Weblog:   The Fuss About Gmail and Privacy: Nine Reasons Why It's Bogus
Subject:   Browser-side Javascript public key encyption
Date:   2004-04-16 18:34:28
From:   nzheretic
It is possible to use browser side javascript to encrypt and decrypt content, including the use of RSA public key encyption. See RSA Algorithm Javascript Page.
( For efficiency, public key encyption methords generaly decodes a randomly generated key for the single key encyption which encypts the plaintext )

It should be possible to use public key encryption with inspected outgoing and incoming email gateways to ensure email content privacy.

Client side Javascript is used to generate the public and private keys. Single key encryption using a "privacy password" is used to encrypt the private key to store it server side.

-Incoming SMTP Email
| Incoming Gateway encrypts plaintext email with user's public key
- Encrypted Email
| Gmail Web based email server
- Encrypted Email
| User's Web Brower fetches the private key from the server
| User enters "privacy password"
| browser javascript decypts the private key.
| browser javascript uses private key to decode and display encrypted Email
- Decrypted Email only at user browser side
| User Reads and enters reply into text window
| More Javascript encrypts outgoing content using outgoing gateway's public key
- Encrypted Email
| Outgoing Email gateway decrypts outgoing Email
- Decrypted Email

As long as the Incoming and Outgoing email servers remain seperate,subject to inspection and undergo regular auditing, then the email stored on Gmail will remain unreadable to Google.

Users should be able choose a default encyption policy and mark individual messages as private or public.

Mail between Gmail individual users could actually be more secure than outside email, as the sender could encypt the message directly using the recipients public key.

1 to 2 of 2
  1. Browser-side Javascript public key encyption
    2004-04-17 11:49:10  michaelnewton2 [View]

    • If it is successful. could you avoid replying to Gmail users?
      2004-04-17 14:57:31  nzheretic [View]

      • If it is successful. could you avoid replying to Gmail users?
        2004-11-14 15:36:38  Arosee [View]

  2. Browser-side Javascript public key encyption
    2004-04-17 10:39:04  brianwolfe [View]

    • You might as well ask how do people without browsers access the web?
      2004-04-17 15:02:48  nzheretic [View]

1 to 2 of 2