[RCD] S/MIME encryption and signing plugin

Владимир Горпенко vgo at stels.ru
Mon Jan 11 11:10:52 CET 2016


------ Исходное сообщение ------
От: "A.L.E.C" <alec �� alec.pl>
Кому: dev �� lists.roundcube.net
Отправлено: 10.01.2016 13:03:12
Тема: Re: [RCD] S/MIME encryption and signing plugin

>On 01/09/2016 11:03 AM, Владимир Горпенко wrote:
>>  Soon I will begin work with the Rcube 1.2 version.
>>
>>  As as I understand, in this version essential changes for encryption 
>>of
>>  mail are made, I would be very grateful to receive recommendations 
>>about
>>  application of my algorithms in the new RCube version.
>
>Yes. In 1.2 you have all parts needed for encryption already
>implemented. The Enigma plugin which implements PGP is prepared to
>provide also S/MIME encryption in the future. So, the best would be to
>focus on integrating your code with Enigma.
I don't know, whether it is correct to connect both ways of encryption 
in one plug-in. Solve it you.
But I needed to receive the working plug-in in short terms. I am afraid 
if I built in my development into Enigma,
we now just would agree.

Understand me correctly. I do my work and I need encryption of mail. 
Unfortunately, it appeared that the fastest way to receive it is to 
write myself.
I wrote. Of course, it would be very good that the plugin worked with 
standard rcube versions. It would be useful also for me and other users.

But to deal with the Enigma as I dealt with some parts of rcube and to 
build in my development an Enigma are more than that I am able to 
afford.
I very much respect work of those who does plug-ins for general use. But 
itself I can participate in this process only restrictedly.

I think, 90% of my texts are repeated that you already made for PGP 
encryption. If it is about sharing experience of transformation of the 
message from the S/MIME encryption form to decrypted and back, I am 
ready to make it and to offer code samples. Certainly, the same belongs 
and to signing of messages.

Also, if the rcube developers accept my changes in the text of the 
program or will offer similar, smime_crypto can be used by users of 
version 1.1.3 +. As I see, the line 1.1 continues to be supported and, 
therefore, changes can be made.

>It is to be decided if we want a separate interface to manage
>certificates or to store/display them on the same list with PGP keys.
>Anyway, some UI work will be needed.
I think that management of certificates and keys has to be allocated in 
the separate module or management of certificates and keys has to 
provide many possible options. Different users can are need different 
options: storage on the LDAP server, in SQL base or is simple in files. 
Also management of certificates and keys can be transferred to users or 
is made the centralized. For example that option which I will do for 
myself, will be so specific that I won't even offer it to anybody.

But that option which I made now, has to be considered as the simple 
temporary option allowing to debug the main plug-in rather. Though it 
isn't excluded that to someone it can be sufficient.

UI, of course, should be done anyway. But at present I am able to do UI 
insufficiently.

>The plugin code assumes certificates and keys can be handled in the 
>same
>unified way, but I didn't yet try S/MIME much, so some modifications 
>may
>be needed (to the key, subkey, userid, signature "interfaces").
It is just simple. There are only two types of data - the certificate 
and a private key. Formats of these data are standard and even not 
necessarily their nobility.)) There is one problem - safe storage of 
private keys. It can be solved differently. It is too the reason for 
allocation of management of certificates and keys in the separate 
module.

>Most important places to take a look:
>- enigma_engine and enigma_ui - The engine will need some small changes
>- enigma_driver_phpssl - S/MIME driver complete implementation (the is
>the only place in enigma classes where openssl functions should be 
>used)
>- enigma_mime_message - Mail_mime wrapper where encrypted/signed
>messages are created - needed code to build S/MIME messages.
Sorry, Alexander!
I think that it isn't enough to study only those places where the new 
code is directly built in. It is necessary to know the general structure 
and functioning of an Enigma. And for this purpose it is necessary to 
study some thousands of lines of a code of which it consists. I can't 
make it.

I was also so already strongly beaten out from the schedule. Besides, 
there are many of different tasks in which I have to be engaged.

Best regards
      Vladimir



More information about the dev mailing list