Skip to content

Latest commit

 

History

History
147 lines (102 loc) · 5.72 KB

README.md

File metadata and controls

147 lines (102 loc) · 5.72 KB

Anonymous Secure Mail Transfer Protocol (ASMTP)

ASMTP brings together pub/sub peer to peer protocol poldercast, blockchain technology from keynesis and encryption protocol noise to build a secure and anonymous network protocol as an alternative to SMTP (Simple Mail Transfer Protocol).

ASMTP was written as a tool to initially securely exchange messages with friends and colleagues. Other tools that provides End to End encryptions often keep hidden from their users that they are still collecting metadata (such as who talks to whom and what time).

ASMTP does not rely on any third party. Just like in the spirit of the old SMTP, messages are relayed from the mail server of the sender to the mail server of the recipient and it may use an intermediate route to do so.

Deployment

There are 2 components of the ASMTP service. The server asmtpd and the client (asmtp-cli or asmtp-client (soon)).

First the asmtpd will work as a node in the ASMTP network. It wil relay messages and participate in the network's health. It will also make sure to subscribe to topics of interests to other nodes.

Then you can use a client application (asmtp-cli or asmtp-client) to contact your asmtpd node. You can synchronize new received messages and send new messages.

Starting asmtpd

settings

Fist you need to configure it. We have a default template for you:

asmtpd-cli default-config

This is the default configuration to use, you can edit it as you see fit.

Then you need to generate a new key pair (simply follow the instructions):

asmtpd-cli generate-new-key

starting the node

asmtpd --config config.yaml

Connecting a client to asmtpd

You can use asmtp-cli as an ASMTP client. The first time you connect you will need to generate a new key. Then copy paste the public key and add it to your asmtpd's config.yaml as a new item in the users.

Then start the asmtp-cli app with the appropriate remote address and remote public key (the public key generated by asmtpd-cli generate-new-key):

asmtp-cli \
    --remote-address "[::1]:9800" \
    --remote-id d5e8b7a1c18a6ebe7cab314d57bc0fab77a9d3f157abc5faff285f3d024895ef

Overall components of the protocol

poldercast: relaying messages

poldercast is a pub/sub peer to peer topology builder. Each node subscribes to a list of Topics and publishes it to the network. Each message sent for the given topic will be relayed through the network of nodes who subscribed to this topic.

keynesis: passport of identity

keynesis defines a Passport. It is in fact a blockchain owned and controlled by the users and publicly shared. The users update their Passport with new keys.

Every update is shared across the poldercast network. The Passport only contains public keys. Only the other peers who subscribed to receive notifications about that Passport will receives the updates.

Topic: anonymous message metadata

One of the main issues in secure messaging is that it is possible to access the metadata of the message (who sent a message to whom). This can be problematic as it breaches the anonymity of the users and can lead to catastrophic situations.

ASMTP provides a way around that. Each passport may contain a SharedKey. It is a Curve25519 PublicKey. The message's Topic is derived from the PublicKey of the recipient and of the sender in such a way that it is not possible to reverse and that it is hard to brute force (i.e. it is hard to generate all the different topics of all the public keys that are on the network).

The derivation uses pbkdf2 HMAC SHA512 with 10240 iterations. The key is the smallest of the public key and the salt is the other one.

Encrypted messages

Messages are encrypted with the X noise protocol message. This way the message is encrypted and authenticated so only the recipient can decrypt it and the recipient is the only one who can accurately authenticate the sender of the message. The sender should match the other key used to derive the Topic to make sure that the sender is actually allowed to send such message to this topic.

Network

The ASMTP network protocol is rather simple:

First: performs a protocol handshake upon establishing new connections (1 byte of version and a few bytes of IK Noise protocol handshake).

During that step, it is possible to authenticate the peer our node is talking to.

Then: then that's it. Our node has a noise transport state now and it is used to encrypt/decrypt all the messages that go through the network. After each successfully encrypted/decrypted message it performs the noise transport's rekey to guarantee forward secrecy.

Disclaimer

ASMTP is a work in progress. It is a tool that is originally written to help me send messages with my friends and colleagues. Please note the following:

ASMTP has not been audited and should be used at your own risk.

License

This project is licensed under the MIT OR Apache-2.0 dual license.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in ASMTP by you, shall be licensed as MIT OR Apache-2.0 dual license, without any additional terms or conditions.