[DEV] Encrypted PMs

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Suggested Hosts
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
Senky
Extension Customisations
Extension Customisations
Posts: 2124
Joined: Thu Apr 30, 2009 8:49 pm
Name: Jakub
Contact:

[DEV] Encrypted PMs

Post by Senky » Tue Jun 25, 2019 1:24 pm

Hi everyone!

You see, there is an extension for reading user private messages. Am I the only one feeling bad for this? It should be the other way around, we should show the users how much we value their privacy. As admins, we are responsible for building trust in our communities.

That's why I am developing an extension that will allow you to encrypt the message using end-to-end encryption (this means that the message will be encrypted on your PC before sending to the phpBB). You (or your users) will enjoy the same level of privacy as when using ProtonMail, WhatsApp, Telegram, etc.

This ext is in very early stage, the goal of this topic is to get your feedback on how you expect the extension to behave. I try to add all the functionality with as ease and as seamlessly as possible. So when creating a new PM or replying to one:
Snímka obrazovky 2019-06-25 o 15.12.41.png
As easy as that. When reading the PM, you won't notice anything, the ext will decrypt the message before displaying it to you. Of course, encryption/decryption takes time so there will be loading indicators present during the process.



What I am thinking the next steps could be:
  • add UCP setting to auto-check the checkbox (PMs will be encrypted by default)
  • add ACP setting to force encrypted PMs (user won't have the choice, the message will always be encrypted)
  • maybe encrypt the subject as well?
  • attachments aren't protected, so maybe think about this one as well


Current problems:
  • You can send encrypted PMs only to users who logged in at least once after the ext was enabled. Reason is, the ext is using user password to generate the encryption keys and there is no way to encrypt the message without the keys. But the bad side of this approach is that the keys are generated every time user logs-in, taking quite a time to generate. Log-in process is then slowed down (approx. 1s, depends on the CPU speed).

    Alternative approach could be an announcement-like notification asking user to generate the keys in the UCP. This adds few steps but doesn't slow the log-in process. Difficult to decide on which approach is better.

rxu
Extensions Development Team
Posts: 2946
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation
Name: Ruslan
Contact:

Re: [DEV] Encrypted PMs

Post by rxu » Tue Jun 25, 2019 1:52 pm

Hey Senky.

Are encryption keys going to be stored in the database?

User avatar
david63
Registered User
Posts: 16328
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: [DEV] Encrypted PMs

Post by david63 » Tue Jun 25, 2019 2:30 pm

Senky wrote:
Tue Jun 25, 2019 1:24 pm
Have you ever worried that the admin of the board is reading your private messages?
There is a basic flaw in that logic. If the Admin is reading the PMs then they are not going to be installing this extension.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
Toxyy
Registered User
Posts: 697
Joined: Mon Oct 24, 2016 3:22 pm
Location: Namek
Contact:

Re: [DEV] Encrypted PMs

Post by Toxyy » Tue Jun 25, 2019 2:39 pm

david63 wrote:
Tue Jun 25, 2019 2:30 pm
Senky wrote:
Tue Jun 25, 2019 1:24 pm
Have you ever worried that the admin of the board is reading your private messages?
There is a basic flaw in that logic. If the Admin is reading the PMs then they are not going to be installing this extension.
Sites can have multiple admins and hacks can happen occasionally, these are two use cases.
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

My extensions:
[3.2][BETA] Anonymous Posts || [3.2][BETA] Sticky Ad || [3.2][RC] Show User Activity ||
[3.2][DEV] User Delete Topics

Senky
Extension Customisations
Extension Customisations
Posts: 2124
Joined: Thu Apr 30, 2009 8:49 pm
Name: Jakub
Contact:

Re: [DEV] Encrypted PMs

Post by Senky » Tue Jun 25, 2019 2:40 pm

rxu wrote:
Tue Jun 25, 2019 1:52 pm
Are encryption keys going to be stored in the database?
Yes, every user will have a public key (used to encrypt message for him/her) stored along with an AES-encrypted private key (used to decrypt the messages). The password used to encrypt the private key is derived from the user password (its hash), so the private key can only be obtained using user password. It's the exact same approach ProtonMail is using.

david63 wrote:
Tue Jun 25, 2019 2:30 pm
There is a basic flaw in that logic. If the Admin is reading the PMs then they are not going to be installing this extension.
Not really. Without this ext, admin MIGHT read your PMs. With this ext, he surely DOESN'T.

rxu
Extensions Development Team
Posts: 2946
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation
Name: Ruslan
Contact:

Re: [DEV] Encrypted PMs

Post by rxu » Tue Jun 25, 2019 2:55 pm

So, if a board admin owns all encryption keys, what can technically prevent the admin from decrypting encrypted PM?

nou nou
Registered User
Posts: 328
Joined: Sat Oct 29, 2016 8:08 pm

Re: [DEV] Encrypted PMs

Post by nou nou » Tue Jun 25, 2019 3:29 pm

rxu wrote:
Tue Jun 25, 2019 2:55 pm
So, if a board admin owns all encryption keys, what can technically prevent the admin from decrypting encrypted PM?
"the private key can only be obtained using user password"

rxu
Extensions Development Team
Posts: 2946
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation
Name: Ruslan
Contact:

Re: [DEV] Encrypted PMs

Post by rxu » Tue Jun 25, 2019 3:32 pm

nou nou, being a board founder/admin, you can (technically) easily get any user password while a user is logging in.

nou nou
Registered User
Posts: 328
Joined: Sat Oct 29, 2016 8:08 pm

Re: [DEV] Encrypted PMs

Post by nou nou » Tue Jun 25, 2019 4:29 pm

rxu wrote:
Tue Jun 25, 2019 3:32 pm
nou nou, being a board founder/admin, you can (technically) easily get any user password while a user is logging in.
Oh really? I did not know this.

Ah well, I for one (I've never read anyone's PMs, ever) find a lot of appeal in this as you can offer secure messaging as a forum. Interesting for places that potentially deal with stuff that may be protected by NDAs. In case of a data breach it would just add a level of confidence that nothing that is not public anyway would leak.

"Alternative approach could be an announcement-like notification asking user to generate the keys in the UCP. This adds few steps but doesn't slow the log-in process. Difficult to decide on which approach is better."

Quite like the managed-by-user approach myself.

Would you tie this to a permission? i.e. only trusted members (perhaps those who can be ID'd) are allowed encrypted messaging?

fagbutlil
I've Been Banned!
Posts: 77
Joined: Wed Mar 07, 2018 10:56 pm

Re: [DEV] Encrypted PMs

Post by fagbutlil » Tue Jun 25, 2019 6:05 pm

I read mine but i am nosey and wont be installing this and i read them right out the database.

Another flaw take pm table out and place in another database and and set all users passwords to one and read away lol.

User avatar
EA117
Registered User
Posts: 755
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: [DEV] Encrypted PMs

Post by EA117 » Tue Jun 25, 2019 6:50 pm

fagbutlil wrote:
Tue Jun 25, 2019 6:05 pm
Another flaw take pm table out and place in another database and and set all users passwords to one and read away lol.
That approach should not be successful. As part of protecting the private key by "encrypting it with the current user's password", this implies that any password change would need to use the "old password" to decrypt the private key and then re-encrypt using the "new password." Since the correct password is needed in order to temporarily hold an unencrypted view of the private key, even for the user themselves.

Any "administrative password reset" -- or even a user's "I forgot my password", which changes the password without knowing the old password -- cannot carry forward the existing private key, because it does not have access to the information needed to decrypt the existing private key. (The user's existing password.)

A new private key can be generated for future uses, but the ability to decrypt existing messages encrypted with the previous private key would be lost.

fagbutlil
I've Been Banned!
Posts: 77
Joined: Wed Mar 07, 2018 10:56 pm

Re: [DEV] Encrypted PMs

Post by fagbutlil » Tue Jun 25, 2019 8:23 pm

Lets see how easy it is to crack when its posted ;)

User avatar
John connor
Registered User
Posts: 2181
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: [DEV] Encrypted PMs

Post by John connor » Tue Jun 25, 2019 9:52 pm

This doesn't make any sense. It is the Admin themselves who have to install this. Do you think a snoopy Admin will install it?

Novel idea, but flawed logic.

User avatar
Toxyy
Registered User
Posts: 697
Joined: Mon Oct 24, 2016 3:22 pm
Location: Namek
Contact:

Re: [DEV] Encrypted PMs

Post by Toxyy » Tue Jun 25, 2019 11:44 pm

rxu wrote:
Tue Jun 25, 2019 2:55 pm
So, if a board admin owns all encryption keys, what can technically prevent the admin from decrypting encrypted PM?
RSA maybe?
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

My extensions:
[3.2][BETA] Anonymous Posts || [3.2][BETA] Sticky Ad || [3.2][RC] Show User Activity ||
[3.2][DEV] User Delete Topics

dingus33
Registered User
Posts: 82
Joined: Fri Sep 29, 2017 11:11 am

Re: [DEV] Encrypted PMs

Post by dingus33 » Wed Jun 26, 2019 12:00 am

Senky wrote:
Tue Jun 25, 2019 1:24 pm
Have you ever worried that the admin of the board is reading your private messages?
this is a pretty humorous pitch.
clearly only admins can install it, but we are not worried (unless we fear fellow admins).

of course, it is a good idea and a worthwhile extension. i would just consider phrasing it differently since admins rather than users are your direct audience. :lol:

obviously point of this extension is that you can inspire confidence in your userbase as an admin.

Post Reply

Return to “Extensions in Development”