Yet Another New Email

I've designed an implemented yet another new email system.

If there is any interest I will whip the code into shape and publish it. Control your expectations tho. The system works but doesn't have any of the polish a multi-dollar project might.

The mail system has the following features

• the system is intended to be self-hosted. There is no central server or authority.
• the components are very small and simple to install. Compared to other systems in this space the components are tiny. C is used as the implementation language along with libsodium and sqlite (server) as the only dependencies.
• The system is intended for small groups (or even a single user) per server. Of course you can send email to anyone, on any server, as long as you have his public key and the server's key and address, and also that you are a registered sender on his server.
• emails are stored on the server using pubkey encryption. The server cannot read their content.
• end-to-end encryption. The phone app contains a (libsodium) keypair which is used to decrypt emails for the user and the outgoing emails are encrypted with the pubkey of the recipient.
• emails are encrypted in the phone app with the recipient's public key before being transmitted over a secure channel to the server.
• the sender of the email is authenticated/verified.
• only the intended recipient can download the email from the server; pubkey authenticated connections are used for sending and receiving.
• only the intended recipient can open the downloaded email (encrypted with his pubkey).
• not federated. One connects directly to the recipient's home-server to send him an email. Unlike real email, server's don't communicate with one another.

I had planned on peer-to-peer (phone-to-phone) initially, but the problem with mobile is phones is that they are mobile. They shift IP address arbitrarily and may even be turned off for periods of time tho this latter is very unlikely.

I realized that since I'd need a server for discoverability anyway, I might as well just use the server as the mail repository too.

The user app runs on android (phones etc.) and the server is self-deployed on any linux server accessible from the internet.

This system is not intended for non-technical users, although it is quite simple to build and deploy. You will be required to run your own server, although you can host email addresses for multiple users, not just your own.

So far I have a working prototype consisting of the following

• newmaild - A server which holds the (pubkey encrypted) emails for its users (linux/C).
• yane - an android app which allows sending and receiving of emails (simple text for now).
• some command line tools for sending/receiving emails and generating keys.

There are lots of other things which I plan to implement

• richer email formats and attachments (currently only simple text messages are sent)
• better (any) key management/contacts management.
• threaded conversations
• mail search
• mail navigation
• mail plain text export (good idea or not?)

references

• https://doc.libsodium.org/
• https://sqlite.org/index.html

Tags: email crypto libsodium sqlite android (home)