cannot be altered. This way, the path of a message can never be spoofed.
When sending a message, the only plain-text file is the header. This contains all information for routing the message and information for decrypting the catalog by the reciever (and ONLY the receiver).
The catalog itself is encrypted with a AES256GCM symmetric encryption with a random IV. The IV is send (plaintext), and the key is encrypted in the header. Depending on the key type used by the account, this key is either encrypted with RSA, or through a dual exchange system with EC25519.
Once the catalog is decrypted, it exposes the blocks, attachments, and their (unencrypted) AES keys and IV's for further decryption.
When an account or private key is lost, we can recover this key (ed25519 only), by regenerate the account by using the mnemonic wordlist. This list is displayed ONCE during the generation of the account, and should be stored in an offline store or safe. With the correct mnemonic phrase, the lost private key pair is created.
Once a key is exposed, we cannot use the key and public key part for receiving mail. In this case, we need to regenerate a new keypair. Note that OLD mail still uses the old key system and should be considered exposed. If a new key is generated, clients can use the new key to send mail. Keys can be cached for a period of time, so there will be a period that the old key will be cached by resolvers.
The vault contains all accounts and organisation information like private keys that for the given user. The vault is always encrypted and can only be opened with the correct password. This password is used to derive a larger key through pbkdf2, which is the AES encryption key. The iv is stored together with the vault.