Giters

afterlogic / webmail-lite-8

Open-source webmail script for existing IMAP server

Home Page:https://afterlogic.org/webmail-lite-8

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Private keys can be sent via email in settings menu

ldrocket opened this issue · comments

commented

I have

  • searched for duplicates or closed issues
  • checked that the issue was not fixed

Problem description

After generating a new key pair it is possible to send the private key as attachment to an email via the settings menu. Since not all users may understand the concept of PGP, some may send their private key via this option.

Possible solution

Prevent sending of the private key via settings menu. It should be possible to send the public key only.

Steps to reproduce

  • Sign in to the webmail demo at https://lite.afterlogic.com/
  • Click Settings -> OpenPGP -> Enable OpenPGP (and save) -> Generate new key
  • Choose a new password and generate the new key pair
  • Click the eye icon next to the private key and enter password
  • The private key appears with the ability to send it via email

Addition

In addition, this issue affects the Pro version, too.

commented

Currently, this is by design. Yes, it may be not a good idea to send the private key as attachment but often there simply no better way (when you need to share the same key between multiple devices).

Actually, when people don't have the ability to send the private key, they instead download it (making an extra copy on the device), then attaching it to an email and sending it. This is even less secure.

Also, in future versions we may probably implement some kind of a centralized encrypted storage of private keys on the server eliminating the need to transfer them by other means. But until then we don't plan to remove the ability to send the private key.

However, I think it would be possible to create a new setting like "disable sending private keys" the admin can enable for a particular installation to achieve what you're after. You can make this suggestion at https://afterlogic.uservoice.com If it gets many votes, we'll add it.

Thanks!

commented

Currently, this is by design. Yes, it may be not a good idea to send the private key as attachment but often there simply no better way (when you need to share the same key between multiple devices).

Than it's a bad design 😄 The worst thing you can to is to send a private key via email and you should not do this if you need to transfer the key to a second device. This is neither privacy by design not security by design. There are users who are not familiar with the concept of PGP. If you allow them directly to send the key, they may think that it's not dangerous and probably do it without further thinking.

Actually, when people don't have the ability to send the private key, they instead download it (making an extra copy on the device), then attaching it to an email and sending it. This is even less secure.

Yes, this is even less secure, but you can't control this situation from your end. You need to provide an ability to export the key as the user probably wants to import the key on a second device. Maybe it would be a good idea to display a short warning before sending/downloading the private key. But there shouldn't be a direct option to send it (without further warning).

commented

Warning regarding an attempt to send a private key does make sense. Will consider this for future versions. Thanks!