From Email to WebRTC chat
using PassLok
Francisco Ruiz
WebRTC conference 2016
An email conversation
•
From [email protected] Monday 4:30pm
•
From [email protected] Monday 4:35pm
•
From [email protected] Monday 4:40pm
•
From [email protected] Monday 4:41pm
•
From [email protected] Monday 4:45pm
•
From [email protected] Monday 4:50pm
•
From [email protected] Monday 4:55pm
•
From [email protected] Monday 5:00pm
•
From [email protected] Monday 5:01pm
•
From [email protected] Monday 5:05pm
•
From [email protected] Monday 5:10pm
•
From [email protected] Monday 5:06pm
•
From [email protected] Monday 5:12pm
•
From [email protected] Monday 5:20pm
•
From [email protected] Monday 5:25pm
•
From [email protected] Monday 5:30pm
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Hi Bob, do you have the picture for the ad ready?
Yes, I’m attaching it here.
Can you make the face of the person holding the product a little rounder?
And the skin darker, please?
Just her or the other faces too?
I guess the children too, but I don’t want the man to look like her brother.
No problem, anything else? I’ve got a bus to catch in ten minutes.
I guess that’ll be it. Thanks!
Actually, can you increase the saturation on the product box a little? It would be better if it stood out more.
I thought it would look gaudy if I did that. I’ve got to go, though.
No, it’s got to be more saturated. I’ve got a bus to catch, too, but I need to get this out today.
Hi Alice, I really got to go, so I’m attaching the picture with the faces corrected. You can saturate the product if you want.
Sorry Bob, but I don’t have a photo editor right here. It’ll take only a minute on your side.
Bob, did you get my last email? I really need this now.
Bob, are you there?
BOB!
Suppose, furthermore, that they:
• Are a little paranoid about security
• Don’t want to burden their machines with
special-purpose software
• Want to get in and out, leaving no trace
• Would rather not have to log in or make an
account anywhere
Enter PassLok
•
•
•
•
Asymmetric encryption of text and files
100% JavaScript
Regular, hidden, and read-once modes
Chrome and Firefox extensions integrate it
with Gmail, Yahoo mail, and Outlook
• WebRTC module almost straight out of Muaz
Khan’s demo at Github.com
WebRTC via invitation
• Alice makes message containing:
1. Type of chat: text, audio, video
2. Text area for exact time, etc.
3. Generic chatroom name (1 or 2 of most common
English passwords)
4. 256-bit password (43 base64 characters)
• Encrypts it with Bob’s public key and her own
• Then sends it to Bob (email server keeps a
copy)
On Bob’s side
• Bob sees encrypted message and decrypts it using PassLok
(must enter his private key)
• PassLok recognizes it as an encrypted chat invitation and
displays text part (so Bob can decide if it is time to start the
chat)
• If Bob clicks OK, the WebRTC code loads in an iframe or
separate browser tab, which:
1.
2.
3.
4.
Contacts Firebase.io as signaling server and provides
chatroom name
When Firebase.io makes the chatroom, the code prompts Bob
to give himself an alias for the chat and displays a “Start”
button
After Bob clicks it Firebase looks up Bob’s IP address and waits
for others
The Password stays on Bob’s side and is not transmitted
Meanwhile Alice. . .
• Decrypts the message she sent and PassLok opens a new tab or
iframe just like Bob’s:
1.
2.
It connects to Firebase.io and sees whether the chatroom already
exists (let’s assume it does)
Alice’s WebRTC page sees a “Join” button and a prompt for a chat
name
• After Alice clicks the button, Firebase looks up her IP address, which
it sends to Bob, and sends Bob’s IP address to Alice. From then on
Firebase just keeps the IP addresses under the chatroom name
• Alice’s WebRTC page contacts Bob’s and negotiates a connection.
The process involves supplying the correct Password included with
the invitation, otherwise Bob’s page denies the connection
• The rest is normal WebRTC, just between Alice and Bob (and
anyone else who was able to decrypt the invitation, which can be
encrypted for several parties)
When they are done
• They simply close those tabs or iframes
• Firebase.io may keep a record of the chatroom name
and the IP numbers that connected to it (no session
passwords), but anonymity is possible via Tor or a VPN
• The participants are gone, and no one else saw the
content
• The email servers keep the invitation, which they never
saw unencrypted
• Participants still don’t have each other’s private keys
• If encrypted using read-once mode in the standalone
PassLok, participants cannot decrypt the invitation a
second time
Questions for the audience
• Should read-once encryption be always
available for this? (PassLok for Email does not
support it right now)
• What else could be done to make this easier
or more secure?
• Thanks!