GPG/PGP Encryption
justin randell
justin at babel.com.au
Wed Feb 15 22:40:03 CET 2006
hi bradley,
we are almost finished integrating smime and pgp into roundcube for a
project at work.
we are implementing this using a combination of ldap (for x509) and a
small C setuid wrapper (to write to user's home directories), which
probably won't suit shared-hosting setups, as they will only be able to
write files as the webserver user in a common directory.
deadlines are too tight to work up patches for roundcube at this point
in time (and likely for the next 6-8 wks), but i'm planning to work on
them after that.
cheers
justin
Bradley Holt wrote:
> Since support for GPG/PGP encryption is listed on the roadmap under
> "additional features" I assumed it was planned as part of the core
> base of RoundCube. Someone please correct me if this assumption is
> wrong. I don't have a strong opinion either way. This is a feature
> that would almost certainly rely on outside software so it would be an
> optional feature even it were part of the core (hence perhaps
> strengthening the plugin argument).
>
> If this were to be developed as a plugin is there any place I can see
> a preliminary specification for the plugin architecture? Is this
> something that has been started yet?
>
> If this were to be part of the core base then your statement about
> OpenSSL brings up a good point. The GPG/PGP encryption feature should
> be designed in a flexible and extensible way that allows for multiple
> choices for encryption software (just as there are multiple choices of
> databases through Pear::DB). In other words, it would have to be
> designed to support GnuPG, OpenSSL and any future software that allows
> encryption/signing.
>
> --
> Bradley Holt
>
> On 2/15/06, Mark Dehus <dehus at csel.cs.colorado.edu> wrote:
>
>> My suggestion would be to wait for the plugin architecture to be developed
>> and then do encryption/decryption as a plugin. That way it leaves things
>> more open for the user to decide what they want to use (example one could
>> have a plugin that uses openssl instead of PGP). IMHO encryption is more of
>> an extension then something that should be added to the core base of the
>> webmail client.
>>
>> Mark
>>
>>
>> Bradley Holt wrote:
>> Sorry, should have thought of this as well in my first
>> e-mail:
>>
> <http://pecl.php.net/package/gnupg>. Thoughts on
>
>> relying on PECL
>>
> packages?
>
> --
> Bradley Holt
>
> On 2/15/06, Bradley Holt
>
>> <bradley.holt at gmail.com> wrote:
>>
>
>
>> I noticed that support for GPG/PGP encryption was on the RoundCube
>>
> roadmap
>
>> as a planned feature. I, for one, think this would be an
>>
> awesome feature to
>
>> have in a webmail client. It does bring up some
>>
> issues with storing private
>
>> keys for signing purposes. I guess users
>>
> would just have to trust their
>
>> webmail provider with securing their
>>
> private keys.
>
> One possibility would be
>
>> to implement the feature in two phases:
>>
> message encryption first since it
>
>> relies on public keys only and then
>>
> message signing which relies on private
>
>> keys. This project is
>>
> abandoned
>
>> <http://freshmeat.net/projects/openpgpwebmail/> but might
>> be
>>
> able to be gutted and reused for the message encryption portion of
>
>> the
>>
> problem. It looks like it's under the GNU GPL just as RoundCube is
>
>> so
>>
> using code from it shouldn't be a problem.
>
> If I get some time I may try
>
>> and see if I can graft some GPG/PGP
>>
> features in to RoundCube. My initial
>
>> idea would be to make these
>>
> features dependent on GnuPG.
>
>> Thoughts?
>>
>
> --
> Bradley Holt
>
>
>
>
>
>
>
>
More information about the Dev
mailing list