OpenPGP Email Forwarding Via Diverted Elliptic Curve Diffie-Hellman Key Exchanges

Abstract: An offline OpenPGP user might want to forward part or all of their email messages to third parties. Given that messages are encrypted, this requires transforming them into ciphertexts decryptable by the intended forwarded parties, while maintaining confidentiality and authentication. It is shown in recent lines of work that this can be achieved by means of proxy-re-encryption schemes, however, while encrypted email forwarding is the most mentioned application of proxy-re-encryption, it has not been implemented in the OpenPGP context, to the best of our knowledge. In this paper, we adapt the seminal technique introduced by Blaze, Bleumer and Strauss in EUROCRYPT'98, allowing a Mail Transfer Agent to transform and forward OpenPGP messages without access to decryption keys or plaintexts. We also provide implementation details and a security analysis.