Hack2o

I had a really good time meeting some new faces and some I had known of but hadn’t chatted with before. One gent, Cory Dingels, let me watch over his shoulder and showed me some nifty things about rails a while as he worked on the Yellow Bike tracking site.

Being the renegade that I am, I struck out on my own to pursue a dream, a dream of encrypted email storage. This idea started months (years?) ago when I read about how Lavabit’s innards worked. While certainly an impressive feat, it left something to be desired in terms of how secure the emails actually were. Since then though, protonmail has launched and they claim to do what I had envisioned and then some.

But what if you wanted to run your own mail services?

Since I was working alone, I figured the best way to make something that worked by the end of the weekend would be to simply have emails be encrypted and then forwarded on to an existing account somewhere else. Easy peasy right? It was…except for my really bad mistake which took me a good chunk of Saturday to figure out. Getting Haraka up and running was simple enough. Wiring openpgp.js and other modules to make the job easier was a breaze. (mailcomposer made composing emails super easy as I hate having to concat strings myself.)

The mistake was sending off just the encrypted message without any sort of headers. Google doesn’t like messages sent like that. Once that was corrected, my logs were less error-y and messages were showing up where they were suppose to.

While I’m sure the code will be found wanting, I’m pretty proud that it was working before the final check-in. (Full disclosure, gmail placed the emails I had the audience send into the spam folder so the demonstration part of the presentation failed.)

You can check out the code which is hosted on github at https://github.com/snoj/haraka-secwrap/releases/tag/v1.

Leave a Reply

Your email address will not be published. Required fields are marked *