You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Here is a simple way I would like to purpose implimenting E2EE messaging in ActivityPub.
Simply by using OpenPGP. Every single account on activitypub will have a new field that is not visible to the public which is the users Public PGP Key. The instance and other instances can request any users public PGP key with an API command. If the user does not have a PGP key (Meaning the instance software does not support PGP encryption) you will not be able to send encrypted messges.
The users private PGP key will be stored on the server but will be stored with encryption by using the users password. The site admin will be unable to read any users PGP key. The private key decryption will be done client side.
When a messge is being sent to a user, these are the steps under the hood.
It requests the recipents public key
If there is a recipent public key, it sends the recipents public key to the sender
If there is a recipient public key, it encrypts the message
If there is no recipient public key, it will warn the user that this message will send unencrypted and the user can reject sending the message or continue sending the message with encryption.
The message is sent to the user
The text was updated successfully, but these errors were encountered:
This is a reasonable architecture and one that's under discussion for E2EE. I'd love to get your thoughts for our ActivityPub E2EE task force. We're actively working on a report for this topic for AP right now. @trymeouteh can you take a look at https://github.com/swicg/activitypub-e2ee and consider helping us out?
Here is a simple way I would like to purpose implimenting E2EE messaging in ActivityPub.
Simply by using OpenPGP. Every single account on activitypub will have a new field that is not visible to the public which is the users Public PGP Key. The instance and other instances can request any users public PGP key with an API command. If the user does not have a PGP key (Meaning the instance software does not support PGP encryption) you will not be able to send encrypted messges.
The users private PGP key will be stored on the server but will be stored with encryption by using the users password. The site admin will be unable to read any users PGP key. The private key decryption will be done client side.
When a messge is being sent to a user, these are the steps under the hood.
The text was updated successfully, but these errors were encountered: