encrypt-to / encrypt.to Goto Github PK

Putting the sender's email in the encrypted body rather than the subject will prevent revealing who is emailing who. https://twitter.com/m8urnett/status/501490727298146306

For instance:

https://encrypt.to/[email protected]

has a link to to http://pgpkey.org/pks/lookup?op=vindex&search=0x0153a521fe68e7f9202f3a19a1e1e8c5a0ab7a53&fingerprint=on but even on that page the fact that the key is revoked is visible.

the encrypt.to SMTP servers do not negotiate TLS with forward secrecy cipher.

This means that metadata for the message is available to be decrypted by an attacker who can gain access to the recipients SMTP server secret key at a later date.

To compare with github revision: https://github.com/encrypt-to/encrypt-to.github.io

As an user I would like to verify the structure of the encrypted message before sending

check keys with more ids like 0x234151e1

When pulling a key from a public keyserver we should use hkps with a verified and pinned certificate, so that the key cannot be MitM. As the key is not verified before use, an attacker could generate and insert an incorrect key. Using a guaranteed secure transport to a keyserver would prevent this

It appears that encrypt.to encrypts messages using first subkey of an OpenPGP key without checking the key's capabilities.

In my case, this results in messages encrypted with my current signing subkey, 0x20A048BC, rather than my current encryption subkey, 0x190C18C5, even when I specify the subkey directly.

See the advanced output of:
https://encrypt.to/0xBEA0E1BE
https://encrypt.to/0x190C18C5

Trying to decrypt a message encrypted with the wrong key results in a message like this from GnuPG:

gpg: encrypted with 3072-bit RSA key, ID 20A048BC, created 2013-09-29
      "Mike English <[email protected]>"
gpg: public key decryption failed: Wrong secret key used
gpg: decryption failed: No secret key

Thanks for the great service. I think this is one small steps further to bring e2e encryption more close to non-tech-savvy users. Unfortunately the majority of my contacts will never think about using pgp or any secure mail service. This is a feature / enhancement request. Currently the service sends a thanks message.

From: Encrypt.to [mailto:[email protected]]
Sent: Saturday, April 7, 2018 9:35 AM
Subject: Thanks for using Encrypt.to

Encrypt.to sent your encrypted mail to https://encrypt.to/username.
Thanks!

Can this be possible enhanced by adding an option to:

• Include the message content in the thanks message (unencrypted, least preferred)
• Allow the sender to download a copy of the unencrypted message in eml format. I believe this would be still secure as https is used.
• Allow the sender to encrypt the message with his/her public key and send it as a copy similar like to the recipient. Possible using the "advanced mode"

.

We should handle keys with multiple email addresses

Add subkey, disable subkey, remove subkey

To avoid spam

It's quite possible that I missed something while looking at the code, but it looks like message data (to, from, encrypted message) are being saved by the server. Is that correct?

Currently when JS is disabled, the message is sent to the server in the clear; I would suggest modifying the app to ensure that no data is sent if JS is disabled.

One option might be to disable the submit button by default, and enable it via JS on page load - that should keep data from being sent to the server.

I know having JS disabled is rare, but there are those that do for security - and it would be best to keep it from failing in a way that exposes data.

Same with Iceweasel-25.0: Mail arrived, but body was empty

Hi,
something is wrong with encrypt.to. Every key i tried brings an error. Even your own.

(Android 7, different browsers)

New test issue

When checking for prng support it is necessary to check for window.crypto first, I tested my feedback for with IEtester and it gives an error cannot call getRandomValues on an undefined value.

the check is working with

if (window.crypto && window.crypto.getRandomValues)

You should consider:

1. Either don't mention the license in the README or mention where its full text can be found. I guess for you that's "LICENSE", but my experience has been "COPYING".
2. Per-file licensing headers - something like "Copyright Herp Derp 2013, see COPYING for more information", with a backup link to the text of your license in case COPYING gets lost.
3. Licensing your icons under a cultural free license like CC-BY-SA 4.0. It's a minor point, but using the appropriate license for "cultural works" is really useful for reuse in other places.

Extra credit: Licensing the software under GPL :) I won't dare to hope for this, though...

Web Key Directory is a draft for a new key discovery scheme (implemented e.g. in new GnuPG). It is similar to HKP but instead of querying the keyserver it queries the domain from the UID's e-mail address. The difference is that WKD returns binary data and HKP ASCII-armored.

For example, when looking for key for [email protected] the key would be fetched from https://example.org/.well-known/openpgpkey/hu/iy9q119eutrkn8s1mk4r39qejnbu3n5q.

Several services (like kernel.org) already have WKD support, for example Linus' key is at: https://kernel.org/.well-known/openpgpkey/hu/pf113mfnx1f3eb1yiwhsipa91xfc7o4x. Some third party services like posteo.de support WKD too. WKD is also supported by Enigmail and by openpgp.js.

Encrypt.to, when asked to encrypt to e-mail address, could try to fetch the key using WKD and then, if that fails, fallback to keyservers (just like it does currently).

If this is in scope of Encrypt.io I could work on a PR.

If the server is an adversary, then we need to make sure that the openpgp.js script is not altered before it runs in the browser. What mechanism is there to do this ?

I just need to sign up and pay?

When I try to send an encrypted mail via http://encrypt.to I get the message that the email has no key on any keyserver. Even if I want to send a Mail to your Address "Sorry, diese E-Mail ist nicht auf dem Schlüsselserver hinterlegt!"

To avoid spam

For a certain email address, there are multiple keys in the web-of-trust: One is old and long since expired, the other is of a newer date and still valid. encrypt.to selects the old one.

I suggest to skip all expired keys and select the most current one as default.

As an user I would like to check the public key

https://www.ssllabs.com/ssltest/analyze.html?d=encrypt.to

It seems to me that encrypt.to could be DoSed for certain addresses by adding fake keys for that address into the web-of-trust.

Assume A has a key 0xA for his email address a@a in the web-of-trust. Now E wants to DoS encrypt.to for him - he adds a key 0xE for the same email address a@a.

How does encrypt.to decide which key to use for encryption?

In case there is no solution implemented, I would suggest to allow the user to define entry points into the web-of-trust - i.e. keys he trusts. This should reduce the chance for conflicts (but does not make them impossible!). This, of course, complicates the whole system.

Maybe it can be coupled with a social network, like Diaspora.

There's a list of all valid TLDs at http://www.iana.org/domains/root/db

Hello,
"Sorry your browser is not supported. Please use Chrome >= 11, Safari >= 3.1, Firefox >= 21, Opera >= 15 or IE >= 11! " is shown if using https://encrypt.to/[email protected] with IE11-Win7-64!?
Pls refer to attached screenshot.
Perhaps there are ms specific adjustments necessary?
https://developer.mozilla.org/en-US/docs/Web/API/Window.crypto

And really old Browsers (IE6-WinXP, FF 3.5-WinXP) do not show any warning about non compatibility of encrypt.to script.

Thx + best regards.

Advanced mode give output in "Validate OpenPGP Public Key", but not "Validate OpenPGP Message" and does not change message from "message" to the encrypted message. Would be nice if you could notify user when it fails to generate a PGP message. I suggest checking if the encrypted message is empty or if it contains "BEGIN PGP MESSAGE" before sending it and before telling user that it succeeded.

Some of my friends don't like to publish their keys on SKS because they can't remove it later, so they publish their keys on keybase.io. There is an API, so it would be nice to have some integration. That's not so hard as i can see - just make something like encrypt.to/kb/username to get user's public key from keybase.io for encryption routine.

Waiting for next sks key server release or extract from public key.

Add DE as new language

I'm having problems using this to send encrypted emails. I'm seeing the following errors in the console when I hit "Encrypt & Send":

Unhandled promise rejection TypeError: "e.sent is undefined"
ehttps://encrypt.to/assets/openpgp_v303.min.js?1533751651:2:531959whttps://encrypt.to/assets/openpgp_v303.min.js?1533751651:2:329852_invokehttps://encrypt.to/assets/openpgp_v303.min.js?1533751651:2:329642300]</S/</e[thttps://encrypt.to/assets/openpgp_v303.min.js?1533751651:2:330028nhttps://encrypt.to/assets/openpgp_v303.min.js?1533751651:2:49780defaulthttps://encrypt.to/assets/openpgp_v303.min.js?1533751651:2:49880shttps://encrypt.to/assets/openpgp_v303.min.js?1533751651:2:144858Chttps://encrypt.to/assets/openpgp_v303.min.js?1533751651:2:144980fhttps://encrypt.to/assets/openpgp_v303.min.js?1533751651:2:130807 openpgp_v303.min.js:2:145215
[144]</B/</t<
https://encrypt.to/assets/openpgp_v303.min.js:2:145215
[110]</t.exports
https://encrypt.to/assets/openpgp_v303.min.js:2:135297
[144]</B/<
https://encrypt.to/assets/openpgp_v303.min.js:2:145092
[83]</t.exports
https://encrypt.to/assets/openpgp_v303.min.js:2:126859
<anonymous>
https://encrypt.to/assets/openpgp_v303.min.js:2:138361
g
https://encrypt.to/assets/openpgp_v303.min.js:2:138219
v
https://encrypt.to/assets/openpgp_v303.min.js:2:138239
Unhandled promise rejection Error: "Error encrypting message: e.sent is undefined"
onmessagehttps://encrypt.to/assets/openpgp_v303.min.js?1533751651:2:648907 openpgp_v303.min.js:2:145215
[144]</B/</t<
https://encrypt.to/assets/openpgp_v303.min.js:2:145215
[110]</t.exports
https://encrypt.to/assets/openpgp_v303.min.js:2:135297
[144]</B/<
https://encrypt.to/assets/openpgp_v303.min.js:2:145092
[83]</t.exports
https://encrypt.to/assets/openpgp_v303.min.js:2:126859
<anonymous>
https://encrypt.to/assets/openpgp_v303.min.js:2:138361
g
https://encrypt.to/assets/openpgp_v303.min.js:2:138219
v
https://encrypt.to/assets/openpgp_v303.min.js:2:138239

Hello,

Who is HTML and CSS please ?

Thanks.

If you go to https://encrypt.to/[email protected], you will see that it's trying to encrypt to 'E99D CABB 9FC5 53DF 296B C813 C6D8 F7BE D00D 23F3', however, looking at that key in gpg, I see that it has no key or subkey with the E (encryption) flag.

$ gpg -k C6D8F7BED00D23F3
pub   rsa2048/C6D8F7BED00D23F3 2016-08-08 [SC]
      E99DCABB9FC553DF296BC813C6D8F7BED00D23F3
uid                 [  full  ] Brian Minton (automated signing key) <[email protected]>

thanks,
Brian Minton

There are some security risks with allowing your website to just work on plain HTTP.
I recommend you configure encrypt.to that it

• responds to HTTP requests with redirects to https://encrypt.to
• sets the Strict-Transport-Security header, so that the browser will remember to prefer HTTPS
• uses secure cookies

As a benefit, you might be able to work yourself up in bad rating you currently get at https://observatory.mozilla.org/analyze/encrypt.to

(Note: This is based on a manual analysis of the code; I've not tested to confirm the issue)

In app/controllers/messages_controller.rb user input is passed to the shell on line 24 without validation or sanitization. If a specially crafted value can be passed in, it would allow an attacker to run arbitrary commands on the server's shell.

The params[:message][:to] would need to be forced to a value such as ';uname -a;# ' - where uname -a is the payload to be executed.

This is a blind injection, meaning that the shell output wouldn't make it back to the attacker, but the issue would be verified by response timing or issuing a curl request to a server the attacker controls.

There could be something that I missed that would sanitize that value, but I couldn't find anything.

I would suggested adding a beta warning to the main page, and the message page to warn users that this is beta software and may have flaws. Users should be aware of the state of the software, and be alerted if it's not had a thorough security review.

Opera 12.16 fails to generate an openpgp message. It says it succeeds and sends a message with subject([email protected] has sent you an encrypted mail) but has no inlined message. IE a message with no body.

Anybody can generate and publish a key for [email protected]. There is no support for Web of trust at encrypt.to

The posting form could give a selection of keys to use ( with full fingerprint ) and WoT fields, and let the user choose the correct key.

Using the newest key allows an attacker to generate a newer key which would be used in preference to the correct one.

It's possible to add multiple email addresses to a single key. encrypt.to already supports that, by showing a nice HTML dropbox, in which an email address can be selected. But encrypt.to will also show email addresses, that have been revoked from the selected public key.