Thread: Stunningly bad privacy law just passed in Australia - what does it mean for FastMail?
View Single Post
Old 13 Sep 2019, 06:26 PM   #69
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
Quote:
Originally Posted by bipbop View Post
Just out of curiosity How exactly would you implement self-managed encryption in Fastmail? Is that even possible?
It would be tricky, and I do not think FastMail is the appropriate tool if strong encryption is required. If determined, and you have correspondents willing to cooperate (in my experience rare) one approach in summary would be:
  • Establish private and public keys for youself and all correspondents with whom you want to have secure communications.
  • Setup scripts to encrypt/decrypt strings you wish to securely communicate (subject line, messae body). See below for a rough outline.
  • Having composed a plain text message and wanting to encrypt it prior to transmission, copy the text to the clipboard, execute the encrypt script, and paste the result..
  • When you receive an encrypted message, copy the encrypted text to the clipboard, and run the decrypt script. View the message in the window that is produced.
The encrypt script would take the user identifier as the only argument, and expect the clipboard to contain the text to be encrypted. It would encrypt the text using the target correspondent's public key and use the result to replace the contents of the clipboard.

The decrypt script would take no arguments. It would attempt to decrypt the contents of the clipboard using your private key and show the result. in a window.

For more sophistication, you can create a process that will scan your mailbox and automatically create unencrypted copies of all received emails in a secure location. (Unless you have copies of your correspondents' private keys, if you want plain text copies of what you send, these must be saved prior to encryption.) Also theoretically possible is to completely automate the encryption of outgoing emails by intercepting the Send (easiest if using a local client with SMTP) to encrypt the message if a public key for the recipient is found, before allowing the transmission to proceed.

Besides general inconvenience, there are a number of practical issues. Mechanisms are needed to similarly encrypt and decrypt attachments. Searching emails becomes extremely tricky, only being possible on the client, and only if unencrypted copes exist. When sending to multiple recipients, the email must be separately encrypted for each of them (assuming you are not using the same keys for each which is much less secure).

Much of the functionality I describe is available in existing tools, but generally requires the use of desktop mail clients (so IMAP/SMTP calls can be intercepted) to be used to best effect.

Note that, while message content can be secured, your email activity, notably the identification of your correspondents, is not hidden and cannot be if using FastMail..
Last edited by BritTim : 13 Sep 2019 at 06:31 PM.
BritTim is offline   Reply With Quote