Cryptonmail

Introduction

The purpose of this document is to highlight the process and results of a real-world implementation of an encrypted mailing service by team Appsbee. The document provides a virtual guidance on how solutions were provided for every individual requirement, making Cryptonmail a global product.

Project details

Cryptonmail is a Sweden based startup, envisioned to build an encrypt-decrypt mailing system, using OpenPGP.js, which provides maximum security and protect individual privacy. The goal was to enable a user to encrypt a mail, before sending to an addressee. That was intended to eliminate any sort of spam messaging, and further, prevent a particular mail from falling into any unscrupulous hands. The design requirement was simple, automated and transparent, which could be operated with ease by persons without detailed technical skills. Most emails could be sent in plain text and stored in an easy readable format.

Project Requirements

The primary requirement of Cryptonmail was to bring a change to the typical mailing experience. Today, most of our mail accounts get flooded with spam messages. Most often, the mails also fall prey to unruly hands. The concern of Cryptonmail was to intercept unwanted parties from reading your private communications.

Cryptonmaill was required to be a step by step process. The entire process would depend on 'encryption keys', which would be responsible for securing the messages of either parties. Both the sender and the receiver would have a public key and a private key. What makes Cryptonmail a reliable service is the feature that each key would be an unique one which would be secured in a location, and never get shared with any unwanted third party. Each time a user registers on the site, a private key would be generated depending upon the type of Algorithm and the selected key size.

When a registered sender sends a composed message to the addressee, the text would get encrypted with GnuPG library, using the sender’s private key and the addressee’s public key. The encrypted mail would be sent to the server, where it gets saved. When the receiver opens the new received mail, it will be decrypted with the private key and the secure code of the receiver, to access the content. The server immediately decrypts the mail, with GnuPG library, and the private keys of the receiver. On proper validation, the text/ content of the mail would get displayed on the receiver’s screen. This 2-step process was used mainly to keep unwanted parties away from accessing personal mails. The requirement of a private keys plays the major role here, so that even if someone intercepts your personal mails, it would be a useless gibberish to them. Even if someone steals your password, your personal contents can not be accessed without the secure key and private key, which is yours.

Significant features developed by the team:

Considering the importance of a very strongly secure mailing platform, Cryptonmail was built with a functionality that an unencrypted mail could not be monitored or analyzed. Based on the architecture and data flow of Cryptonmail, the architects of Appsbee designed practical solutions, which could seamlessly meet the project requirements, making it a globally reliable product.

  • Browser tab based login and access mail service- This is one of the significant features of the project developed by the team, with the help of browser session storage. A user can not change the value of the browser session storage.
  • Password generation- Keeping in mind the requirement of making the whole service strong enough, the password generation functionality is created in the most secure manner. The password is first encrypted in the browser, and later encrypted in server side.
  • Encryption- This is an example of how the encryption functionality performs:
    var openpgp = require('openpgp');
    var key = '-----BEGIN PGP PUBLIC KEY BLOCK ... END PGP PUBLIC KEY BLOCK-----';
    var publicKey = openpgp.key.readArmored(key);
    var encrypted = openpgp.signAndEncryptMessage([pubKey], privKey, message);
  • Decryption- This is how the decryption functionality performs:
    var openpgp = require('openpgp');
    var key = '-----BEGIN PGP PRIVATE KEY BLOCK ... END PGP PRIVATE KEY BLOCK-----';
    var privateKey = openpgp.key.readArmored(key).keys[0];
    privateKey.decrypt('passphrase');
    var pgpMessage = '-----BEGIN PGP MESSAGE ... END PGP MESSAGE-----';
    pgpMessage = openpgp.message.readArmored(pgpMessage);
    var decrypted = openpgp.decryptAndVerifyMessage(privKey, [pubKeys_user], message);
  • Attachment- The ‘attachment’ feature of the service is a seamless one, which supports all formats. When a sender sends an attached file, it first gets encrypted in teh browser, and then gets saved in the server. Once send, the receiver is able to receive the file effortlessly, in the original format.
  • Secretkey/ Pincode validation- The secretkey/ privatekey used could be customized by the users, using the keyboard keys.
  • Dynamic menu- The ‘menu’ functionality of Cryptonmail is a multi hierarchy one, which enables a sender/ receiver to choose and act accordingly from within the options of move, delete, rename, etc.
  • Dynamic access to mails- The email, sent or received, could be dynamically moved from one location to another with the help of wide options like, move, delete, reply, reply to all, forward, etc.
  • Digital Signature- The ‘digital signature’ functionality acts as the proof to a a verified mail. When a sender sends a amil along with a digital signature, it would flash in the receiver’s inbox to be a verified and safe message.
  • Payment gateway- The payment gateway of Cryptonmail could be accessed via multi subscription, such as, Pay Pal, Credit Card, Bitcoin, Wire-transfer.

Application Screens

Cryptonmail screen

Challenges:

The entire product of Cryptonmail came as a challenge. Building each aspect and functionality required integration of multiple technologies. The platform had to be secure, handle wide databases, deliver rapid performance, prove scalable to the company’s growth, and function unanimously on multiple browsers. Bringing all these functionality in one particular platform demanded high technical finesse on the part of the Appsbee team.

The concept of Cryptonmail was initiated with a prototype, but eventually evolved into a bigger and detailed mailing service. Once real inputs of user/ stakeholders started feeding, the database grew into an elongated one. With each message that is sent, received or moved from one location to another, the database got rapidly updated. The use of multiple technologies, fragmented procedures, elongated database, multiple online registrations, real time feeds, brought in an increased level of complexity for the Appsbee team.

Solutions provided/ How the team delivered

  • PHP5
  • Scrypt
  • OpenPGP.js
  • Scrypt.js
  • Browser session storage
  • Jquery keyboard
  • secure payment gatway (paypal, credit card, bitcoin, wire-transfer)

Most of the critical aspects of Cryptonmail was outsourced to Appsbee team; and the technically experienced team of Appsbee architects along with the leverage of modern technologies, made Cryptonmail a fit-to-market product. The team from the very beginning, worked in coordination with the offshore team, to make the service scalable, from database to functional level. The team had to undergo detailed R&D process for implementation of each functionality.

Insights

blog

IOS 7 Vs IOS 8 – A Comparison

Usually, when a new version of a popular brand enters the market there is always some excitement among its users with a pinch of concern. Concern or discomfort, whatever way we put it is actually...more

 
blog

How to Configure an Enterprise IOS Application

Developing an enterprise IOS application is demanding. But, we must acknowledge that it is equally challenging to publish an enterprise IOS application. Actually, there is a big difference between a typical apple developer...more

 
blog

Healthcare in Mobile

There was a time, when getting treatment for even the most common diseases was an uphill task. Whereas today, thanks to technology even the most fatal of health issues can be addressed conveniently...more

 
blog

Direct Employment vs. Outsourcing to Technology Company

It’s a common phenomena and perhaps human nature to take sides, when we debate among ourselves regarding certain topic and hence get involved in endless arguments! Similarly, the subject...more