On 27/07/2009 Braxton Ehle wrote:
Hello, I'd be interested in helping out with this as well. I've done some high level mapping out of what all said plugin would need to do in terms of functionality and what database setup could be useful, loosely based off of the Thunderbird's Enigmail extension. I was also waiting for the plugin API to really start working on this, which if it's already available(in some form), is good to hear. Should we start a thread on the forum to map out how this could work?
hey braxton,
great to hear that you already made some thoughts about the plugin design. have you already written down these thouhgts?
i suggest to use a wiki page for discussion about the plugin. unfortunately I seem to have no rights to create new wiki pages in the roundcube trac wiki. maybe someone could create a page with a name like 'wiki:PluginRepository/Encryption' and then we discuss any further questions there.
now back to topic, i'll try to write my thoughts down:
so far i don't know yet how to best implement the user management of gnupg. i guess that a webserver-writable directory is required that keeps secring.gpg and pubring.gpg for every roundcube user. the gnupg plugin then will set $GNUPGHOME accordingly. maybe a mysql table with user id, key id, key type (sec or pub) and key fingerprint would be useful to double-check that nobody compromised the pupring.gpg and secring.gpg files. sha256sums of the files should be stored in the db and checked at every operation as well. best would be to not make keyrings writeable to the webserver, but I don't see how to do that.
another issue is that the gnupg pecl module needs to be installed by the server admin, just like the gnupg binary. my motivation to use a php library was to make the roundcube plugin work on webspace where you neither have root access nor can request binary/library installations at all. i fear that i'll have to
i also like the idea by thomas to create a gnupg encryption plugin with support for different drivers (i.e. gnupg binary, gnupg pecl module, ...).
but i'm not sure yet whether an abstract encryption plugin with drivers for different encryption mechanisms (gpg, s/mime, ...) would be useful. i simply don't know s/mime enough, but i fear that key management etc differs to much from gnupg to create an abstract layer for both.
greetings, jonas
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/Mv/6uNnyJbn/signature.asc Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/