This applet is a simple wrapper which combines Cryptix and Qsmtp into a secure mail application. PGP has become the de facto standard for public key encryption, so a mail applet which sends in PGP format makes some sense. See the limitations section for some arguments about why it might not make sense.
The applet uses a single public key and can only send to the single address where the recipient is capable of reading the encrypted messages. It should be useful to individuals and companies who want to give people using their web sites a means of transmitting information to them securely from their web browser, without the use of special server tricks like SSL and shttp.
The source code is short and simple, feel free to browse it. Before getting into a discussion of the security limitations of this applet, a brief discussion of PGP is in order.
PGP is a public key encryption system. This means that it does not depend on the encryption key being kept secret for its security. The encryption key is therefore commonly known as a public key and is distributed widely: anyone who has my public key can use it to send me secure mail. A separate key is used for decrypting messages. Because this key is capable of unlocking any message encrypted with the public key, it must be guarded carefully by the user. The decryption key is commonly known as the secret key. The mathematical overhead involved in encrypting and decrypting messages with public keys is quite high, and gets higher as messages get longer. To avoid this computational traffic jam, PGP encrypts message text using a conventional encryption algorithm, and then encrypts only the conventional key using public key methods. When a message is to be decrypted, PGP first decrypts the conventional key, then uses that the conventional key to decrypt the remainder of the message. The conventional encryption scheme used by PGP (called IDEA) is very secure and has no known weaknesses, as long as the conventional key is unknown to the attacker.
This is where cryptography buffs will note the limitations of the applet. PGP generates a new conventional encryption key each time it sends a message. For maximum security the key should be completely random, so that any attacker will have to test the entire enormously huge set of possible keys. Unfortunately, computers are not good at random numbers, and most random number generators require a truly random seed to get started. The applet generates its random seed by concatenating the time and the position of the mouse pointer when the Send button is clicked, then using a summary function to create a random seed from the information. A message cracker who intercepts the message could note the time it was intercepted, and the fact that the number of mouse positions within the Send button is not large, to lower the amount of keys he has to test to break the conventional encryption of the message test. Cryptography types with ideas on how to make my conventional key more random, please contact me.
Another limitation of the applet approach to message encryption is one pointed out by the folks who wrote the Cryptix library. An applet could theoretically be intercepted in transit from server to browser and replaced with an insecure version which looks the same to the user but is in fact compromised. The widespread use of servers which verify the data they send will reduce the likelihood of this scenario. However, if you are using your server to verify your encryption applet is secure, why not skip the whole process and just use SSL? The point of the applet is to avoid having to fiddle with servers.
The other possible security holes involve an attacker invading the server on which the applet resides and compromising the applet from within. This is a risk with any internet transaction. Any server could have been compromised without your knowledge. If this kind of thing keeps you up at night, you probably do not get alot of sleep.
This is a very easy program to write. You could probably write it yourself. If you do, you will have to massage the Cryptix package a little, but not alot. It is still an alpha library, so it has some disagreements with Netscape which have to be eliminated.
If you choose to use this applet you will have to download not only the applet class file, but also all the subdirectories which include the Cryptix encryption libraries. For convenience, everything needed is presented here in a zip file which can be downloaded and unzipped into a usable directory tree.
The following are the applet parameters with explanations:
PublicKey
pgp -kxa your_name pub.key.asc. The file will be loaded
from the same directory as the HTML file which calls the applet.
To
BGColor
FGColor
Font
Title
Subject
Some important things to consider when setting up the applet: the applet can only connect to a mail server on the web server where your HTML resides, due to security restrictions imposed by most browsers. If you get "connection refused" errors when trying to send mail, the problem is likely that there is no mail server running on your web server.
Once you get the applet set up, you will need a way to process all the PGP mail you are going to be receiving. Here are a few links to packages and instructions on integrating PGP into various mail clients.
This page by Paul Ramsey / pramsey@coastnet.com / Copyright © 1997