[BETA] Encryption for Private Messages.

[jason_bassford]

I just finished writing a mod that will securely encrypt (and decrypt) private messages so that the PMs will not be stored in the database in plain text.

I know that there's been some discussion of it in the past, without any result, so I thought I'd give it a try myself.

Here's a short description:

This will allow you to encrypt private messages to other board users. The user will then be able to decrypt the message if they know the password that you used. This prevents any sensitive message from being read by somebody looking at the raw database records.

Decryption happens onscreen - not within the database. So, even if you "decrypt" a message (and read it) it is still stored on the server in its encrypted form.

If you've decrypted a message, and quote it back to the sender, it will be the decrypted text that is quoted back. The quote must, itself, be manually encrypted or else it will be sent back to the original sender in plain text.

Once a message is encrypted and submitted, and in the sender's Outbox, it may be viewed and deleted, but it cannot be edited.

This mod encrypts Private Messages using a 256-bit Rijndael block cipher.

NOTE: In order to use this mod, you must have PHP compiled with libmcrypt2.4.x or higher!

You can download it here.

[morpheus2matrix]

Looks interesting

Two questions :

- is it possible to not encrypt a message ?
- how do you transmit to another user the key you've used to encrypt a message ? By sending a PM ? In that case, i'm not sure this is quite logical : you send the key by PM and then, you send the PM encrypted. If someone have access o the db, he will find the key so he will be able to devrypt the message


BTW, it could be a good add-on to this : http://www.phpbb.com/phpBB/viewtopic.php?t=155809

[whoo]

i like the idea.. however since (ideally) only admins have access to the db, it might follow that those admins that might consider installing this, dont need to since theyre not peeping into ppl's pm's, and those that are peeping, wont want to install it.

[jason_bassford]

- is it possible to not encrypt a message ?

Absolutely. Encryption is purely optional. I just added to the existing "Preview" and "Submit" buttons a masked text input for the encrypt key and an "Encrypt & Submit" button.

(Being able to quote a decrypted message was a bit tricker. I had to replace, when a decrypted message was being viewed, the simple hypertext link of the quote button with an actual form input button that used POST VARS - because, otherwise, the encryption key would be visible in the URL.)

- how do you transmit to another user the key you've used to encrypt a message ?

There's always something. <grin> If you want to keep the key a secret, you could send an innocuous email message talking about, say, the weather. Then, after you'd deleted the message from your Sent items, and the recipient from their Inbox, you could refer to something you'd said and use that. (It would have to take a concerted effort for an administrator to then go through all correspondence and try to figure out the reference - depending, of course, on how subtle you were - and if both referencing messages had been deleted, then it would never be figured out.)

Yes, you're right that there's no straight forward way of doing this. (Although perhaps if both parties have actual email accounts.) But it could be worked out.

i like the idea.. however since (ideally) only admins have access to the db, it might follow that those admins that might consider installing this, dont need to since theyre not peeping into ppl's pm's, and those that are peeping, wont want to install it.

There could be other reasons.

1. To reassure people that things really are safe - from a user perspective, wouldn't it be nice to know that you could encrypt a message so that nobody, including any administrator, could view it? Everything being equal, I'm sure that people (those who cared about the issue anyway) would rather communicate on a site where this was present than where it was lacking - so it's a good "selling feature" to attract more users. (In combination with SSL only access to your site it would make PMs pretty much foolproof.) As an example, I had one user of a board I moderate PM me, asking if their PMs were really not viewable by anyone. I had to tell them that, in theory, the administrator could view them...
2. If there are two or more administrators running the site and one or more of them wants to be sure that the others will never be able to see one of their messages.
3. To be protected in case somebody hacks into the system.
4. If you're sharing your computer with other people and want to make sure that something you're reading is only accessible at the time that you've supplied the password and decrypted it (once you've cleared the decrypted version of the message, even if somebody sits down at your computer and looks at your Inbox, including the encrypted message, they won't be able to decrypt it to read it if they don't know the password).

[boumbastic]

hi all
there is a way to add this encrypt option to normal post on forums ?

[burnthome]

is there have any screenshot or demo to view how its works??and as i look at the coding its only editing the files but no included files needed...the problem is its that possible to encryption/decryption with adding supportting files to assist...because your encryption/decryption mod are so simple to encryption/decryption if without adding more files to make it complex....

thanks,
burnthome

[maddog_chrisuk]

Hi

I have the private message manager mod install, which lets only the main admin view all private messages.

If I add this mod will the private message manager still display the messages.

Regards


Chris

[lifehacker]

It dosent seem to work for me.

When I try to open an encrypted pm, I just stay in the inbox without going to the pm or being able to decrypt it.