I started exploring ways to make a better encrypted email system that was different from what was already out there without reinventing the wheel. My only parameters was that it had to use existing technology, but it had to be noticeably different that traditional methods. I came up with something that's very niche and novel, but I don't know how viable it is. in a nutshell it basically works as follow:
- It’s an email client so it works with any email service provider
- It uses a visible message and an encrypted hidden message
- The encrypted hidden message bypasses the email server
- The visible message is part of the key to unlocking the hidden message
so it uses 2 channels instead of one. It uses steganography, but not in a traditional way. It's borderline covert because you can control when the message is sent. It will be hard to track. It uses public/private keys so the recipient would only need to use their own password. The goal is the be able to send encrypted messages while making it hard to track. Part of the metadata is obfuscated. It's not 100% full proof, but it would take a lot of effort to track the hidden communication and even if intercepted, you would need the sender/receiver's password and the original message, and the public key just to identify the intercepted message is the right one. It also sends out a decoy hidden message.
Since both parties would need the software I also added a traditional PGP system that allows users to send encrypted email to anyone. As for the main system described, it would only work with users that have an account for the service. So software hides the controls until the recipient has been authenticated. The password can be changed at any time as well as the public/private keys.
The client itself is minimalistic, and only has features people would use. There are also other tools but, the email client is the main module.
Would anyone even use this? I had whistle blowers, and maybe new agencies or any industry that relied on confidential sources. I don't really see this as something that would be b2c or a mass market like Proton Mail. Which is why I think it's very niche. At any rate, I built a prototype last year and the Windows version should be finished by maybe September (I'm working alone). I've been saving up enough money in order to send it to Cure53 so they can pick it apart. BUT I want to know if it's even worth doing at this point. Any questions, criticisms are welcome.