Dear subscribers
Today we proudly announce the stable version 1.2.0 of Roundcube Webmail which is now available for download. It introduces new features since version 1.1 covering security and PGP encryption topics:
- PHP7 compatibility
- PGP encryption
- Drag-n-drop attachments from mail preview to compose window
- Mail messages searching with pre-defined date interval
- Improved security measures to protect from brute-force attacks
And of course plenty of small improvements and bug fixes.
There wasn't much feedback on the 1.2-beta version and the release candidate which we consider a good sign. Some cleanup and stabilization of the Enigma plugin just happened for the now stable version.
As already announced with the 1.2-beta release [1], PGP encryption comes in two flavors: client-side using the Mailvelope browser extension and server-side with the Enigma plugin using GnuPG on the server.
Support with the Mailvelope browser plugin comes out of the box and is automatically enabled if the Mailvelope API is detected in a user’s browser. The Mailvelope documentation [2] explains how to enable it for your site.
The features of the Enigma plugin, which comes with the release package and simply needs to be activated for your Roundcube installation are explained in Alec's blog post [3].
With the release of Roundcube 1.2.0, the previous stable release branches 1.0.x and 1.1.x will switch in to LTS low maintenance mode which means they will only receive important security updates but no longer any regular improvements from upstream.
See the complete Changelog in our wiki [4] and download the new packages from https://roundcube.net/download.
Roundcube 1.2.0 is considered stable and we recommend to update all productive installations of Roundcube. As usual, don’t forget to backup your data before updating ;-)
Best, Thomas
[1] https://roundcube.net/news/2015/11/23/roundcube-webmail-1.2-beta-out-now [2] https://www.mailvelope.com/en/help#watchlist [3] https://kolabian.wordpress.com/2015/10/13/enigma-plugin-pgp-encryption/ [4] https://github.com/roundcube/roundcubemail/wiki/Changelog
Hello,
we're trying to set up enigma/gpg on a test machine but I can't get it to work.
Everything seems to work ok until I try to create a private key.
Since this is a test platform I just everything enigma related in /tmp/enigma ....
I have a test user utente1@mail.qa.schema31.it. After I go into settings -> pgp keys and i interact there i find this:
[root@fosforo /tmp/enigma]# find . -ls 1295535 8 drwxrwxrwx 3 webmail-dev wheel 512 May 25 18:15 . 1295536 8 drwx------ 3 www wheel 512 May 25 18:22 ./utente1@mail.qa.schema31.it 1295537 8 drwx------ 2 www wheel 512 May 25 18:15 ./utente1@mail.qa.schema31.it/private-keys-v1.d 1295540 16 -rw-r--r-- 1 www wheel 5061 May 25 18:21 ./utente1@mail.qa.schema31.it/pubring.kbx 1295542 8 -rw-r--r-- 1 www wheel 2702 May 25 18:20 ./utente1@mail.qa.schema31.it/pubring.kbx~
not that creating the keys gives an error ("Unable to import key(s)! Internal error.") and in fact there's no private key in the relative folder...
But the pubring is fine and round cube correctly reports a key as created with all sub keys informations.
Obviously signing or encrypting doesn't work.
gpg agent is correctly running....
[root@fosforo /tmp/enigma/utente1@mail.qa.schema31.it]# ps -ax | grep gpg 21900 - Ss 0:00.00 /usr/local/bin/gpg-agent --daemon --options /dev/null --csh --keep-display --no-grab --ignore-cache-for-signing --pinentry-touch-file /dev/null --disable-scdaemon --no-use-standard-socket --pinentry-program /usr/home/webmail-dev/www/gcloud-webmail/roundcube/vendor/pear-pear.php.net/Crypt_GPG/Crypt/GPG/../../bin/crypt-gpg-pinentry --homedir /tmp/enigma/utente1@mail.qa.schema31.it
Any idea?
Andrea Brancatelli Schema31 S.p.a. Responsabile IT
ROMA - BO - FI - PA ITALY Tel: +39.06.98.358.472 Cell: +39.331.2488468 Fax: +39.055.71.880.466 Società del Gruppo SC31 ITALIA
Il 2016-05-22 20:30 Thomas Bruederli ha scritto:
- PGP encryption
There wasn't much feedback on the 1.2-beta version and the release candidate which we consider a good sign. Some cleanup and stabilization of the Enigma plugin just happened for the now stable version.
This is the debug log for the part that gives error:
[26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: OPENING GPG SUBPROCESS WITH THE FOLLOWING COMMAND: [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: /usr/local/bin/gpg --status-fd '3' --command-fd '4' --no-secmem-warning --no-tty --no-default-keyring --no-options --always-trust --homedir '/tmp/enigma/utente1@mail.qa.schema31.it' --version [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: BEGIN PROCESSING [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: selecting streams [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => got 1 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG output stream ready for reading [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG output [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => read 606 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: selecting streams [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => got 3 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG output stream ready for reading [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG output [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => read 0 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG error stream ready for reading [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG error [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => read 0 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG status stream ready for reading [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG status [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => read 0 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: END PROCESSING [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: CLOSING GPG SUBPROCESS [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: USING GPG 2.1.11 with PHP 5.6.21 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: OPENING GPG-AGENT SUBPROCESS WITH THE FOLLOWING COMMAND: [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: /usr/local/bin/gpg-agent --daemon --options /dev/null --csh --keep-display --no-grab --ignore-cache-for-signing --pinentry-touch-file /dev/null --disable-scdaemon --no-use-standard-socket --pinentry-program '/usr/home/webmail-dev/www/gcloud-webmail/roundcube/vendor/pear-pear.php.net/Crypt_GPG/Crypt/GPG/../../bin/crypt-gpg-pinentry' --homedir '/tmp/enigma/utente1@mail.qa.schema31.it' [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: CLOSING GPG-AGENT LAUNCH PROCESS [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG-AGENT LAUNCH PROCESS CLOSED [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: OPENING GPG SUBPROCESS WITH THE FOLLOWING COMMAND: [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: /usr/local/bin/gpg --status-fd '3' --command-fd '4' --no-secmem-warning --no-tty --no-default-keyring --no-options --no-permission-warning --exit-on-status-write-error --trust-model always --homedir '/tmp/enigma/utente1@mail.qa.schema31.it' --import [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: BEGIN PROCESSING [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: selecting streams [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => got 1 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG is ready for input [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to write 3647 bytes to GPG input [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => wrote 3647 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => closing GPG input pipe [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: selecting streams [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => got 1 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG error stream ready for reading [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG error [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => read 86 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: ERROR: gpg: key B17C3A56: public key "Utente di TEST utente1@mail.qa.schema31.it" imported [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => closing GPG input pipe [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: selecting streams [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => got 1 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG status stream ready for reading [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG status [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => read 142 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: STATUS: IMPORTED 40E0E761B17C3A56 Utente di TEST utente1@mail.qa.schema31.it [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: STATUS: IMPORT_OK 1 BCD716B06A540DD3E6577D0040E0E761B17C3A56 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => closing GPG input pipe [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: selecting streams [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => got 1 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG error stream ready for reading [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG error [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => read 201 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: ERROR: gpg: key B17C3A56/B17C3A56: error sending to agent: No pinentry [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: ERROR: gpg: error building skey array: No pinentry [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: ERROR: gpg: Total number processed: 3 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: ERROR: gpg: imported: 1 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: ERROR: gpg: secret keys read: 3 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => closing GPG input pipe [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: selecting streams [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => got 3 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG output stream ready for reading [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG output [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => read 0 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG error stream ready for reading [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG error [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => read 0 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG status stream ready for reading [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG status [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => read 50 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: STATUS: IMPORT_RES 3 0 1 0 0 0 0 0 0 3 0 0 0 0 0 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => closing GPG input pipe [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: selecting streams [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => got 1 [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: GPG status stream ready for reading [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG status [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => read 0 bytes [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => closing GPG input pipe [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: END PROCESSING [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: CLOSING GPG SUBPROCESS [26-May-2016 11:55:36 +0200]: <bcqpqb4l> GPG: => subprocess returned an unexpected exit code: 2
Andrea Brancatelli Schema31 S.p.a. Responsabile IT
ROMA - BO - FI - PA ITALY Tel: +39.06.98.358.472 Cell: +39.331.2488468 Fax: +39.055.71.880.466 Società del Gruppo SC31 ITALIA
Il 2016-05-25 18:34 Andrea Brancatelli ha scritto:
Hello,
we're trying to set up enigma/gpg on a test machine but I can't get it to work.
Everything seems to work ok until I try to create a private key.
Since this is a test platform I just everything enigma related in /tmp/enigma ....
I have a test user utente1@mail.qa.schema31.it. After I go into settings -> pgp keys and i interact there i find this:
[root@fosforo /tmp/enigma]# find . -ls 1295535 8 drwxrwxrwx 3 webmail-dev wheel 512 May 25 18:15 . 1295536 8 drwx------ 3 www wheel 512 May 25 18:22 ./utente1@mail.qa.schema31.it 1295537 8 drwx------ 2 www wheel 512 May 25 18:15 ./utente1@mail.qa.schema31.it/private-keys-v1.d 1295540 16 -rw-r--r-- 1 www wheel 5061 May 25 18:21 ./utente1@mail.qa.schema31.it/pubring.kbx 1295542 8 -rw-r--r-- 1 www wheel 2702 May 25 18:20 ./utente1@mail.qa.schema31.it/pubring.kbx~
not that creating the keys gives an error ("Unable to import key(s)! Internal error.") and in fact there's no private key in the relative folder...
But the pubring is fine and round cube correctly reports a key as created with all sub keys informations.
Obviously signing or encrypting doesn't work.
gpg agent is correctly running....
[root@fosforo /tmp/enigma/utente1@mail.qa.schema31.it]# ps -ax | grep gpg 21900 - Ss 0:00.00 /usr/local/bin/gpg-agent --daemon --options /dev/null --csh --keep-display --no-grab --ignore-cache-for-signing --pinentry-touch-file /dev/null --disable-scdaemon --no-use-standard-socket --pinentry-program /usr/home/webmail-dev/www/gcloud-webmail/roundcube/vendor/pear-pear.php.net/Crypt_GPG/Crypt/GPG/../../bin/crypt-gpg-pinentry --homedir /tmp/enigma/utente1@mail.qa.schema31.it
Any idea?
Andrea Brancatelli Schema31 S.p.a. Responsabile IT
ROMA - BO - FI - PA ITALY Tel: +39.06.98.358.472 Cell: +39.331.2488468 Fax: +39.055.71.880.466 Società del Gruppo SC31 ITALIA
Il 2016-05-22 20:30 Thomas Bruederli ha scritto:
- PGP encryption
There wasn't much feedback on the 1.2-beta version and the release candidate which we consider a good sign. Some cleanup and stabilization of the Enigma plugin just happened for the now stable version.
Roundcube Development discussion mailing list dev@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/dev
On 05/26/2016 11:56 AM, Andrea Brancatelli wrote:
This is the debug log for the part that gives error:
Please, read https://github.com/roundcube/roundcubemail/blob/master/plugins/enigma/README very carefully.
Il 2016-05-26 11:59 A.L.E.C ha scritto:
On 05/26/2016 11:56 AM, Andrea Brancatelli wrote:
This is the debug log for the part that gives error:
Please, read https://github.com/roundcube/roundcubemail/blob/master/plugins/enigma/README very carefully.
Are you referring to the known issues with GnuPG 2.1?
Thats a big stopper because there's no GnuPG 2.0 in the FreeBSD Tree, only 2.1
I was reading https://www.gnupg.org/faq/whats-new-in-2.1.html and I seem to understand the problem lies with the new private key handling... ?
Is there anything we can try to help you debugging and fixing the issue?
On 05/26/2016 12:14 PM, Andrea Brancatelli wrote:
Are you referring to the known issues with GnuPG 2.1?
Yes.
Thats a big stopper because there's no GnuPG 2.0 in the FreeBSD Tree, only 2.1
According to gnupg.org 2.1 is "modern" while 2.0 is "stable".
I was reading https://www.gnupg.org/faq/whats-new-in-2.1.html and I seem to understand the problem lies with the new private key handling... ?
Is there anything we can try to help you debugging and fixing the issue?
There's another issue with 2.1 http://pear.php.net/bugs/bug.php?id=20453
I don't have gnupg 2.1 and I do not really plan to work on these issues in near future. I suppose you would need to provide the output of the commands you see in the debug (just skip --status-fd and --command-fd arguments).
Please, create a new thread or better an issue at github.
Hello Everyone,
I need to develop a TMDA tool based on this one: http://squirrelmail.org/plugin_view.php?id=227
Someone can help-me or develop this?
Proposals in private please
Aurélio
Il 2016-05-26 11:59 A.L.E.C ha scritto:
On 05/26/2016 11:56 AM, Andrea Brancatelli wrote:
This is the debug log for the part that gives error:
Please, read https://github.com/roundcube/roundcubemail/blob/master/plugins/enigma/README very carefully.
Sorry, i'm bombing you :)
I've installed GnuPG 2.0 and now the key creation process is ok, but I can't send a signed mail... it just keeps asking for the password over and over again.
I think this is the corresponding part of the log:
[26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: STATUS: USERID_HINT E110E9C3B0EC4576 Utente di TEST utente1@mail.qa.schema31.it [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: STATUS: NEED_PASSPHRASE E110E9C3B0EC4576 E110E9C3B0EC4576 1 0 [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: STATUS: ERROR get_passphrase 85 [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: STATUS: MISSING_PASSPHRASE [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: STATUS: INV_SGNR 0 7A96AC4306471F2A62D1978CE110E9C3B0EC4576 [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: STATUS: FAILURE sign 99 [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: => closing GPG input pipe [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: selecting streams [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: => got 4 [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: GPG output stream ready for reading [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG output [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: => read 0 bytes [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: GPG error stream ready for reading [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: => about to read 8192 bytes from GPG error [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: => read 159 bytes [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: ERROR: gpg: problem with the agent: No pinentry [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: ERROR: gpg: skipped "7A96AC4306471F2A62D1978CE110E9C3B0EC4576": Operation cancelled [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: ERROR: gpg: signing failed: Operation cancelled [26-May-2016 12:23:23 +0200]: <bcqpqb4l> GPG: GPG status stream ready for reading
Running crypt-gpg-pinentry from the command line seems to work ok:
[root@fosforo /home/webmail-dev/www/gcloud-webmail/roundcube/logs]# /usr/home/webmail-dev/www/gcloud-webmail/roundcube/vendor/pear-pear.php.net/Crypt_GPG/Crypt/GPG/../../bin/crypt-gpg-pinentry OK Crypt_GPG pinentry ready and waiting ^C [root@fosforo /home/webmail-dev/www/gcloud-webmail/roundcube/logs]#
-
A.L.E.C -
Andrea Brancatelli -
Aurélio de Souza Ribeiro Neto -
Thomas Bruederli