1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PGP Encrypted Emails

Discussion in 'XenForo Suggestions' started by Shiro, Jul 7, 2015.

  1. Shiro

    Shiro Well-Known Member

    With services like Facebook now offering the feature to display your public PGP key on your profile, and to have all emails sent to you by Facebook encrypted with this key (source), and with Xenforo being a forum built on security, and especially with the recent addition of two factor authentication, it seems that this would logically be the next step for improving security.

    This feature would mainly serve to protect staff information (such as private messages sent to them, and password reset requests) by not sending them via email in plain-text. This would also be nice for the occasional paranoid user (ex. me).
     
    erich37, Alfa1, Mert and 4 others like this.
  2. melbo

    melbo Well-Known Member

    I would love to offer this and make the implementation as easy as Facebook's :)

    [​IMG]
     
    Fred. likes this.
  3. beanfan78

    beanfan78 Active Member

    One of my forum members were asking about this. I honestly had no idea what it was so I started reading up about it. My domain is secure with SSL, but that doesn't seem like a lot. Does anyone use PGP with their Xenforo? I would like to offer my members the most secure platform that I can.
     
  4. melbo

    melbo Well-Known Member

    It's not really something that's available as an integrated feature of XF but I'd love to see it.
     
  5. beanfan78

    beanfan78 Active Member

    Thanks for the response. I am not really familiar with the technology of PGP. Perhaps I am missing another layer of how I can secure xenforo? I mean without taking it to the world of TOR :)
     
  6. melbo

    melbo Well-Known Member

    Oh, PGP/GPG just encrypts messages between 2 (or more) parties using 2 'keys'. The only thing it would really do for XF (and what we're asking for here) would be to allow a member to add their public key to their account settings and then all email traffic from the forum to that user would be encrypted even further than your SSL/TLS. Anyone can use PGP in a forum post or conversation now since the encryption is performed on the users PC and decryption occurs on the other users PC.

    The messages after encryption look like this:

    Code:
    -----BEGIN PGP MESSAGE-----
    Version: ***********
    
    hQQMA89rse9TjBQPAR//Xl4R4FWVUP2VDBufEuqt935xpPxwCG9PQ9ALCSvyFvhl
    fsJ4H2RK+GEjjp6oP2qyl2xc+65nES+j5DjhApl352PguTa//HE/QLngEVHjNzrj
    sO1HLoRM3Q4RIaB9qsczn8N6AWzzRILhViGALTkH51YHfPB1TLRKCml15KL8fSg8
    dcnzBmrsl6P8iHBtbXvfMN90JJCjh5W4Yme71ISgUEaoz4vCsRi7YhyVGBKUxTVL
    7P6DjZXnKg9Ouoe1hjfjGBMHphfQzb0A5QB/yA3cqCIo+7EieyrJ+Z6XjHAlUeIT
    kNDQQmNjKq8l6mIG/R2yG95r6vfmlN0i+uRYRUOCtcKrpdejJ+eOlQRpXd5Bvczj
    Vl8RAaIj5l4VcebhbvZoDSzSj9zvlWhdXd2K0e1BNNKuKegYpb1YmumVlEv3AuLE
    5XAyxJLBjr21yILMWt/Ehv9m06I0Vp2S9hBbXPUKWcYfItrNE8oG2tkIz/yLKYbT
    IF1KlrC6dz+l5UvfxOmXjwJIiU2Ie8xOaTV2fCMM1JoNks7y7R8cCO/by/GoCqgH
    q/J8+bsHhyRqWWiA7gZ7aF54YTU2laBGD2kR9J93/9tqryWp1tjXUo6zyap4vXMW
    GjA2m8EvKjtXXzUqljm0vnyQGAqx1UdZY1lzc8nU6CZDQDUetvtroSz55xH4ecfe
    sXZZfMFyaACi0Hj2ab09TTZIzGoype7TSBZY9LQ7mKt2mwTCX+qOpVSRaYwwk8ti
    8Re4QGzNDgKi8CU6rSJ/oReDnVEchBbIMklZ+zK5ANpuRoo+eyMGO1cj2TVgrODw
    w1+q+vbsPCTxnhX1Su0yDRThX4WEyxHMl8/5e7az1hpvWqE1N/+1i1eFoBUTOn/K
    fbZZCTI1zo4AWhvY2M63ZEBPk4cleakEIxQhIGf6UACyEX9ROMkiCGeJW7IxlGCK
    PzfUcf4hwPKE/vXA3P0ohztygpQw7ofVaOGiNuxw/dgFTpPxCiL86om7/RQcoCzt
    yv2Hfey0sJARZYuNPW/ES/ax/egPqHQjHl0UWJK9fTaL7qSGwRk9hKFTdH/LQuxK
    6R/F+3j135rigI3JkP0zO2fun/gte9c62DrDyI6h4MKEjgpGYMXkVzcZPq4/pQMj
    jxqqoUOfPECLROgywYQWQ4R/Wi1ftSgDdV5tDw4bevyLCPDLZod0cT4VSFfvwQT7
    dLBY+FDSWYJ8/540oeDEsNUCfk7XwYKqBKf79mCXDJFBES9f29hena/O0gPaiLnv
    T1FgixHV9EJF9mq2iPwij7X6GCblkZ7k4pE/PXGi4tLlQOqdaCAZl66wxbDtt+Ca
    BIfAm8rmfkvRIF54kQBzZZZ9Y3kb6nr/CGZiIN1CS9LAiwFZKNxtBZmr1F4U8/3H
    kNtcvVi76917ENiSnTS/hvGuvUEB20MOWrAOeUr5PMp2VEaetNlIzO2K7AvmDyi5
    4jl3I31RbQZa1AuWxcfmbJWcZYCUtXj/9mAXnfABkIVrSUgRUPOsTjWAY310GMHL
    8ZcDuCrhFHDPUngc7bAeSn4/HHAmZqRnGREZbIndqVzkix6IRyQoni90Gj+PjTwd
    gLKmoeF1E78nhESJyAPuiU1pLQvylmXaHzrTkoUdMKOXuDIv6yD9nPLxNy2hXL1a
    hAOCQEfgJ3uapmk1pF/bPHLNsNiXR91ZKJ/5Pu9jXRqigECl89tE8PcnMeTJivcC
    oI1DrWuPOIIz9WVcq9S0nhDhWbEkxsAdh5oceVGaYTCD/9ACxD3iSYsn09K6JaUG
    OqeCCrB2FGFh3DOzYR7rNZ77zGNvRSUk1zuiKQg=
    =u/eb
    -----END PGP MESSAGE-----
     
  7. melbo

    melbo Well-Known Member

    This seems like a project that @Liam W could easily create. I know he is an expert in public/private key pairs as a Bitcoiner ;)
     
  8. Shiro

    Shiro Well-Known Member

    @Liam W How about a quote on this? :)
     
  9. Liam W

    Liam W Well-Known Member

    I actually looked into it when I got @melbo's mention, but I can't find a working PHP PGP library...

    The extension isn't working for me (and hasn't been updated in ages so isn't a surprise really).

    Liam
     
  10. melbo

    melbo Well-Known Member

    Last edited: Jan 26, 2016
    Alfa1 likes this.

Share This Page