Skip to content


Repository files navigation

PrivMail: A Privacy-Preserving Framework for Secure Emails

This repository contains building blocks for our PrivMail framework. Details of the implementation will be available later in a separate publication.

Warning: This code is not meant to be used for a productive environment and is intended for testing and demonstration purposes only.

Directory Structure


This project is an implementation of a Thunderbird plugin/add-on, which enables the user to send and reconstruct PrivMail emails. Note that PrivMail search functionality is not part of this project, but the plugin works with regular email services for sending and receiving emails. See the respective for more details on how to load and use the plugin.


This project is an implementation of a proxy service for sending PrivMail emails similar to the Thunderbird plugin. The advantage is that the proxy works with any email client software or even with a simple script. See the respective for more details on how to setup and configure the proxy.


This project contains several scripts useful for PrivMail. See the respective files for more details.


This project is an implementation of a SMTP server for PrivMail, which stores the received emails in separate files in a specific format separating PrivMail information, such as the secret shares and buckets. These files are inputs for some of the scripts mentioned above and for the PrivMail search implementation covered below.

In addition, this server is useful for testing the proxy service for sending PrivMail emails locally without the need to use actual email services and Internet. In the following, we give an example of how to do this for two servers using Docker and Docker Compose.

  1. Create two empty directories where the secret shared emails are stores (in practice these would be on different machines managed by the two different non-colluding service providers):
mkdir rss1_mail_data rss2_mail_data
  1. Create the following docker-compose.yml file and place it at the root of this repository.
    build: Sender-Client-Proxy
    container_name: scp
    command: -m
    stdin_open: true
    tty: true
      - "55001:55001"

    build: Receiver-SMTP-Server
    container_name: rss1
    stdin_open: true
    tty: true
      - ./rss1_mail_data:/home/appuser/mail_data:rw

    build: Receiver-SMTP-Server
    container_name: rss2
    stdin_open: true
    tty: true
      - ./rss2_mail_data:/home/appuser/mail_data:rw
  1. Create the following destination_address_map.yaml file and place it in the Sender-Client-Proxy directory.
  - DESTINATION: receiver@rss1
    SERVER: rss1
    PORT: 55010
  - DESTINATION: receiver@rss2
    SERVER: rss2
    PORT: 55010
  1. Copy the config_example.yaml to config.yaml in the Sender-Client-Proxy directory (the example values work here because our server has no authentication layer):
cp Sender-Client-Proxy/config_example.yaml Sender-Client-Proxy/config.yaml
  1. Build the images:
docker-compose build
  1. Run the containers in the background:
docker-compose up -d
  1. Send emails to the proxy using the address receiver@proxy (or however you configured in the destination_address_map.yaml) and see the secret shared emails in the two directories. An easy way to send emails is our simple script, where you only need to change the targets value to ['receiver@proxy'] and then run it:


This project implements the PrivMail search functionality as a proof-of-concept (PoC) for benchmark purposes using the MOTION framework. The software reads the secret shared emails from a directory and expects them to be in the format of how the PrivMail SMTP server produces them (see above). In addition, the software takes the search query and search index file as inputs expecting them to be in the format that the respective scripts (in Receiver-Scripts) produce them. The full set of options are below:

Allowed options:
  -h [ --help ]                   produce help message
  -l [ --disable-logging ]        disable logging to file
  -p [ --print-configuration ]    print configuration
  -f [ --configuration-file ] arg configuration file, other arguments will
                                  overwrite the parameters read from the
                                  configuration file
  --my-id arg                     my party id
  --parties arg                   info (id,IP,port) for each party e.g.,
                                  --parties 0,,23000 1,,23001
  --search-mode arg (=normal)     choose from search mode options:
  --query-file-path arg           get party's path for query file, include path
                                  e.g. ../../../privmail-incoming-proxy/secret_
  --mail-dir-path arg             get party's mail directory path, include path
                                  e.g. ../../../privmail-smtp-server/mail_data
  --index-file-path arg           get party's path for index file, include path
                                  e.g. ../../../privmail-incoming-proxy/index-f
  --json-path arg                 define path to the benchmarks json file

Note that in order to build the binary, you need to install the MOTION library on your machine, see this for more information.


This code is provided as a experimental implementation for testing purposes and should not be used in a productive environment. We cannot guarantee security and correctness.


We thank Toni Nguyen for helping to develop the Python based building blocks and Martin Bach, Jan Filipp, and Tamino Goldan for developing the basis of the Thunderbird Plugin.


PrivMail: A Privacy-Preserving Framework for Secure Emails







No releases published


No packages published