[guardian-dev] releasing an encrypted mail system code base

Tim Prepscius timprepscius at gmail.com
Sun Jul 14 13:53:32 EDT 2013


Greetings,

Over the last two years I developed an encrypted mail system called Mailiverse.
It is a mail system which has four primary capabilities.

1. Enabling a secure login where a server provides access information
to a user, without being able to view that access information.

2. Encrypting mail post-receive in such a way that only the user is
capable of decrypting.

3. Providing a path to build in pgp-mime or similar mechanisms so that
there is total end to end encryption.

4. Enabling various UIs, web/iphone/android.

I will be releasing it gradually over the next two weeks.  I have to
hand check the files to make sure I have not inadvertently placed a
password in the open in some tester.

---

A running server can be found here:  https://mailiverse.com

I will be shutting down this server probably in September when the
release is finished.
I am not a professional sys admin.  I do not have the skills to
protect from class A hackers.
This is a project for a team.  Not just me.

I check on this server once every 3 months.  I know it is still
running because I receive e-mails and can send them.  But I cannot
guarantee it will continue to run.  I also cannot guarantee it has not
been compromised.

---

Goodies inside which you may be interested in:

A complete iPhone client which contains:
A complete encryption code base which simplifies using Botan.
A handy set of utilities which does Strong and Weak smart pointers in C++.
Interfacing with Dropbox and S3 through the same interface.
A complete iPhone UI which looks *exactly* like GMail from last
October.  (pre google decides microsoft fonts look good)
A complete iPad UI which looks *exactly* like Gmail from last October.
A good example of how to bridge between Objective-C and C++ so your
code can be eventually re-used on the WindowsPhone or Android native.


A complete Web client, which contains:
Encryption code: RSA/AES/SRP + Hashes/etc.
RW with Dropbox & S3 using same interfaces.
Caching code which is basically a DB but in super segmented form (so
that things download really fast in little chunks for quick display of
your inbox).  Althewhile encrypted.
A complete Web UI which looks *exactly* like gmail-simplified.
Actually it's better than gmail in user snappy-ness, and the search rocks.


A complete server which runs on Apache, containing:
WebSockets on the most recent version of Apache (for the SRP transaction)
MySQL transactions.
Examples of using node.io as an in-between for web-sockets if you
really need websockets for very old browsers.
How to proxy to an EC2 micro server for a static IP.
A complete setup for Apache James which supports writing the user
e-mails in encrypted form.
Interfacing with bit coin. (although yes, I know it is not anonymous,
the code is there though, you can delete it if you want, lol)


A start to an android client:
(when I run it via android on x86 virtual box, it runs, when I ran it
on my friends phone, it crashes... why, no idea, prob memory.)


Various odds and ends including deployment.

---

I am notifying this mailing list for two reasons:

1.  If you read through the code, and see something like a password I
have missed.  Please notify me.  I'm not even sure if I can actually
remove things once on GitHub, but I will try.

2.  The master plan:

I can give time to this project.  But I cannot give 24 hours a day
anymore.  I'm burnt out.

This project gives you the opportunity to run Gmail.  But a better
gmail.  One which everything is encrypted.
Do you like Gmail on your phone?  Well now you can run your own.
Run it for you, run it for your friends.
You can even run an MX which services lots of domain names, just like
google does.

You control the code.  The server.  Everything.
You can even do something commercial if you want.  Take it and use it.
If you make a profit, cool.



If a few modifications are made to integrate a pre-encrypt send to
external, this e-mail system can be completely entirely dark when
communicating with other Mailiverse e-mail systems, and ensuring the
maximum dark possible when talking to Gmail/Hotmail.  And all the
while- still having a really nice user interface.

3.  Take it, fork it.  Learn from it.  Laugh at it.  Curse it.  Find
flaws.  Hack it.  Do whatever you want.  If you need a different
license.  Just let me know.

I would like the e-mail of the entire world to be dark in the next 3
years.  Let's try to make that happen.

---

So anyways.

I'm starting to release the code here:
https://github.com/timprepscius/mailiverse

It will take a while to go through everything, transfer bit by bit.

If you have any questions, please let me know.  I am more than willing
to go through how things work, and possible changes for the future.  I
will give an update regardless next Sunday.

-tim


More information about the Guardian-dev mailing list