Skip to content

KeyServer

Jump to bottom
Joshua Thijssen edited this page Jun 6, 2020 · 3 revisions

Somehow we need to fetch information about a receiver. There are two important facts we need from our receiver:

  1. Which mail server handles the given receiver?
  2. What is the public key from the receiver?

The first item is in a regular email system done through DNS. We query the DNS which returns the MX record for the domain. That MX records points to an IP (or CNAME or whatever), that ultimately handles its mail. In the regular mail system, there can be multiple MX records with priorities so mail can be sent to other mail servers in case the first isn't available.

In our system, there is no such thing as DNS, as we don't use domain-name system. It's also not a given that two email addresses from the same organisation is actually handled by the same mail server.

We want to see if we can leverage a DHT system like Kademlia for this. For now, we use a centralized 🤦 system instead.

This is running on https://resolve.mailv2.nl.

Fetching resolve information

 GET https://resolve.mailv2.nl/<sha256 of address>

This will return something like this:

 {
 "hash": "68ff90bd7573ab2517249ee9ff51315e662541f5cedde9472a7bc9a3a9b73e17", 
 "public_key": "-----BEGIN RSA PUBLIC KEY----- 
                MIICCgKCAgEAp0klq8XpTOKRocPsF40G/ibEBhlsBYAcRcu08sFAYhJGmuzjcRDz
                xpZ+DhytPWM2CSiZEhVCMV1xOchSQOc4hnMsGkdNgzcQ5ddRkM3T0LP+5H6KA9WM
                J08LCbDyu+CLOED80wSturDf94mCs3P9W0Fj8eQ838y+hTKJWBvDAV1/aO/RQKaQ
                sWyM3QpYUo9+Upb54rJQtQBDCBcjRoLASQvNd1atgTzIT+s9XbK7xf7rOlZxsSIy
                zTI1D5LTrkfCon1+iV+B0v1UAu2KGe8+ZXPkj7C5nTaxYDmcYalfzw197WQ7EW43
                FEkuFmhGSJUlanKQwSNdPnJ/3KXGrPttEASHMZ+rIzrSeeU4sbzuJ7zFZ3Y/kBK4
                ZQ3eqmTOTajYqeaLVOuw25l+NOTcUDAL7imHswMTLQaDov6SQpFGlRZNO9TOaVg+
                bCRR5fTevCIeJ2wCLnBwwDueY3jp/7fEDDEL9HmeWLDcEhaEL259/VCI3Q+vnZqr
                2PLliX/IYpX7qB8vr80BasWiIGfAOi1GSTdvpxOoeFe/CSguwTk3TKTEryEt+7Z/
                wldJF3noOcuwLlCArYeYplzd2aaHEfQAG9IUZ6pLFJhFkggFisbsB8JUH5gL2SQX
                MDgB/Om+IO/05IodJ/E+FB2vOgxIi2FKeQore+fr6XEri2gBXfLzLY8CAwEAAQ==
                -----END RSA PUBLIC KEY-----", 
 "address": "mailv2.ngrok.io"
 }

This way we can simply resolve the mailserver for the given (hashed) address AND have its public key as well so we don't need to query this directly from the mailserver (we could if we want).

It's possible to add multiple addresses in the address list, this way we can specify multiple servers that each handle the same message. Each of the servers MUST be able to handle the message. It's the mail servers job to make sure that the given email ends up at the correct mailbox from the recipient.

Adding resolve information

In order to add new information for an address, you need to send the following:

POST https://resolve.mailv2.nl/

with the following JSON body:

{
  "public_key": "-----BEGIN PUBLIC KEY-----
                 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxl9TRrcsVuUMa8yeDSKv
                 LhHhnCFZ2q8P17GnSsywTHS3ZhuGCQSnV/TyuMmP1acX/4+4MdnFo0hd2qbUtKcE
                 SYmYfEeIyn41Tvwi/YzTGSQ7hR1L085XrSy2CdvUg3nLbhDRSxusz4Hi+BpIEZ2J
                 +52SmJiAFNpdwsPs4+YuX9gvYW+gX3Q4vFCECbP7a4Now3cY1+4gzOghk39gHtI6
                 MuRayb7qE7VlitEPzwgjZ/G1XH3J+4n320FLmMRaYaiKdK7KdFePtLGzUX2CoW7t
                 8WE7KPv7vIx4R+D3ADM11lFAFA16WcuQfv8APrXw/gX9h0RDUT2QhPRr5k1CbLhc
                 GQIDAQAB
                 -----END PUBLIC KEY-----",
   "address": "https://mailv2.ngrok.io/",
   "signature": "cYf8K97F4TfNtl472Hl3nfbNV22RkXSCMToG7rn7KOjazRv8faa1LG4tytUuZ/Z0Srr0asUlPf8bxVQgZwDJtsRpwgcJuiimAOoi9eLa9zQO/tEBRWCiBxCk1OZP2s/Fz/yLtqoQPBE2lx4Z+t4tvw39kcajvXIuD47STpQgpEIZyLqUTriXSDR4xWeO2T4CP8PmC5JQ0BxXCX0h8Yyw9nS44Qobncqd+e5hh6ZuFEtWjdOLKmv1i/v1U+G9GB2CE69inC3l/tVJ+hWw47G/wTH8g0RitpHR/TW6Gr4YxjGGj19COnQVpQflt/y4tCwfvM+H3aOidTPoh+IhGbFpdA=="

} }

The signature is a RSA SHA256 signature based on the PRIVATE KEY of the address, with just the address as the message. The result must be BASE64 encoded.

When the key is not present and the key must be added, we take the given information for truth (❓ can we do it another way?)

Changing resolve information

Changing a key is the same as adding a key.

The hash is checked with the public key that is found on one of the servers given in the address. Only if this matches, the key is updated.

Deleting resolve information

Deleting a key can be done through:

DELETE https://resolve.mailv2.nl/

with the following JSON body:

{
   "signature": "cYf8K97F4TfNtl472Hl3nfbNV22RkXSCMToG7rn7KOjazRv8faa1LG4tytUuZ/Z0Srr0asUlPf8bxVQgZwDJtsRpwgcJuiimAOoi9eLa9zQO/tEBRWCiBxCk1OZP2s/Fz/yLtqoQPBE2lx4Z+t4tvw39kcajvXIuD47STpQgpEIZyLqUTriXSDR4xWeO2T4CP8PmC5JQ0BxXCX0h8Yyw9nS44Qobncqd+e5hh6ZuFEtWjdOLKmv1i/v1U+G9GB2CE69inC3l/tVJ+hWw47G/wTH8g0RitpHR/TW6Gr4YxjGGj19COnQVpQflt/y4tCwfvM+H3aOidTPoh+IhGbFpdA=="

} }

The hash is checked with the public key that is found on one of the servers currently in the address. Only if this matches, the key is updated.

NOTE:

NOTE: this means that when a server is not available (anymore), we cannot remove (or change) the key. Somehow, we need to be able to add, change and remove keys without any interference of mailservers.

BitMaelum Logo

Clone this wiki locally