Silk Road forums

Discussion => Silk Road discussion => Topic started by: srnw on September 27, 2011, 07:42 am

Title: Integrate public PGP Keys for private messaging?
Post by: srnw on September 27, 2011, 07:42 am
Why not have the option to have SR store your public key and then all messages that are sent to you are automatically encrypted with it?  Or better yet, just messages that aren't encrypted get encrypted?  Or even still, have the browser encrypt with javascript?  Or maybe a browser plugin?  This would make things much more convenient than having to copy/paste for every key import and message you want to send and force privacy.  You would only have to copy/paste in order to decrypt.  I'm a software engineer so know this should be feasible, but my familiarity with encryption/TOR is limited so I'd like to hear any input from anyone more versed on the topic on any potential security risks related with these options:

1) Have SR store your public key and encrypt all messages.  I realize in this case that the messages you send to SR would be sent in clear text to the server(obviously not clear text during transmission as the TCP stream is encrypted during transport by TOR, right?) where they would be encrypted, the clear text discarded, and then the encrypted message relayed to the recipient.  I realize that trusting SR to do this is not ideal, especially with the recent security holes that have been discussed but would enforce privacy and keep buyers from revealing anything about the sellers during messages.  But even then, an attacker would have to alter the site's code and would only have access to message sent after the attack/modification to the code.  Something that should be easily detected.  But that possible security hole brings me to number 2...

2) Have SR store your public key and encrypt any messages sent to you that have not already been encrypted.  This way, you can obviously still encrypt the way we're doing things now, but adds another level of security/privacy.  These unencrypted messages right now are just plain text and stored on the server, for who knows how long(has this been discussed? how long before things are discarded?  messages shouldn't be stored that long).  I don't really see a downside to this as it just adds more security to messages that would not otherwise be encrypted.  However, it still relies on SR to do the encryption and requires SR having the plain text message even if it is going to be immediately discarded, meaning people could get complacent and just use the built in encryption rather than their own, which brings me to number 3...

3) Have SR store your public key, or maybe store your public key in a cookie?  Anyways, just somewhere that it's retrievable via javascript.  Then javascript code could encrypt the message before it's ever sent to the SR servers.  The only possible downside I see to this is trusting SR's javascript.  I know that through certain javascript techniques it's possible to reveal the IP address of the client, so assuming SR's security is breached someone could alter the script.  Also, I know most people, including myself have javascript turned off when using TOR.  But still, encrypting things client side seems to be the way to go.  Which brings me to number 4...

4)  Create a browser plugin that will do this for you?  It seems it should be totally possible to write a browser extension to automatically encrypt all outgoing messages.  Something to detect who you're sending to, that will then, in the background, visit that person's profile page and grab their key, and then use it to encrypt the message you're sending.  This could also be made to decrypt messages as well.  Would save quite a bit of time imo.

So, in conclusion, I think the best way to go about things is probably a combination of number 2 and number 4.  I think the SR site should have the ability to store everyone's public key in a place that's easily accessible, something similar to the current seller profile page, for both sellers AND BUYERS.  Then, once you have your public key stored, there should be an option to have all unencrypted messages that are sent to you encrypted.  Maybe even with an autoreply to the sender that their message was automatically encrypted and that in the future they should encrypt it themselves.  The receiver should also be notified that it was automatically encrypted.  Lastly, once everyone's public keys are available, someone(I'll look into doing it myself if there's enough interest) could write a browser extension to automatically encrypt all outgoing messages before they are sent to the SR servers.  I did a brief search for something like this but couldn't find anything, but that doesn't mean it's not out there.  The extension could even made to be generic, with rules about which pages have forms that messages are to be encrypted for, and how to retrieve the public keys and such.  Anyways, I hope this is helpful and sparks some discussion.  It may just be overkill for something that's already working, but I thought I'd give my two cents on increasing the level of privacy given the recent security holes that were found.  Thanks for reading.
Title: Re: Integrate public PGP Keys for private messaging?
Post by: hearing on September 27, 2011, 08:14 am
Anything where the encryption is done server-side or with JS is a bad idea. Other than that, your conclusion is sound. In short:
1. "the SR site should have the ability to store everyone's public key in a place that's easily accessible"
2. "a browser extension to automatically encrypt all outgoing messages before they are sent to the SR servers"

This brings up another issue, which is that the public keys could be changed by a compromised server. Keys on TSR are never signed.
Title: Re: Integrate public PGP Keys for private messaging?
Post by: srnw on September 28, 2011, 04:23 am
Well I guess the wall of text in my original post probably scared people away.  I had just received a package and was excited about the idea.  Anyways, doesn't look like there's much interest, although I think enforcing the encryption would be a good move.
Title: Re: Integrate public PGP Keys for private messaging?
Post by: srnw on September 28, 2011, 04:28 am
Just thought of something in regards to you're good point about keys being replaced.  The browser extension/plugin could store/cache the keys and notify the user if the key has changed.