Author

Topic: CryptUP: Simple PGP for Gmail / Ethereum public key database / feedback (Read 1642 times)

member
Activity: 101
Merit: 10
Miner / Engineer
I just installed it and it is working ok.

Though, people who send me pgp emails as attachments doesn't seem to decrypt.  Will reach out to Tom and find out more.  Smiley

member
Activity: 77
Merit: 10
newbie
Activity: 1
Merit: 0
Most useful chrome plugin ever  Grin searching for something like that for years, let me know if I can help you to further develop the tool
member
Activity: 77
Merit: 10
Who am I
I co-founded BitOasis as a (former) CTO. As far as I know we were the first wallet to use multisig with keys distributed among different entities (us/co-signer/backup) without bothering the user to store a private key. Our open sourced multisig wallet: multisig-core and multisig-recovery.

See my PyCoin contributions here.

Why most PGP solutions suck
We used PGP at BitOasis to encrypt sensitive email. For most people, PGP is a pain in the ass.
Non-critical info would often go unencrypted because you don't want to bother the other guy by encrypting it.
If we didn't use PGP for MOST email, it's no wonder others don't use PGP for ANY email. It's too cumbersome.

What I've done about it
I made PGP work just the same as normal email, so that non-technical people can use it. I released my child a few days ago as CryptUP. It's a Chrome plugin and works with Gmail, because that's what I (and a lot of people) use. It's compatible with any other PGP solution though.

Where I need your feedback - improving decade old pains with PGP

Public key management
I'll use Ethereum as a pubkey database for CryptUP users, under the hood. Users' pubkey fingerprints will get submitted to Ethereum blockchain, instead of outdated systems like http://pgp.mit.edu/. Ethereum blockchain can then be queried with DNSChain eliminating man-in-the-middle attacks on exchange of key fingerprints.

The users don't need to know about the Ethereum stuff. It'll just work and I'll pay for the fees, it's a few cents per user.

Public key fingerprint verification
Security of PGP relies on this, but NOBODY does this. Without knowing you talk to the right person, PGP is a placebo. I'll implement fingerprint-to-image converter, where instead of comparing letters and numbers (which nobody will do), I will be displaying a set of icons for contact you talk to. Imagine 4-5 icons per fingerprint, eg: horse, frog, car, sun. It's much easier for humans to notice a discrepancy in icons then "0D5688EBF3102BE7".

Let me know what you think
As is, I think (and people tell me) CryptUP is the easiest to use PGP plugin. Setup, conversations, attachments, it just does what you expect your standard email to do, plus encrypted.

Let me know your thoughts, it's available here:
https://chrome.google.com/webstore/detail/cryptup-encrypt-gmail-wit/bnjglocicdkmhmoohhfkfkbbkejdhdgc

And the source code is here:
https://github.com/tomholub/cryptup-chrome
Jump to: