So it appears as though there is a bug in decrypting emails when using . It appears as though the error only surfaces (sometimes) when decrypting with the sender's credentials. This leads to some, not all, messages not being able to be decrypted from the "Sent" folder in Roundcube. The emails that cannot be decrypted from the "Sent" folder are successfully decrypted when viewing in Thunderbird (either from the recipients account or the sender's account). This tells me the bug is with the php function openssl_pkcs7_decrypt. The same email is also not able to be decrypted utilizing openssl from the command line.
All emails successfully decrypt with gpgsm.
I could do one of two things:
- Decrypt utilizing gpgsm, keep openssl_pkcs7_* functions for
everything else and attempt to fix/submit patch for openssl[_pkcs7_decrypt] function at a later date. Pro - least amount of re-work could make it into an upcoming beta Con - "messy"/fragmented solution
- Re-write all openssl_pkcs7_* PHP functions to utilize gpgsm Pro - unified, "clean" solution gpgsm integrates with gpg for public/private key storage decrypted emails would never be written to file Con - extensive rework Probably won't make the next beta Importing pkcs12 files into keyrings is currently "messy" and would still require use of openssl_pkcs7 function for certificate manipulation
I'd really like to see this feature be wrapped up, but I also want to do it right. Thoughts?
-Kyle