Deuxfleurs/aerogramme.deuxfleurs.fr
17
0
Fork 0
Code Pull requests Activity

fix per-user encryption page

Browse source
This commit is contained in:
Quentin 2024-01-22 18:11:24 +01:00
parent 6b521a980e
commit ba730a1924
Signed by: quentin
GPG key ID: E9602264D639FF68
1 changed files with 14 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
content/documentation/design/per-user-encryption.md
View file

@ -24,8 +24,19 @@ and decrypt them locally, exposing an IMAP proxy interface. An attacker having f
will not be able to compromise your already received data (but can intercept new emails). It's similar to [Proton Mail Bridge](https://proton.me/fr/mail/bridge),
but keep in mind that Aerogramme does not support (yet) end-to-end email encryption like Proton Mail or Tutanota, *so Aerogramme is less secure*.
When run on server (both for the transparent and hardened flavor), Aerogramme must be started in the "provider mode", as in "email service provider".
<!--When run on server (both for the transparent and hardened flavor), Aerogramme must be started in the "provider mode", as in "email service provider".
When run on the end-user device (only the hardened flavor require that), Aerogramme must be started in the "companion mode", as in "a companion process of your email client".
These 2 words are materialized as 2 subcommands on the Aerogramme binary: `aerogramme provider` and `aerogramme companion`.
These 2 words are materialized as 2 subcommands on the Aerogramme binary: `aerogramme provider` and `aerogramme companion`.-->
## Aerogramme "role"
## Aerogramme roles
The transparent flavor only requires Aerogramme to be run on the service provider server, while the hardened flavor require the end-user to run a local proxy.
More specifically:
**Provider** - Provider must be run by the service provider, it is used for both flavors. For the transparent flavor, it both receives emails through LMTP and expose
the mailbox through IMAP. For the hardened mode, it only receives emails through LMTP, encrypt them with user's public key, but can't expose them through IMAP as the server
can't decrypt them. Provider commands are available through the `aerogramme provider` subcommand.
**Companion** - Companion must be run by the end user, it is used only for the hardened flavor. It fetches encrypted blobs from the server
of the email provider, decrypt them locally, and expose the mailbox across the IMAP interface, acting as a local proxy.
Companion commands are avaialble through the `aerogramme companion` subcommand.