Go to file
Tankred Hase f2dcb572ad Update pbkdf2.js 2014-04-12 14:17:10 +02:00
res add channel push script 2013-11-14 10:49:38 +01:00
src Update pbkdf2.js 2014-04-12 14:17:10 +02:00
test [WO-296] implement change passphrase ui 2014-04-11 18:39:13 +02:00
.gitignore add build for node-webkit 2014-03-02 17:56:42 +01:00
.jshintrc get requirejs bootstrapping working 2014-03-02 23:05:09 +01:00
.travis.yml update readme and change deps to https github tarballs 2014-01-15 17:07:14 +01:00
Gruntfile.js [WO-184] implement support for importing an existing pgp key 2014-03-07 12:13:18 +01:00
LICENSE.txt update readme and list libraries 2014-01-16 11:04:39 +01:00
README.md Update README.md 2014-02-18 19:26:29 +01:00
package.json TAG ALL THE THINGS 2014-03-25 12:45:37 +01:00

README.md

mail-html5 Build Status

Whiteout Mail is an easy to use email client with integrated OpenPGP encryption written in pure JavaScript. Download the official version under whiteout.io.

Features

You can read about product features and our future roadmap in our FAQ.

Privacy and Security

We take the privacy of your data very seriously. Here are some of the technical details:

  • Messages are encrypted end-to-end using the OpenPGP standard. This means that only you and the recipient can read your mail. Your messages and private PGP key are stored encrypted on your computer and are never sent to our our servers.

  • Like most native email clients whiteout mail uses raw TCP sockets to communicate directly with your mail server via IMAP/SMTP.

  • Mail server SSL certificates are pinned under src/ca/ in order to protect against SSL certificate forgery and other man in the middle attacks.

  • The app is deployed as a Chrome Packaged App with auditable static versions in order to prevent problems with host-based security.

  • Content Security Policy (CSP) is enforced to prevent against injection attacks.

  • The code is still under heavy development and is not yet recommended for production use. That being said, we have done multiple code audits and penetration tests (which will be published regularly once all reported vulnerabilities are fixed).

Reporting bugs and feature requests

  • We will launch a bug bounty program later on for independant security researchers. If you find any security vulnerabilities, don't hesitate to contact us security@whiteout.io.

  • You can also just create an issue on GitHub if you're missing a feature or just want to give us feedback. It would be much appreciated!

Testing

You can download a prebuilt bundle under releases or build your own from source (requires node.js, grunt and sass):

npm install && npm test

This will download all dependencies, run the tests and build the Chrome Packaged App bundle DEV.zip which can be installed under chrome://extensions in developer mode.

Development

For development you can start a connect dev server:

grunt dev

Then visit http://localhost:8580/dist/chrome.html#/desktop for front-end code or http://localhost:8580/test/new-unit/ to test JavaScript changes. You can also start a watch task so you don't have rebuild everytime you make a change:

grunt watch

License

Copyright © 2013, Whiteout Networks GmbH. All rights reserved.

The code is open for inspection and peer review by the security community.
The code is currently not licensed under an open source license. If you're
interested in contributing or getting a license, please get in touch with
us (info@whiteout.io).

Third party libraries

We work together with existing open source projects wherever possible and contribute any changes we make back upstream. Many of theses libraries are licensed under an open source license. Here are some of them:

  • OpenPGP.js: An implementation of OpenPGP in Javascript
  • Inbox: Simple IMAP client for node.js
  • Nodemailer: SMTP client for node.js
  • Forge: An implementation of TLS in Javascript
  • node-shims: Shims for wrapping node's net/tls (TCP socket) APIs around chrome.socket