Excerpts from internet.cypherpunks: 20-Jun-96 Re: Safemail by Adam Shostack@homeport.o
Not to defend the safemail folks, but this does remind me of something that NeXT did with Eliptic curve based systems; there was no storage of the private key, it was generated from the passphrase at run time. It was a side discussion, maybe with Andrew Lorenstien? Andrew?
Might you be thinking of ForYourEyesOnly, by R. Crandall and J. Martin? It was distributed as a demo program with Release 2 of the NeXTstep operating system, along with such nifty apps as a Mandelbrot generator that used the 56001 onboard DSP. (I've never used it, though.) Here's the help file that comes with ForYourEyesOnly. I had to grab it with SegHoarker. -Declan (Registered NeXT Developer) --- General ForYourEyesOnly is a message encryption utility. The basic idea is that secret messages may be sent via mail, or simply stored as encrypted (.encr) files. The notion of Public Key encryption requires that each participant have a pair of keys: a "Private Key" and an associated "Public Key." Everyone's Public Key is known to everyone (hence the name public). Private Keys on the other hand are just like passwords; that is, you commit your Private Key to memory. Keys You create your Public Key via the Registration... menu item. When your (at least 8-character) Private Key is entered, the associated Public Key is computed for you. Again, note that the Public Key is safe, i.e. it can be broadcast to the whole world. Your Private Key, on the other hand, should never be disclosed beyond your chosen group of confidantes (which group can of course be just a singleton--you). ForYourEyesOnly allows for groups (larger than just yourself) to share a Private/Public Key pair. For example, a sales department can have one common Private Key, so that any member of sales may read mail that was encrypted using the associated Public Key for sales. In this "group" mode, a new sales member is presumably given the Private Key verbally, on a garden walk, or during a loud evening at a local tavern, etc. Decryption The decryption procedure is dealt with first in case you have just received an encrypted document and don't know what to do with it. If this is the case you may, for example, have double clicked a .encr file icon from mail and have landed here. By entering a correct Private Key in the Message Window and pressing the Decrypt button you will obtain a decrypted file. You might wonder how someone could have sent you an encryption if you have not yet registered a Private Key. Well, you might just have joined a department all of whose workers are using a single Private/Public Key pair for intra-office mail. In this case, all you need do is find the departmental Private Key for decryption. The .encr icons can be dragged to/from Mail or to/from Browser. Encrypting files A Plaintext message may be encrypted by entering the recipient's Public Key (if it has not already appeared automatically, as it does when the recipient initiated a mail exchange), and your own Private Key, then pressing the Encrypt button. (As above, a Public Key must have been obtained at some point in the past via the Registration menu item). Note that "Plaintext" is actually a theoretical term from encryption theory, and means the original, understandable text. What you can actually send, though, is text and/or pictures, etc., much the same way that you can mail multimedia files. We call all of this Plaintext, and the encryption algorithm chews up everything you are sending in order to create the .encr file. (NOTE: You can encrypt any kind of file, but at this Release you cannot send directories (folders)). The encrypted file icon will appear in the icon well at the top of the message window and can be dragged to the file browser or another application. The encrypted message can also be sent via the Services menu by selecting the Mail menu and the Document menu item under that. A file can also be encrypted and saved to disk in a place you specify by selecting the Encrypt, then Save As... menu item under the Document menu. Instant Rebounding Note that ForYourEyesOnly automatically transmits the Public Key of the sender along with the message itself. Thus, when you decrypt a mail message you will get an automatic display of the other party's Public Key. This convenience means that once you have decrypted the incoming message, you can easily "rebound", that is shoot a message back, simply by editing the Plaintext area and hitting the Encrypt button. This instant rebounding works because both necessary keys are properly in place as soon as you decrypt. Importing files Files can be dragged in from the browser to the content of the message window, or selected using the Import File... menu item in the Document menu. Exporting files Files in a received Plaintext message can be exported by dragging them from the message window content or by double clicking them to launch the appropriate application. Our proprietary algorithm One enjoyable aspect of working on encryption algorithms is that Help information pertaining to the algorithm itself should be vacuous; i.e., the less said, the better. Just one remark: the algorithm uses number theory but, in not using factorization, is distinct from the celebrated RSA method.