Encryption of some headers

2013-05-23
2013-05-23
  • Uriel Fanelli

    Uriel Fanelli - 2013-05-23

    Hello,

    and sorry for my English.

    I am developing a GPL "server companion" for Enigmail, able to encrypt your mail on the (Linux) Server before you download it. So the mailbox is kept encrypted. The idea is when you download the email you receive the same email you had received if the sender had encrypted it with Enigmail.

    The next problem is the attacker who accesses your mailbox (from outside or just being a legitimate admin of the server) can read who sends you the email itself, that is still harming your privacy.

    So I am thinking about to move the headers like "From" and "Received" and "X-*" into the encrypted payload, just before of "\n\n". Using smime, I see the original mime-contents headers are moved into the encrypted payload and the new smime header are added to the headers. So Enigmail is able to read some headers when they are in the encrypted body.

    So, my question is: Will Enigmail be able to read a message like that?

    what If I move the From and Received headers into the encrypted body as well, so you will need to decrypt it to see who is the sender?

    thanks in advance

    Uriel Fanelli

    --
    http://code.google.com/p/gpg-body/

     
    Last edit: Uriel Fanelli 2013-05-23
  • Patrick Brunschwig

    I think that Enigmail won't have a problem with it. The question is if Thunderbird will display the headers from the encrypted message (like from and subject). And this I don't know. I'd suggest you manually prepare such a message and just try it.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks