2022-12-03 - ProtonMail and E2E Encryption to Private Domains (backstory)

TL;DR: I learned ProtonMail can seamlessly send encrypted emails to non-ProtonMail domains via something called WKD as supported by GnuPG, but it was totally coincidental and not actually due to one of my attempts at trying to figure out how to do it.

WKD and my journey with ProtonMail and E2E Encryption to a Private Domain

A very oddly serendipitous exploration of Gemini

Having only discovered Gemini within the last few weeks, I’ve been trying different Gemini clients and browsing different Gemini sites and it’s been a tremendously positive experience for me.

While I enjoy a good command line, I don’t have any extensive text-based browsing from my childhood to justify this, but I find ansi-color coded content that’s broken up into reasonably bite sized chunks to be very aesthetically pleasing – At the moment, my favorite gemini browser is [bollux].

Discovering Gemini as a place that’s meant to be a text-based presentation of content without requiring ridiculous client-side work, it took only moments to decide it was something I wanted to start doing. But I needed to know more. I skimmed the spec, installed a bunch of different clients, and started browsing. My goals were to learn the styles used by others and to learn the capabilities of the platform.

One of the sites I landed on as a result of browsing CAPCOM was a post regarding the concept of [barriers to entry] for the Gemini space. There was an in-line reply to this post from another post.

I wrote it off as probably the authors were in contact somewhere out of band and so they were aware of one-another’s content, and I went about my day.

a post I found off CAPCOM with a reply

That nagging feeling…

But that thought stuck with me, that, “what if it was something more?” question. What if there’s some magical place using feeds or something that makes it easy to see when people comment on your stuff or something, I don’t know…

I double checked the spec, and it obviously didn’t cover it, but it seemed like using something like atom feeds, maybe there was a client out there I hadn’t found yet that watched for new sites to be created, indexed them, and had the ability to do some kind of magical correlation? I don’t know how I thought something might be able to work, but I couldn’t find anything in the day or so that it bounced around in my head.

So I did something uncharacteristic and reached out to one of the authors, since there was an email address right in the Gemini page – how brazen! What kind of crazy person puts their email address in a web page? Or maybe they just had an excellent spam filter and my message would probably fall into the spam filter, so why bother…

But what if? Damn it! I had to know. And the answer was pretty much as expected. The two authors communicated out of band. This was not an anticlimactic end as it was well put and there were references to other content, so I went about my day.

A few hours later…

I was in the middle of configuring my Linux-based phone to have all the excellent command-line tools I could need and so of course I was tweaking Mutt to do things like filter HTML through lynx – I saw a cool post using Pandoc to convert it to markdown, but I didn’t want the inevitable HTML droppings in my email. Anyway, it occurred to me that if I want to reach out to others on Gemini via email it would be nice if I configured a handler for mailto: links in Amfora.

An aside form that

I did make some limited attempts at accomplishing text-based internet browsing a few years back. Some sites work better than others, ultimately the growing “need” for JavaScript killed the journey for me, but one evening I was using Links2 (console with images, it’s sweet) or maybe Elinks and I stumbled over a web site for a Final Fantasy inspired MUD, and there was a link in the page to play the game and I inadvertently followed the link.

Whichever text-based browser I was using was configured to invoke the telnet client for telnet links and it dropped me right into the MUD and I created a character and had a great time exploring. I found the seamless integration of invoking another text-based program while inside a text based program to be very pleasant. I ended up taking a tour of MUD clients in the weeks that followed and even writing my own so I could play it with TLS on Android, but I digress even further…

Final Fantasy inspired MUD

a direct link to the MUD

A few moments after a few hours later…

So, with that experience of seamless transitions between text-based programs in mind, I thought it would be cool if Amfora would invoke Mutt for me, so instead of looking for documentation I opened up the config file for Amfora and naively told it to invoke mutt for the mailto: handler. Until that moment I had not told Amfora to launch any other programs of any kind, so I wasn’t aware that it would spawn it in the background and expect a display environment to be configured and that the program should actually be graphical…

And little did I know, that’s when it started to go horribly wrong

As a test, I pointed the browser at the earlier mentioned Gemini capsule where I knew I could find a readily available email address to “click”. Weird things started to happen. Amfora froze up and I started hitting buttons like control+C to put it out of is misery.

I cleaned up the config file, briefly researched how to tell tmux to open new panes from the command line, and decided that my mailto: handler would still be Mutt, but via tmux in a new pane because it seemed unlikely that I could trick Amfora into getting out of my way to let me write emails from Gemini space.

It worked well and since I was only ever using a Gemini browser on my phone via ssh to a tmux session, i decided it was a good solution.

This lead to some fantasizing about other URL handlers for things like XMPP, Mastodon, and the like, but I tapered my enthusiasm as I hadn’t seen very many sites yet, so I didn’t know what people use for contact methods other than email.

aforementioned Gemini capsule

This lead to some thinking

I had seen multiple capsules that provided email/key signatures, maybe I should consider revisiting PGP and the like to make sure I could accommodate encrypted email to more than just other ProtonMail users. I normally use the ProtonMail bridge (yeah, normally, for like a week I’ve been using it,) and pretend that all my email is unencrypted and let the bridge handle encrypting it for me.

Seriously not a big deal, but …

So I went on to ProtonMail through the web UI and somehow I landed in my sent folder, I don’t recall what I was doing there, but to my utter shock and embarrassment, my experiments with Amfora’s mailto: handler had somehow resulted in sending an email with no subject and no body.

Why was this so traumatic? I don’t know, but I immediately sent an apology and explained the situation. To which I received an inquiry about my use of Mutt with ProtonMail. That gave me pause, as the message was signed and encrypted.

I assumed the sender’s domain was one of those using PM for handling their MX or otherwise pointing to ProtonMail for encryption. The new email chain regarding my embarrassingly-empty email was entirely encrypted. I didn’t have to do anything, it was just encrypted.

Well, that took too long relay

Anyway, an email later and this harmless looking stanza ended the world as I knew it:

I have a web key directory (WKD) which is how emails from Proton users
get e2ee for me.

gemini://idiomdrottning.org/gpg-wkd

What Sorcery is This?

Everything is totally different now! Well at least that’s different. I’ve lost track of the number of times I’ve gone looking for exactly this tidbit only to give up in frustration. I know, I’m probably repeating myself, but here it was and a link that clearly spelled out the how and the what. So I went and followed it, and I did run into a few problems, but it’s working now.

I have to figure out what I want to do about ProtonMail. I strongly dislike my ProtonMail address, but my name was already taken and I’m just not cool enough to invent a new name. But with my own domain I can now do seamless encryption!! But I’ve been using PM for a while and I like that they’re providing what they provide, so do I keep them and basically use the address for what I used to use a gmail address for?

WKD: 2022-12-03-12-25-59.md “I can now do seamless encryption!””

WKD and my journey with ProtonMail and E2E Encryption to a Private Domain

WKD and my journey with ProtonMail and E2E Encryption to a Private Domain

So what’s really different?

I don’t need to set up some complicated process whereby my posts get “tooted” on Mastodon. But while perusing content and working around various missing features of different browsers, I’ve been thinking about content handlers for different URIs and I’m wondering how CGI scripts work, so I’m going to put some serious thought into making an in-band method of doing user interactions on Gemini.

If I do implement something, it will probably end up on the bottom of every page. Then again, by the time I envision something and have it working I’ll find someone else’s prepackaged and easy solution for it. But in the mean-time, I’m going to take a look at Gemserv, cgi-scripts, etc.

Tags

#index

Navigation

index

tags

prev ⏰

⏰ next

Backlinks

2022-12-04 - side tracked by wkd, what’s next?

2022-12-03 - ProtonMail and E2E Encryption to Private Domains

updated: 2022-12-03 13:45:01

generated: 2024-02-03