Hi all
Is there any information on the status of S/MIME and PGP support in RC? I would very much like to see that done, contributing code (or coding it myself) if necessary and I can cope (I've done similar stuff in Perl, PHP shouldn't be too different ...)
I see there is the "enigma" plugin, which is work in progress (haven't looked at the code, though). Is there anybody currently working on it? Or on another plugin/solution to support mail encryption/signing?
Thx /markus
On 2013-11-28 10:21, Markus Wernig wrote:
Or on another plugin/solution to support mail encryption/signing?
OpenPGP for Roundcube via JavaScript: https://github.com/qnrq/rc_openpgpjs
On 2013-11-28 10:28, Lazlo Westerhof wrote:
On 2013-11-28 10:21, Markus Wernig wrote:
Or on another plugin/solution to support mail encryption/signing?
OpenPGP for Roundcube via JavaScript: https://github.com/qnrq/rc_openpgpjs
OK, thx. Anyone working on S/MIME?
Lazlo Westerhof wrote:
On 2013-11-28 10:21, Markus Wernig wrote:
Or on another plugin/solution to support mail encryption/signing?
OpenPGP for Roundcube via JavaScript: https://github.com/qnrq/rc_openpgpjs
That's a start but unfortunately only works on text parts but not for attachments. But in terms of architecture, a purely client-side encryption/decryption is the preferred and most secure way.
Please find a summary about the current situation and the proposed next steps to get that done: http://trac.roundcube.net/wiki/PluginRepository/Encryption
Regarding S/MIME, GnuPG is also supposed to do S/MIME but I'm not sure whether the OpenPGP.js has plans to add that too.
We'd much appreciate any contribution on this. If anybody decides to work on the OpenPGP.js approach, please get in contact with the author of the rc_openpgpjs plugin.
Best, Thomas
On Sat Nov 30 13:00:45 CET 2013, Thomas Bruederli wrote:
But in terms of architecture, a purely client-side encryption/decryption is the preferred and most secure way.
OK, this depends on which side of the cryptosystem you assume to be more trustworthy: the server or your browser runtime. Especially javascript has some major drawbacks when it comes to crypto (just think XSS). See eg. here for a discussion: http://www.matasano.com/articles/javascript-cryptography/
A S/MIME browser plugin would definitely be the way to go, security-wise.
Unfortunately, this is a nightmare maintenance-wise ... and also would take considerably more time (which is, as always, the limiting factor).
So I'd rather stick with a server-side approach, even if it would not make it into an official release.
Kind regards /markus
Am 01.12.2013 14:20, schrieb Markus Wernig:
On Sat Nov 30 13:00:45 CET 2013, Thomas Bruederli wrote:
But in terms of architecture, a purely client-side encryption/decryption is the preferred and most secure way.
OK, this depends on which side of the cryptosystem you assume to be more trustworthy: the server or your browser runtime. Especially javascript has some major drawbacks when it comes to crypto (just think XSS). See eg. here for a discussion: http://www.matasano.com/articles/javascript-cryptography/
[...] So I'd rather stick with a server-side approach, even if it would not make it into an official release.
Same here.
Kind regards, jonas
On 12/01/2013 09:31 PM, Jonas Meurer wrote:
So I'd rather stick with a server-side approach, even if it would not make it into an official release.
Same here.
Then you guys should take a look at enigma plugin and finish it. Development of this plugin have been stopped because of Crypt_GPG issues with gnupg 2.x (now solved in the package) and because we're not much interested in server-side encryption. Of course, we'll accept pull requests for enigma plugin and provide feedback when needed.
2013-12-02 08:27 időpontban A.L.E.C ezt írta:
On 12/01/2013 09:31 PM, Jonas Meurer wrote:
So I'd rather stick with a server-side approach, even if it would not make it into an official release.
Same here.
Then you guys should take a look at enigma plugin and finish it. Development of this plugin have been stopped because of Crypt_GPG issues with gnupg 2.x (now solved in the package) and because we're not much interested in server-side encryption. Of course, we'll accept pull requests for enigma plugin and provide feedback when needed.
As I see the enigma plugin doesn't contain any S/MIME verification so I made a plugin to do this. I uploaded it to https://github.com/Takika/rc_smime_verify . It works with RC 0.9+. Feel free to use it :)
On 12/13/2013 01:35 PM, Sandor Takacs wrote:
As I see the enigma plugin doesn't contain any S/MIME verification so I made a plugin to do this. I uploaded it to https://github.com/Takika/rc_smime_verify . It works with RC 0.9+. Feel free to use it :)
Thanks for sharing this.
It would be great to integrate this with Enigma with a config option so we could use this plugin in "Verify" mode only (at least).
Hello!
2013-12-13 13:42 időpontban A.L.E.C ezt írta:
On 12/13/2013 01:35 PM, Sandor Takacs wrote:
As I see the enigma plugin doesn't contain any S/MIME verification so I made a plugin to do this. I uploaded it to https://github.com/Takika/rc_smime_verify . It works with RC 0.9+. Feel free to use it :)
Thanks for sharing this.
It would be great to integrate this with Enigma with a config option so we could use this plugin in "Verify" mode only (at least).
I just want to do the S/MIME sign (and later the encrypt) method but I don't know how can I change the _full_ message (text part, html part, attachments) before send. Can someone send an example about it? Which plugin hook, etc?
congratulations, code is quite clean and readable for a first version. thanks !
On Fri, Dec 13, 2013 at 1:35 PM, Sandor Takacs taki@alkoholista.hu wrote:
2013-12-02 08:27 időpontban A.L.E.C ezt írta:
On 12/01/2013 09:31 PM, Jonas Meurer wrote:
So I'd rather stick with a server-side approach, even if it would not make it into an official release.
Same here.
Then you guys should take a look at enigma plugin and finish it. Development of this plugin have been stopped because of Crypt_GPG issues with gnupg 2.x (now solved in the package) and because we're not much interested in server-side encryption. Of course, we'll accept pull requests for enigma plugin and provide feedback when needed.
As I see the enigma plugin doesn't contain any S/MIME verification so I made a plugin to do this. I uploaded it to https://github.com/Takika/rc_smime_verify . It works with RC 0.9+. Feel free to use it :)
-- Takika
Roundcube Development discussion mailing list dev@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/dev
-
A.L.E.C -
Jonas Meurer -
Lazlo Westerhof -
Markus Wernig -
Sandor Takacs -
stephane martin -
Thomas Bruederli