[RCD] OpenPGP in JavaScript in Roundcube in round in round in round...

Thomas Bruederli thomas at roundcube.net
Wed Jul 11 16:11:03 CEST 2012

On Sat, Jun 30, 2012 at 5:34 PM, Niklas <nik at qnrq.se> wrote:
> Hello :-)

Hi Nik
> I've been working on implementing OpenPGP.js in Roundcube for the past
> couple of days. It's still an unfinished project in development, but
> since there's such high demand for the result I ought I'd ask you guys
> for some early feedback.
> For those of you who don't know: OpenPGP.js is a fork of the previous
> GPG4Browsers. The intent is to port all OpenPGP functionality into
> JavaScript so that third party software isn't required for PGP activity.
> It uses HTML5 web storage and standard PKI keyrings (private keys excluded).

Interesting approach indeed!
> So far the plugin, rc_openpgpjs, has a "temporary"(?) user interface for
> key management and selection. Its consciously using a pretty rough UI at
> the moment because the new design for Roundcube is just around the
> corner, but just not finished enough yet to start working on. Also the
> Enigma plugin interface looked in trouble in Larry.
> Speaking of Enigma: I'm sure someone will ask why I extend that instead.
> With all due respect to its authors and fans, Enigma has been stuck in
> development for 2 years, and PGP support has been planned for Roundcube
> for 6 years. I'm not sure whether Enigma is really relevant or not.

It's stalled due to lack of time as well as technical and conceptual
issues. One of the conceptual questions was whether to store the
private keys on the server or not...

> Anyhow! Check it out, and tell me what you think. I strongly welcome UI
> recommendations, patches or any other tip about how I should progress.
> It's still in early development, but most of the key management features
> are implemented and so is the decryption of emails. Nothing about the UI
> is finished.

After a first run, I didn't fully understand what the plugin can do. I
tried to import my private key but it didn't appear in the list nor
did I get an error message or whatnot. When looking at the code, I
don't yet see actual encryption/decryption of mail contents. Or did I
miss something? Speaking of decryption, this is where the client side
approach will make things pretty complicated. It might work for simple
plain text messages but once an entire multipart message with
attachments needs to be decrypted, we'd also need mime parsing
functionality implemented in javascript and the entire message has to
be transferred from the IMAP server vis the Roundcube webserver to the
client. We'd need a full client side implementation of message parsing
and file handling. Not that this is entirely impossible but a huge
amount of work and be expected.

However, I'm willing to help you with the implementation of a
Roundcube plugin. For now here are a few suggestions:

* Move the key management stuff to the settings task. I'd suggest to
add another tab/section similar to the password or filters plugin.
* Hook into the 'message_part_structure' plugin hook to make sure
encrypted message contents will make it to the html output. See enigma
plugin for reference.
* Add some UI elements to sign/encrypt outgoing messages.

More to be added...


More information about the dev mailing list