[ABD] [DEV] Encrypted PMs

Any abandoned Extensions will be moved to this forum.

WARNING: Extensions in this forum are not currently being supported or maintained by the original Extension author. Proceed at your own risk.
Forum rules
IMPORTANT: Extension Development Forum rules

WARNING: Extensions in this forum are not currently being supported nor updated by the original Extension author. Proceed at your own risk.
Senky
Former Team Member
Posts: 2300
Joined: Thu Apr 30, 2009 8:49 pm
Name: Jakub

[ABD] [DEV] Encrypted PMs

Post by Senky »

Hi everyone!

You see, there is an extension for reading user private messages. Am I the only one feeling bad for this? It should be the other way around, we should show the users how much we value their privacy. As admins, we are responsible for building trust in our communities.

That's why I am developing an extension that will allow you to encrypt the message using end-to-end encryption (this means that the message will be encrypted on your PC before sending to the phpBB). You (or your users) will enjoy the same level of privacy as when using ProtonMail, WhatsApp, Telegram, etc.

This ext is in very early stage, the goal of this topic is to get your feedback on how you expect the extension to behave. I try to add all the functionality with as ease and as seamlessly as possible. So when creating a new PM or replying to one:
As easy as that. When reading the PM, you won't notice anything, the ext will decrypt the message before displaying it to you. Of course, encryption/decryption takes time so there will be loading indicators present during the process.



What I am thinking the next steps could be:
  • add UCP setting to auto-check the checkbox (PMs will be encrypted by default)
  • add ACP setting to force encrypted PMs (user won't have the choice, the message will always be encrypted)
  • maybe encrypt the subject as well?
  • attachments aren't protected, so maybe think about this one as well


Current problems:
  • You can send encrypted PMs only to users who logged in at least once after the ext was enabled. Reason is, the ext is using user password to generate the encryption keys and there is no way to encrypt the message without the keys. But the bad side of this approach is that the keys are generated every time user logs-in, taking quite a time to generate. Log-in process is then slowed down (approx. 1s, depends on the CPU speed).

    Alternative approach could be an announcement-like notification asking user to generate the keys in the UCP. This adds few steps but doesn't slow the log-in process. Difficult to decide on which approach is better.
You do not have the required permissions to view the files attached to this post.
‎‏‏ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎ ‎‏‎‏‏‎ ‎ ‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎‏‏‎🔔
Browser & Mobile Notifications Extension
Now with Safari (both macOS and iOS) support!
rxu
Extensions Development Team
Posts: 3957
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation

Re: [DEV] Encrypted PMs

Post by rxu »

Hey Senky.

Are encryption keys going to be stored in the database?
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: [DEV] Encrypted PMs

Post by david63 »

Senky wrote: Tue Jun 25, 2019 1:24 pm Have you ever worried that the admin of the board is reading your private messages?
There is a basic flaw in that logic. If the Admin is reading the PMs then they are not going to be installing this extension.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
Toxyy
Registered User
Posts: 966
Joined: Mon Oct 24, 2016 3:22 pm
Location: Namek

Re: [DEV] Encrypted PMs

Post by Toxyy »

david63 wrote: Tue Jun 25, 2019 2:30 pm
Senky wrote: Tue Jun 25, 2019 1:24 pm Have you ever worried that the admin of the board is reading your private messages?
There is a basic flaw in that logic. If the Admin is reading the PMs then they are not going to be installing this extension.
Sites can have multiple admins and hacks can happen occasionally, these are two use cases.
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

Some of my extensions:
[3.3][BETA] Post Form Templates || [3.3][BETA] Anonymous Posts || [3.2][3.3][BETA] ACP Merge Child Forums || [3.2][BETA] Sticky Ad || [3.2][DEV] User Delete Topics || [3.3][DEV] Moderate While Searching || [3.3][RC] Short Number Twig Extension
Senky
Former Team Member
Posts: 2300
Joined: Thu Apr 30, 2009 8:49 pm
Name: Jakub

Re: [DEV] Encrypted PMs

Post by Senky »

rxu wrote: Tue Jun 25, 2019 1:52 pm Are encryption keys going to be stored in the database?
Yes, every user will have a public key (used to encrypt message for him/her) stored along with an AES-encrypted private key (used to decrypt the messages). The password used to encrypt the private key is derived from the user password (its hash), so the private key can only be obtained using user password. It's the exact same approach ProtonMail is using.

david63 wrote: Tue Jun 25, 2019 2:30 pmThere is a basic flaw in that logic. If the Admin is reading the PMs then they are not going to be installing this extension.
Not really. Without this ext, admin MIGHT read your PMs. With this ext, he surely DOESN'T.
‎‏‏ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎ ‎‏‎‏‏‎ ‎ ‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎‏‏‎🔔
Browser & Mobile Notifications Extension
Now with Safari (both macOS and iOS) support!
rxu
Extensions Development Team
Posts: 3957
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation

Re: [DEV] Encrypted PMs

Post by rxu »

So, if a board admin owns all encryption keys, what can technically prevent the admin from decrypting encrypted PM?
User avatar
nou nou
Registered User
Posts: 710
Joined: Sat Oct 29, 2016 8:08 pm

Re: [DEV] Encrypted PMs

Post by nou nou »

rxu wrote: Tue Jun 25, 2019 2:55 pm So, if a board admin owns all encryption keys, what can technically prevent the admin from decrypting encrypted PM?
"the private key can only be obtained using user password"
rxu
Extensions Development Team
Posts: 3957
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation

Re: [DEV] Encrypted PMs

Post by rxu »

nou nou, being a board founder/admin, you can (technically) easily get any user password while a user is logging in.
User avatar
nou nou
Registered User
Posts: 710
Joined: Sat Oct 29, 2016 8:08 pm

Re: [DEV] Encrypted PMs

Post by nou nou »

rxu wrote: Tue Jun 25, 2019 3:32 pm nou nou, being a board founder/admin, you can (technically) easily get any user password while a user is logging in.
Oh really? I did not know this.

Ah well, I for one (I've never read anyone's PMs, ever) find a lot of appeal in this as you can offer secure messaging as a forum. Interesting for places that potentially deal with stuff that may be protected by NDAs. In case of a data breach it would just add a level of confidence that nothing that is not public anyway would leak.

"Alternative approach could be an announcement-like notification asking user to generate the keys in the UCP. This adds few steps but doesn't slow the log-in process. Difficult to decide on which approach is better."

Quite like the managed-by-user approach myself.

Would you tie this to a permission? i.e. only trusted members (perhaps those who can be ID'd) are allowed encrypted messaging?
fagbutlil
I've Been Banned!
Posts: 77
Joined: Wed Mar 07, 2018 10:56 pm

Re: [DEV] Encrypted PMs

Post by fagbutlil »

I read mine but i am nosey and wont be installing this and i read them right out the database.

Another flaw take pm table out and place in another database and and set all users passwords to one and read away lol.
User avatar
EA117
Registered User
Posts: 2173
Joined: Wed Aug 15, 2018 3:23 am

Re: [DEV] Encrypted PMs

Post by EA117 »

fagbutlil wrote: Tue Jun 25, 2019 6:05 pm Another flaw take pm table out and place in another database and and set all users passwords to one and read away lol.
That approach should not be successful. As part of protecting the private key by "encrypting it with the current user's password", this implies that any password change would need to use the "old password" to decrypt the private key and then re-encrypt using the "new password." Since the correct password is needed in order to temporarily hold an unencrypted view of the private key, even for the user themselves.

Any "administrative password reset" -- or even a user's "I forgot my password", which changes the password without knowing the old password -- cannot carry forward the existing private key, because it does not have access to the information needed to decrypt the existing private key. (The user's existing password.)

A new private key can be generated for future uses, but the ability to decrypt existing messages encrypted with the previous private key would be lost.
fagbutlil
I've Been Banned!
Posts: 77
Joined: Wed Mar 07, 2018 10:56 pm

Re: [DEV] Encrypted PMs

Post by fagbutlil »

Lets see how easy it is to crack when its posted ;)
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: [DEV] Encrypted PMs

Post by 2600 »

This doesn't make any sense. It is the Admin themselves who have to install this. Do you think a snoopy Admin will install it?

Novel idea, but flawed logic.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
Toxyy
Registered User
Posts: 966
Joined: Mon Oct 24, 2016 3:22 pm
Location: Namek

Re: [DEV] Encrypted PMs

Post by Toxyy »

rxu wrote: Tue Jun 25, 2019 2:55 pm So, if a board admin owns all encryption keys, what can technically prevent the admin from decrypting encrypted PM?
RSA maybe?
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

Some of my extensions:
[3.3][BETA] Post Form Templates || [3.3][BETA] Anonymous Posts || [3.2][3.3][BETA] ACP Merge Child Forums || [3.2][BETA] Sticky Ad || [3.2][DEV] User Delete Topics || [3.3][DEV] Moderate While Searching || [3.3][RC] Short Number Twig Extension
User avatar
dingus33
Registered User
Posts: 136
Joined: Fri Sep 29, 2017 11:11 am

Re: [DEV] Encrypted PMs

Post by dingus33 »

Senky wrote: Tue Jun 25, 2019 1:24 pm Have you ever worried that the admin of the board is reading your private messages?
this is a pretty humorous pitch.
clearly only admins can install it, but we are not worried (unless we fear fellow admins).

of course, it is a good idea and a worthwhile extension. i would just consider phrasing it differently since admins rather than users are your direct audience. :lol:

obviously point of this extension is that you can inspire confidence in your userbase as an admin.

Return to “Abandoned Extensions”