On Sat, Jun 30, 2012 at 5:34 PM, Niklas nik@qnrq.se wrote:
Hello :-)
Hi Nik
I've been working on implementing OpenPGP.js in Roundcube for the past couple of days. It's still an unfinished project in development, but since there's such high demand for the result I ought I'd ask you guys for some early feedback.
For those of you who don't know: OpenPGP.js is a fork of the previous GPG4Browsers. The intent is to port all OpenPGP functionality into JavaScript so that third party software isn't required for PGP activity. It uses HTML5 web storage and standard PKI keyrings (private keys excluded).
Interesting approach indeed!
So far the plugin, rc_openpgpjs, has a "temporary"(?) user interface for key management and selection. Its consciously using a pretty rough UI at the moment because the new design for Roundcube is just around the corner, but just not finished enough yet to start working on. Also the Enigma plugin interface looked in trouble in Larry.
Speaking of Enigma: I'm sure someone will ask why I extend that instead. With all due respect to its authors and fans, Enigma has been stuck in development for 2 years, and PGP support has been planned for Roundcube for 6 years. I'm not sure whether Enigma is really relevant or not.
It's stalled due to lack of time as well as technical and conceptual issues. One of the conceptual questions was whether to store the private keys on the server or not...
Anyhow! Check it out, and tell me what you think. I strongly welcome UI recommendations, patches or any other tip about how I should progress. It's still in early development, but most of the key management features are implemented and so is the decryption of emails. Nothing about the UI is finished.
After a first run, I didn't fully understand what the plugin can do. I tried to import my private key but it didn't appear in the list nor did I get an error message or whatnot. When looking at the code, I don't yet see actual encryption/decryption of mail contents. Or did I miss something? Speaking of decryption, this is where the client side approach will make things pretty complicated. It might work for simple plain text messages but once an entire multipart message with attachments needs to be decrypted, we'd also need mime parsing functionality implemented in javascript and the entire message has to be transferred from the IMAP server vis the Roundcube webserver to the client. We'd need a full client side implementation of message parsing and file handling. Not that this is entirely impossible but a huge amount of work and be expected.
However, I'm willing to help you with the implementation of a Roundcube plugin. For now here are a few suggestions:
- Move the key management stuff to the settings task. I'd suggest to
add another tab/section similar to the password or filters plugin.
- Hook into the 'message_part_structure' plugin hook to make sure
encrypted message contents will make it to the html output. See enigma plugin for reference.
- Add some UI elements to sign/encrypt outgoing messages.
More to be added...
Best, Thomas