Zammad's PGP Fail: Why Storing Private Keys on the Server Defeats End-to-End Encryption
Mainstream ticketing systems, specifically Zammad, fundamentally fail to achieve true end-to-end encryption (E2EE). This failure centers on PGP key management, where storing private encryption keys on the server creates an immediate vulnerability should that server be compromised.
Discussions centered on two paths forward: building a dedicated client application to encrypt data before it leaves the user's device, or creating a server architecture that uses modified email clients. Username 'dengtav' repeatedly stressed that merely adding PGP support is meaningless if the private keys remain hostage to the server. The guiding principle cited is trusting nothing less than the server.
The consensus dictates that current off-the-shelf solutions are inadequate for high-security needs. The primary flaw is the server-side key storage. Any viable path must involve client-side control of the keys, favoring established, proven technologies over experimental implementations.
Key Points
Zammad's PGP integration is insecure.
dengtav argued that storing private keys on the server means a server breach hands the attacker both the keys and the encrypted data.
True E2EE requires client-side key control.
The community consensus holds that keeping private keys off the server is non-negotiable for achieving the goal.
Two architectural approaches were proposed.
The two options detailed were: 1) A client app for an existing system, or 2) A new server talking through modified mail clients.
System choice must prioritize stability.
dengtav advised sticking to popular and proven technologies rather than experimenting with fringe products.
Source Discussions (3)
This report was synthesized from the following Lemmy discussions, ranked by community score.