a private, end to end encrypted temp mail service that won’t get flagged as a throwaway domain by websites, allowing you to continue to browse the web in complete anonymity.
Finally finished this tempmail app! i think the hardest part was just the end to end encryption, since i had to think of a system where the emails were easily decryptable and decryptable, but also the server cant decrypt them manually either. Im so happy that this works though! every app that i tested that blocks normal temp mail addresses worked with mine, but if you find any that dont work, make sure to lmk on slack! (@rip_super)
Alright! i think this project is ready to ship! good thing i looked over it one extra time since i found a XSS vulnerability lol (how do i manage to make one every project??) anyway i (hopefully) fixed that now, so yay!
Log in to leave a comment
Finally added end to end encryption, and I also switched the the email polling method form simply sending a bunch of get requests to the server, to a clean SSE stream!
For the encryption, I decided to go with a hybrid encryption approach, so when you load onto the website for the first time, the site generates a RSA-2048 key pair. The public key gets sent to the server and the private key is stored in browser local storage. When an email hits the server, each field of the email (subject, sender name, sender email, etc) is immediately encrypted with AES-256-GCM, and they each get their own AES key and IVs. These AES keys are then encrypted again using the RSA public key before they are stored, so the server can’t decrypt any of the email info. Then when the browser fetches the emails, the browser then decrypts the AES keys using the stored private key and then it uses the AES keys to decrypt the email data, which is then displayed to the user. This way, no one can read your emails except for you!
I think this project is coming along really well! I think I’ll just add a few small things and polish the site a bit, and then I think this’ll be ready to ship!!
Log in to leave a comment
added those animations… i think the website feels much better thanks to them, also added a really cool animation for when theres no mail! e2ee time!!
Log in to leave a comment
added in the api! so now everything is fully functioning! you can receive emails and change your address and things! next up, ill probably add some light css animations since the email appearing and clicking into an email is kind of abrupt, but then its e2ee! can’t wait for that!
Log in to leave a comment
added the ui for the page!! i think it looks pretty dang good, and it has all the stuff that a tempmail website should have! it still isnt hooked up to the api though, so ill add that next, but that should be too hard. after that its encryption!!
Log in to leave a comment
Nice logo whoever made it is probably really cool
Just added the base api on which the app will function, so users can allocate and be given an email address which can then be used to send emails too. then sent emails can be seen in the address’s inbox. no encryption yet, probably going to write the frontend before adding encryption
Log in to leave a comment