Gut M

gutm-img

Project Background

GutM is a PGP email system that uses affixes privacy in the core of the product and provides end to end encrypted email system. This system focuses on providing a high level of security and anonymity so that the end users can communicate without the fear of sharing that information with any third party.

Requirements

  • 1. Create a close group emailing system, which is end to end encrypted and uses theories of PGP. This system works as a conventional mail but with secured encryption.

  • 2. Anyone from the user list should be able to create a public-private key while creating an account. Once the account is created, the key combination cannot be modified.

  • 3. Post login, a private key is needed to decrypt the incoming emails.

  • 4. To send an email, the user should not do anything, but email should be sent by the receipt’s public key encryption automatically.

  • 5. Cases of multi-users in sent item should work.

  • 6. Can detect all the received and sent emails.

  • 7. Can delete emails. Also, once an email is deleted from sender side, the receiver can still decrypt and see it.


Technical Stack

  • Python
  • Javascript
  • Angular-5
  • MySQL
  • AWS
  • REST API

Solution

  • 1. At the time of signup, a user is required to download a private key & a public key that gets saved in the server for further distribution.

  • 2. Whenever a user composes an email, one symmetric key is generated per user which is later used to encrypt the email.

  • 3. Symmetric key is encrypted by the public key of all the users whom an email would be sent.

  • 4. Encrypted Symmetric key along with Encrypted mail should be sent to the user.

  • 5. While receiving email, the primary user has to decrypt the symmetric key and from encrypted symmetric key to decrypt the email. This way it always stays as a close group secured message transfer.


Challenges

  • 1. At first, we tried to send emails using asymmetric keys only. But we realized that to encrypt large emails it was taking a few minutes, so it was not the solution which we could use. That is why we came back to symmetric keys. But again, to share a symmetric key, we needed a secured channel which brings us to use asymmetric keys channel to share symmetric keys.

  • 2. We had to use only single message with symmetric key and share email in such a way, only the recipient of the mail can open it. Sending the same email to multiple users without compromising any security was difficult. We encrypted the symmetric key with different public keys and shared the hash with those users. Only the recipient of the mail can open it with the private key counter part.


Acceptance

We have successfully launched the beta version of encrypted email system. This system is for the closed group of Gutmail users and encrypted to an extent where a private key is destroyed after the particular time limit is exhausted, no one can retrieve the email from the system after that.


Get In Touch

Let’s meet and discuss your idea over a cup of filter coffee and we’ll help you make it the next big thing of the decade