Page 5 of 6

Re: [DEV] Encrypted PMs

Posted: Sat Jun 29, 2019 12:50 pm
by spaceace
Talk19Zehn wrote:
Sat Jun 29, 2019 12:38 pm
If I am forced to hand over the database to the authority because of a criminal complaint, it must be able to read the contents. :?:
as a board founder, you can always change that user's password and then log into their account to read them which i think should be the only way to read a user's private messages

Re: [DEV] Encrypted PMs

Posted: Sat Jun 29, 2019 12:53 pm
by dingus33
spaceace wrote:
Sat Jun 29, 2019 12:50 pm
Talk19Zehn wrote:
Sat Jun 29, 2019 12:38 pm
If I am forced to hand over the database to the authority because of a criminal complaint, it must be able to read the contents. :?:
as a board founder, you can always change that user's password and then log into their account to read them which i think should be the only way to read a user's private messages
nope, that won't give you access

Re: [DEV] Encrypted PMs

Posted: Sat Jun 29, 2019 1:12 pm
by dingus33
thecoalman wrote:
Fri Jun 28, 2019 1:27 pm
I proposed encrypting PM's in the "Ideas" forum. The one thing I suggested was adding user option for recovery through admin key.
  • Fully private, no recovery possible if you lose your password/key.
  • Fully encrypted on the server. PM's can be recovered by admin in the event you lose your password but they are also readable by admin.


I realize this would require duplicate column for storing PM's encrypted using admin key and additional processing but that would really not be a concern for me.

That said since this in an extension my biggest concern would be support going forward. This is not something you can back out of if support is dropped.
just fyi, you wouldn't need a duplicate column and ~2x the storage requirements.
you could do it like in GPG for example.

first, generate an intermediate key, and encrypt the message with that.
next, for each recipient (probably the main recipient and the admin in this case), encrypt this intermediate key with his key. prepend the results to the encrypted message as a header so that any recipient has access to the intermediate key and therefore to the message.

imo, in this extension, the master (admin) key should be an optional feature, and there's no reason why you couldn't enable/disable it at any time for new messages going forward.

Re: [DEV] Encrypted PMs

Posted: Sat Jun 29, 2019 2:04 pm
by Talk19Zehn
Hello spaceace, it's from my assessment not good advice. ;)
viewtopic.php?f=456&t=2515201&start=60#p15281191
as a board founder, you can always change that user's password and then log into their account to read them which i think should be the only way to read a user's private messages
Unbelievable but true: That some operators still go (find) the way or other ways, has been known for years. I generally refuse to read private messages and / or emails.
I will never touch passwords as an operator and commit a criminal offense I will never read conversations in the database.


If PMs are in plain text, the question does not arise for the authority (!). If I would be reported a crime, I must be able to respond.

Please we go back to my questions:
viewtopic.php?f=456&t=2515201&start=45#p15281096
Additional question: Scenario ...
How do the authorities decipher the data in the event of a crime? Is this function ensured?
viewtopic.php?f=456&t=2515201&start=45#p15281181
Hello thecoalman, I'm sorry, I did not understand your answer.
If I am forced to hand over the database to the authority because of a criminal complaint, it must be able to read the contents. :?:
Many greetings

Re: [DEV] Encrypted PMs

Posted: Sat Jun 29, 2019 3:21 pm
by Mannix_
Talk19Zehn wrote:
Sat Jun 29, 2019 12:38 pm
Hello thecoalman, I'm sorry, I did not understand your answer.
If I am forced to hand over the database to the authority because of a criminal complaint, it must be able to read the contents. :?:
I don't think you are obligated to give them full access. Giving them the db should be enough it's their job to "crack" it imho

Re: [DEV] Encrypted PMs

Posted: Sat Jun 29, 2019 5:59 pm
by david63
The more that I see of this extension and the more I think about it I cannot ever see it being accepted into the CDB, if for no other reason that it could "cripple" a board.

Re: [DEV] Encrypted PMs

Posted: Sat Jun 29, 2019 9:54 pm
by canonknipser
David, I'm not sure about that. There is at least another validated extension, which "cripples" the board irevertable, see https://www.phpbb.com/customise/db/extension/phpbbasic/ which deletes the whole forum structure.

Re: [DEV] Encrypted PMs

Posted: Sun Jun 30, 2019 2:23 pm
by thecoalman
Talk19Zehn wrote:
Sat Jun 29, 2019 12:38 pm
Hello thecoalman, I'm sorry, I did not understand your answer.
If I am forced to hand over the database to the authority because of a criminal complaint, it must be able to read the contents. :?:
If that is the law in your country then you would need system that has master key. PM's would still be readable by you or anyone else that has possession of the key including law enforcement if you gave it to them. The one benefit this provides to the user is it would prevent those messages from being read if third party obtained that information such as hacking the server.

Re: [DEV] Encrypted PMs

Posted: Mon Jul 01, 2019 7:37 am
by Senky
david63 wrote:
Fri Jun 28, 2019 9:30 pm
That does raise an interesting point. What happens if the extension is disabled? Can no PMs be read?

@EA117 - Technically when an extension is disabled AND the data deleted it should leave the board in the same state as it was before the extension was enabled.
Only encrypted PMs couldn't be read. Also, when you delete the extensions, you loose the messages. But what extension can provide is a way to decrypt all user PMs. So once admin decides to delete the extension, he can give users a grace period when they are able to decrypt all their PMs. Then he deletes the ext, no harm done.


Talk19Zehn wrote:
Sat Jun 29, 2019 9:20 am
How do the authorities decipher the data in the event of a crime? Is this function ensured?
This isn't possible without at least one user providing his password for the message. Or without "master key" owned by the admin.

Re: [DEV] Encrypted PMs

Posted: Mon Jul 01, 2019 8:44 am
by david63
Senky wrote:
Mon Jul 01, 2019 7:37 am
Only encrypted PMs couldn't be read.
Yes I appreciate that.
Senky wrote:
Mon Jul 01, 2019 7:37 am
Also, when you delete the extensions, you loose the messages.
Presumably you are only referring to encrypted ones. Cannot see that being a good idea!
Senky wrote:
Mon Jul 01, 2019 7:37 am
But what extension can provide is a way to decrypt all user PMs. So once admin decides to delete the extension, he can give users a grace period when they are able to decrypt all their PMs. Then he deletes the ext, no harm done.
And what happens after the "grace period" if they have not been decrypted?

I was more referring to a situation where the extension is disabled and not deleted. If,say, there was a change made to the core and the extension stopped working and so had to be disabled until a fix was found (or worse case scenario could not be fixed) no encrypted PMs would be able to be read.

Re: [DEV] Encrypted PMs

Posted: Mon Jul 01, 2019 12:38 pm
by Senky
Well, there just isn't a simple way to restore all encrypted messages with a single click. That would beat all the purpose of the ext.

Re: [DEV] Encrypted PMs

Posted: Wed Jul 03, 2019 6:14 pm
by ivailo95
where i can download it?

Re: [DEV] Encrypted PMs

Posted: Thu Jul 04, 2019 7:50 am
by Senky
It is in an early stage, no download is provided, yet.

Re: [DEV] Encrypted PMs

Posted: Thu Jul 04, 2019 10:44 am
by thecoalman
Senky, I know you are early on with this but how difficult would it be to extend this to admin selected custom profile fields? e.g admin creates a hidden phone number field and the data would only be accessible by the admin using a master key. The purpose of such a field for personal data would be for password recovery in the event they lose their email address.

Re: [DEV] Encrypted PMs

Posted: Fri Jul 05, 2019 7:01 am
by Senky
thecoalman wrote:
Thu Jul 04, 2019 10:44 am
...how difficult would it be to extend this to admin selected custom profile fields? e.g admin creates a hidden phone number field and the data would only be accessible by the admin using a master key...
Not very difficult, interesting use case. ;)