Free, secure communications for everyone, powered by decentralized private identity.

Overview

Ubikom Project

Encrypted email service based on decentralized private identity.

The Project

With Ubikom project, you can communicate via email in a secure way, while using the existing email clients that you know and love.

All email within Ubikom ecosystem is encrypted and authenticated.

There are no accounts. You create and register your private key, your possession of the private key is your identity.

You can run your own server, or you can interact with the public server. If you chose the latter, you temporary delegate the authority to send and receive mail to the public proxy server. This delegation can be revoked at any time using your main private key.

You are also able to interact with the legacy email world using our gateway (coming up later).

Why?

Long ago, you were able to run your own email server, which gave you an easy way to communicate with the world. Now you have to use Google or Microsoft for the simple task of sending messages to each other. Your identity is controlled by those companies, not by you. We want to give the identity back to the user and make it decentralized and not controlled by any entity. Based on this, we want to re-imagine email which is secure, private, and simple. It should be trivial for everyone (and everything) to register a name and start communicating.

Getting the Binaries

As of now, you must run a few commands on your machine to generate the keys in a secure way.

You can get binaries by compiling the source, or by pulling the pre-built binaries. The former is recommended, since you can examine the code to make sure no funny business is taking place.

To compile the source, you must have Go and make installed.

To clone the repo, do:

git clone github.com/regnull/ubikom

Now build the binaries:

cd ubikom
make build

The binaries are placed in build directory, corresponding to your system (linux, windows or mac).

If you like to live dangerously, you can get the pre-build binaries by downloading the latest release from GitHub releases page.

Getting Started

The easiest way to get started is to use our easy setup binary. When you run it, the following things will happen:

  • The main private key is generated and saved under $HOME/.ubikom/key
  • The additional key is generated and saved under $HOME/.ubikom/email.key
  • The email key is registered as a child of the main key. This means that the email key has limited authorization, to send and receive mail only. The main key can disable it at any time.
  • Your chosen name is registered with the identity service
  • The public proxy service is registered as the place where you receive your email

So, let's go ahead and run the setup binary. It will prompt you for the name you would like to use, and password for the email key.

Your name is what other users will use to send you email. Think of it as joe in [email protected] - only without "@gmail.com" part. Your identity does not belong to any server, or domain. It belongs to you.

$ ./easy-setup
Enter the name you would like to use: bob
Enter new password: pumpkin123
16:29:40 DBG generating POW...
16:29:40 DBG POW found pow=571112bedeebe56f
16:29:41 INF main key is registered
16:29:41 DBG generating POW...
16:29:44 DBG POW found pow=1b2340cbaadd9630
16:29:44 INF email key is registered
16:29:44 DBG generating POW...
16:29:47 DBG POW found pow=6da1ab414fbed96b
16:29:47 INF key relationship is updated
16:29:47 DBG generating POW...
16:29:49 DBG POW found pow=43600cb932e19d40
16:29:49 INF name is registered
16:29:49 DBG generating POW...
16:29:52 DBG POW found pow=4e1d0e883508751e
16:29:52 INF address is registered

Use the following information in your email client:
User name: 78spGfDTj5s
Password: pumpkin123
POP and SMTP server address: alpha.ubikom.cc

It might take a few seconds - while registering keys, names, and addresses, the clients are required to compute Proof-of-Work for every request, to reduce spam and name squatting.

Notice the information printed at the end, you will need it to configure your email client.

Configure Your Email Client

Let's use Mozilla Thunderbird as an example, other email clients can be configured in a similar way.

Open Thunderbird and add new account:

Add account

Your name is whatever you choose.

Email address is [email protected] Remember, we don't want "@whatever" part, but the client expects it - so we put "@x" as a shortcut. Some stickler clients might not like it either, so you can also use [email protected] format.

The password is what you entered as a password when running easy-setup, in our case, pumpkin123.

Click "Continue". You will be presented with the next dialog:

Configure servers

Under INCOMING, enter the following:

  • "POP3" for protocol
  • "alpha.ubikom.cc" for server
  • "995" for port (the default)
  • "SSL/TLS" for SSL
  • "Normal password" for authentication
  • The user name printed by the simple-setup as username, in our case it's "78spGfDTj5s"

Under OUTGOING, enter the following:

  • "alpha.ubikom.cc" for server
  • "465" for port (the default)
  • "SSL/TLS" for SSL
  • "Normal password" for authentication
  • The user name printed by the simple-setup as username, in our case it's "78spGfDTj5s"

Click "Done".

Send a message to yourself ([email protected]) to make sure everything works. You will be prompted for your password, enter the password you used when running easy-setup (in our case, pumpkin123).

Work in Progress

  • Generate keys via the web interface (but user will always have an option to generate the keys locally)
  • Email gateway
  • Decentralize the identity service

References and Other Similar Projects

Self-Sovereign Identity

Decentralized Identifiers (DID)

Sovrin - Global SSI

In Search of Self-Sovereign Identity Leveraging Blockchain Technology

The Path To Self-Sovereign Identity

EIDAS SUPPORTED SELF-SOVEREIGN IDENTITY

Blockchain and Digital Identity

SelfKey - SSI startup

Issues
  • I can not send mail to outlook/live mail servers

    I can not send mail to outlook/live mail servers

    I can not send mail to outlook/live mail servers.

    It is said:

    host outlook-com.olc.protection.outlook.com[104.47.22.161] said: 550 5.7.1 Unfortunately, messages from [3.21.133.245] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [DB8EUR06FT039.eop-eur06.prod.protection.outlook.com] (in reply to MAIL FROM command)

    opened by regnull 6
  • Certain messages cause proxy server to crash

    Certain messages cause proxy server to crash

    00:52:01 DBG reading messages prefix=message_1AfUuN7SRnm8o7ZieSeNZTh2ibjFj9exGK_1_ panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x8c pc=0x81d679]

    goroutine 107 [running]: github.com/emersion/go-imap.(*Message).formatItem(0xc000445500, {0xc0046f6370, 0xd}) /Users/regnull/go/pkg/mod/github.com/emersion/[email protected]/message.go:286 +0x339 github.com/emersion/go-imap.(*Message).Format(0xc000445500) /Users/regnull/go/pkg/mod/github.com/emersion/[email protected]/message.go:323 +0x33e github.com/emersion/go-imap/responses.(*Fetch).WriteTo(0xc000068900, 0xc0004f81e0) /Users/regnull/go/pkg/mod/github.com/emersion/[email protected]/responses/fetch.go:64 +0x85 github.com/emersion/go-imap/server.(*response).WriteTo(0xc000494258, 0xc62d20) /Users/regnull/go/pkg/mod/github.com/emersion/[email protected]/server/conn.go:130 +0x29 github.com/emersion/go-imap/server.(*conn).writeAndFlush(0xc002280a80, {0xc633a0, 0xc000494258}) /Users/regnull/go/pkg/mod/github.com/emersion/[email protected]/server/conn.go:208 +0x35 github.com/emersion/go-imap/server.(*conn).send(0xc002280a80) /Users/regnull/go/pkg/mod/github.com/emersion/[email protected]/server/conn.go:232 +0x227 created by github.com/emersion/go-imap/server.newConn /Users/regnull/go/pkg/mod/github.com/emersion/[email protected]/server/conn.go:111 +0x352

    bug high priority 
    opened by regnull 3
  • Some messages are not delivered from the external mailing list

    Some messages are not delivered from the external mailing list

    Mail log:

    Sep 17 13:37:32 mail postfix/qmgr[135319]: E6E023E993: from=[email protected], size=6108, nrcpt=1 (queue active) Sep 17 13:37:32 mail postfix/pipe[684563]: E6E023E993: to=[email protected], orig_to=[email protected], relay=ubikomtransport, delay=0.12, delays=0.07/0/0/0.04, dsn=2.0.0, status=sent (delivered via ubikomtransport service ([90m13:37:32[0m [33mDBG[0m connecting to lookup service [36murl=[0malpha.ubikom.cc:8825)) Sep 17 13:37:32 mail postfix/qmgr[135319]: E6E023E993: removed

    But there is no record in the receiver log.

    bug 
    opened by regnull 2
  • Gateway fails to deliver message

    Gateway fails to deliver message

    When message is sent from an external sender in response to an internal message:

    [email protected] (expanded from [email protected]): Command died with status 1: "/home/ubuntu/ubikom/ubikom-gateway". Command output: [90m15:38:08[0m [33mDBG[0m connecting to lookup service [36murl=[0malpha.ubikom.cc:8825 [90m15:38:08[0m [33mDBG[0m sending mail [36mreceiver=[[email protected] [90m15:38:08[0m [1m[31mFTL_[0m_[0m failed to send message [31merror=[0m_[31m"failed to get receiver public key: rpc error: code = InvalidArgument desc = invalid name"_[0m

    Looks like it pulls a wrong key (for [email protected]).

    bug 
    opened by regnull 2
  • Add an alternative domain that is shorter than

    Add an alternative domain that is shorter than "ubikom"

    Hello! Protonmail has "pm" as an alternative domain, available for all users. Would something similar be possible for Ubikom? It's quite a mouthful to spell out over the phone, for example.

    opened by Dyras 1
  • Possible consistent error while reading messages

    Possible consistent error while reading messages

    Triggered by iOS Mail:

    01:54:22 DBG [IMAP] <- ListMessages mailbox=INBOX user=1AfUuN7SRnm8o7ZieSeNZTh2ibjFj9exGK 01:54:22 DBG ListMessages params items=["BODYSTRUCTURE","BODY.PEEK[HEADER]","UID"] mailbox=INBOX seqset={"Set":[{"Start":1402,"Stop":1402}]} uid=true user=1AfUuN7SRnm8o7ZieSeNZTh2ibjFj9exGK 01:54:22 DBG reading messages prefix=message_1AfUuN7SRnm8o7ZieSeNZTh2ibjFj9exGK_1_ 01:54:22 ERR error fetching message error="unexpected EOF" 01:54:22 DBG messages returned count=0 mailbox=INBOX user=1AfUuN7SRnm8o7ZieSeNZTh2ibjFj9exGK 01:54:22 DBG [IMAP] -> ListMessages mailbox=INBOX user=1AfUuN7SRnm8o7ZieSeNZTh2ibjFj9exGK

    bug 
    opened by regnull 1
  • Patch emersion/go-message package to handle additional charsets

    Patch emersion/go-message package to handle additional charsets

    ... to fix the following errors, among others:

    01:33:35 ERR failed to create email entity error="unknown charset: unknown charset: message: unhandled charset "ascii"" 01:33:35 ERR failed to create email entity error="unknown charset: unknown charset: message: unhandled charset "iso-8859-1"" 01:33:35 ERR failed to create email entity error="unknown charset: unknown charset: message: unhandled charset "windows-1252""

    enhancement 
    opened by regnull 1
  • Allow larger emails

    Allow larger emails

    02/25 15:53:31 ERR failed to send message error="failed to send message: rpc error: code = ResourceExhausted desc = grpc: received message larger than max (27376392 vs. 4194304)"

    opened by regnull 0
Releases(v0.5.0)
Owner
Leonid Gorkin
Leonid Gorkin
Identity-service - An OAuth2 identity provider that operates over gRPC

Identity-service - An OAuth2 identity provider that operates over gRPC

Otter Social 2 May 2, 2022
Identity - An OAuth2 identity provider that operates over gRPC

Otter Social > Identity Provider An OAuth2 identity provider that operates over

Otter Social 2 May 2, 2022
GoStorm is a Go library that implements the communications protocol required to write Storm spouts and Bolts in Go that communicate with the Storm shells.

gostorm godocs GoStorm is a Go library that implements the communications protocol required for non-Java languages to communicate as part of a storm t

John Gilmore 128 Nov 2, 2021
Parallel Digital Universe - A decentralized identity-based social network

Parallel Digital Universe Golang implementation of PDU. What is PDU? Usage Development Contributing PDU PDU is a decentralized identity-based social n

PDU.PUB 39 Jun 16, 2022
Osin-example - Example of a identity provider powered by OAuth 2.0 in Golang

go mod init github.com/bartmika/osin-example go get github.com/google/uuid go get github.com/rs/cors go get github.com/spf13/cobra go get github.com/g

Bartlomiej Mika 0 Jan 5, 2022
BTFS - The First Scalable Decentralized Storage System - A Foundational Platform for Decentralized Applications

go-btfs What is BTFS? BitTorrent File System (BTFS) is a protocol forked from IPFS that utilizes the TRON network and the BitTorrent Ecosystem for int

BitTorrent Inc. 76 Jun 20, 2022
Identity & Access Management simplified and secure.

IAM Zero Identity & Access Management simplified and secure. ?? Get Started | ?? Support What is IAM Zero? IAM Zero detects identity and access manage

Common Fate 192 Jun 10, 2022
go-fastdfs 是一个简单的分布式文件系统(私有云存储),具有无中心、高性能,高可靠,免维护等优点,支持断点续传,分块上传,小文件合并,自动同步,自动修复。Go-fastdfs is a simple distributed file system (private cloud storage), with no center, high performance, high reliability, maintenance free and other advantages, support breakpoint continuation, block upload, small file merge, automatic synchronization, automatic repair.(similar fastdfs).

中文 English 愿景:为用户提供最简单、可靠、高效的分布式文件系统。 go-fastdfs是一个基于http协议的分布式文件系统,它基于大道至简的设计理念,一切从简设计,使得它的运维及扩展变得更加简单,它具有高性能、高可靠、无中心、免维护等优点。 大家担心的是这么简单的文件系统,靠不靠谱,可不

小张 3.2k Jun 30, 2022
Muxie is a modern, fast and light HTTP multiplexer for Go. Fully compatible with the http.Handler interface. Written for everyone.

Muxie ?? ?? ?? ?? ?? ?? Fast trie implementation designed from scratch specifically for HTTP A small and light router for creating sturdy backend Go a

Gerasimos (Makis) Maropoulos 272 Jun 12, 2022
Group peer to peer video calls for everyone written in Go and TypeScript

Peer Calls v4 WebRTC peer to peer calls for everyone. See it live in action at peercalls.com. The server has been completely rewriten in Go and all th

Peer Calls 1.1k Jun 26, 2022
Go Services for everyone :-)

Go Training Service Purpose The purpose of this project is to allow participants of the Go training sessions to have a hands-on experience, developing

PRODYNA SE 2 Jan 5, 2022
The gotgbot template everyone should use.

gotgbot Template A simple and extendable template for gotgbot. Features The template has a clean, maintainable and extendable structure that makes bui

null 2 Feb 24, 2022
Secure, private and feature-rich CLI password manager

Kure Kure is a free and open-source password manager for the command-line. This project aims to offer the most secure and private way of operating wit

Gastón Palomeque 125 Jun 15, 2022
Monero: the secure, private, untraceable cryptocurrency

Monero Copyright (c) 2014-2021 The Monero Project. Portions Copyright (c) 2012-2013 The Cryptonote developers. Table of Contents Development resources

The Monero Project 7.1k Jun 25, 2022
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

docker-slim 13.8k Jun 28, 2022
Fast, secure and efficient secure cookie encoder/decoder

Encode and Decode secure cookies This package provides functions to encode and decode secure cookie values. A secure cookie has its value ciphered and

Christophe Meessen 57 May 22, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.5k Jun 30, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.5k Jun 30, 2022
Pomerium is an identity-aware access proxy.

Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access cont

null 3.1k Jun 25, 2022
Boundary enables identity-based access management for dynamic infrastructure.

Boundary Please note: We take Boundary's security and our users' trust very seriously. If you believe you have found a security issue in Boundary, ple

HashiCorp 3.4k Jun 30, 2022
Graphik is a Backend as a Service implemented as an identity-aware document & graph database with support for gRPC and graphQL

Graphik is a Backend as a Service implemented as an identity-aware, permissioned, persistant document/graph database & pubsub server written in Go.

null 302 Jun 17, 2022
Switch git user easily with ssh identity.

gitusr A cli tool to easily manage multiple git users and their ssh identity. Add a new git user to gitusr config. Delete a git user from gitusr confi

Ahmed waleed 4 Aug 22, 2021
ZITADEL - Identity Experience Platform

What Is ZITADEL ZITADEL is a "Cloud Native Identity and Access Management" solution built for the cloud era. ZITADEL uses a modern software stack cons

CAOS 1.1k Jun 26, 2022
It is a JWT based implement of identity server.

JWTAuth 安裝說明 基本需求 安裝 docker 服務 安裝 OpenSSL 安裝指令 建立 OS 系統的 jwtauth 帳號 sudo useradd -m jwtauth 給予 JWTAuth 帳號可以操作 docker 的權限 sudo usermod -aG docker jwtau

null 0 Nov 30, 2021
Booking Identity Management For Golang

third_party/OpenAPI This directory contains HTML, Javascript, and CSS assets that dynamically generate Swagger documentation from a Swagger-compliant

null 2 Feb 25, 2022
Demonstration of sharing secret data between an OAuth/OIDC client and an Identity Providers web client.

OAuth / OIDC Cubbyhole Share secret data between client applications. This is mostly a demonstration of some of the work I've been evaluating at Storj

mya 3 Mar 21, 2022
Authenticating using Workload Identity Federation to Cloud Run, Cloud Functions

Authenticating using Workload Identity Federation to Cloud Run, Cloud Functions This tutorial and code samples cover how customers that use Workload i

null 0 Feb 11, 2022
A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API

Heimdall Heimdall is inspired by Ory's OAthkeeper, tries however to resolve the functional limitations of that product by also building on a more mode

Dimitrij Drus 7 Jun 20, 2022
Private BitTorrent tracker generator

Private BitTorrent tracker for everyone PrivTracker allows to share torrent files just with your fiends, nobody else. Unlike public trackers, it share

meehow 89 Jun 24, 2022