Problem: HTML Forms and Confidentiality
This web site is concerned with the problem of encrypting HTML forms when you don't have access to the server hosting your web pages.
HTML forms normally rely on server-side capabilities to process the forms. If you can't run CGI scripts (either because the people hosting your site won't let you or because you don't know how to write such scripts), you are faced with two alternatives:
To get privacy, one normally uses the HTTPS
protocol (HTTP running on top of the Secure Sockets Layer, SSL)
to encrypt HTML forms. HTTPS requires that you install an SSL key
and a digital certificate on the web server, so HTTPS is not a
solution for people without access to the server.
MeringueMail is a collection of routines that offers (some level of) privacy when HTML forms are submitted without relying on server-side software. The security that MeringueMail provides is weaker than that offered by SSL. However, MeringueMail may be acceptable if you absolutely can't run server-side code (see the disclaimer in red at the bottom of this page).
MeringueMail consists of two sets of programs:
For a quick tour of these programs, click here.
Meringuemail Version 1.2.4
The following downloads are in .zip files.
Contact & Demonstrations
For a demo of MeringueMail, you can send a message from the following form. If you're just curious to see how MeringueMail encrypts a form, select the "Test message" type. If you need help installing MeringueMail (or experience any other problems), please choose the "Assistance" option. Bug reports can also be submitted from the same form.
The form will be processed by the Bravenet form processor, which means that the form submission won't reveal your e-mail address (unless you choose to supply it).
Cryptography & Security
The cryptographic algorithms used in MeringueMail are all well known and have been studied by serious cryptanalysts; i.e. the cryptography is unlikely to be "snake oil".
"Hybrid" cryptography is used;
i.e. asymmetric (also known as public key) encryption is used for
key exchange and symmetric crypto is used for data encryption.
This is the same principle used by, for example, SSL and PGP.
MeringueMail uses 1024-bit or 1536-bit RSA with PKCS#1 (version
1.5) padding for its asymmetric encryption. The ARC4 (alleged
RC4) algorithm with a 128-bit key is used as a symmetric cipher.
While the cryptography in MeringueMail is almost certainly unbreakable in practice, this strong encryption should not be taken to imply that MeringueMail is "secure". Any software offering encryption that relies entirely on client-side code will not allow for server authentication. Without server authentication, an adversary can launch a "man-in-the-middle" (MITM) attack on your web site. This vulnerability is not unique to MeringueMail but applies to all software that does not provide server authentication. Most SSL solutions provide server authentication, which is why HTTPS is the preferred approach for form encryption. If you believe that MITM attacks are a threat to your web site you should not use MeringueMail.
Many web servers run CGI scripts to store the forms posted in a database. It is a little tricky to store an e-mailed form in a database. The obvious solution is to manually capture the data but this is tedious and error-prone. MeringueMail now supports the ability to write decrypted forms to a database.
The routines have been tested with Microsoft Access 2000 and MySQL 4. However, the database functionality should work with other database management systems (DBMSs) that have ODBC drivers or JDBC drivers.
If you don't have a DBMS, you should consider downloading the MySQL database. It's excellent which is why it's downloaded 29,000 times per day.
You can get an overview of how to use a database to store MeringueMails here.
Question: Can MeringueMail be used with Outlook?
(This question has only been asked twice but "frequently" is a relative term.)
Version 1.2.1 of the MeringueMail client simplified the process of using MeringueMail with another e-mail client. The procedure involves exporting the message from your existing mail client and importing it into MeringueMail. The procedure is described in section 13 of the documentation.
Version 1.0 (October 2002): Initial release. Supported form submission via e-mail and Response-O-Matic.
Version 1.1 (March 2003): Added support for the BraveNet form processor. The name of form was submitted with the form. Fixed form rendering bugs in the mail client.
Version 1.2 (May 2003): Added support for character sets other than Latin-1 ( ISO8859-1), any character in the Unicode character set can be encrypted. Database functionality was added simplifying the process of storing a decrypted form in a database.
Version 1.2.1 (May 2003): Added an option to the MeringueMail client to allow messages to be imported from other mail clients such as Outlook and Outlook Express.
Version 1.2.2 (August 2003): Minor enhancements to the database code and code for recovering if the file containing the MeringueMails becomes corrupted.
Version 1.2.3 (November 2003): The dialog box for logging onto a mail server was improved.
Version 1.2.4 (December 2004): Very minor change concerned with deleting MeringueMails.
The best way to submit confidential information in a form is by means of HTTPS (HTTP over SSL). MeringueMail should not be used as an alternative to a well-designed and extensively analysed protocol like SSL. If you want to send secure e-mail you should consider PGP or use a mail client that supports S/MIME (the latter requires that you get a digital certificate from a certification authority).
At the risk of stating the obvious, using MeringueMail to encrypt sensitive personal information such as credit card details would be grossly irresponsible.