Pandor - end-to-end encryption email correspondence

On the topic of the day, when everyone is talking about intercepted correspondence or hacked mailboxes ( Arkady Dvorkovich has become a victim of hackers ), I want to present you Pandor, the solution for protecting the contents of email correspondence.

Pandor - currently exists as an extension to the Google Chrome browser and works with the Gmail web interface. The extension adds elements to the interface to create an encrypted message based on OpenPGP. The main task is to make secure correspondence as simple as possible for use by end users. With this idea, my colleague Khalil Bouzidi and I came to Startup Weekend Monaco - we decided to try our hand at creating an exemplary business plan and, of course, a prototype. In fact, during the weekend we could only clearly define how we want it to work. Everything should be only in one-click and users would not need to "agree" on the principle of encrypted information exchange. At the startup, we presented a presentation and a video of how we see the work of the service from the user's point of view. By decision of the jury, our project received first place.
High marks at the competition inspired us to make the project a reality. Within 2 months, we were engaged in the project, free from the main work, and now we are launching a beta version, which I propose to you to evaluate. In parallel with the development, a business plan was developed and a package of documents was submitted for another competition in Monaco and the first round was already held in it (11 projects out of 30 were selected).

')

The technical side of Pandor

The service is built from a browser extension and a server for exchanging public keys. When installing an extension, a profile is created on pandor.me, this profile is required first of all for the exchange of public keys. At the moment we do not provide much functionality on the site itself. So let's move on with the most important thing - the browser extension.

The extension is built from 2 elements:

• Add-ons in the Gmail web interface
• Options page

The Gmail interface is supplemented with only 1 button - [@], when you click on it, a window for creating a letter is created.



This is almost a classic Gmail window supplemented with information that correspondence will be protected.



Encryption is based on OpenPGP and the OpenPGPjs library was taken as the basis . An extension in the browser at registration generates keys for the user and the browser encrypts the message before sending it. When encrypting, the pandor.me service is used to obtain the public keys of the recipients, if the recipient does not yet have a profile and keys, the service automatically generates the keys and creates a profile and sends an email with access to receive them.

What can the extension now:

• creating encrypted correspondence (compose)
• draft folder encryption
• automatic opening of encrypted content in correspondence (thread)
• when replying to an encrypted message - an encrypted reply is also created (reply)
• obtaining public keys from the server

Development prospects

Certainly from the development prospects, we are now looking towards supporting other browsers, primarily Firefox, Safari, since this is only due to the configuration of the build. We are also working on different approaches for key synchronization, paranoia mode for deleting a key from the server and storing it only on the user's machine. In the future, we are considering the possibility of encryption as well as investments.

Perhaps habrayuzer can tell where we better move?