Awesome features Thomas and Alec,one thing though, may I suggest that for enigma key storage, it be an option to store in a DB rather than on file system, since a fair few of us I imagine keep everything to do with users in MySQL/MariaDB.
just a though for future...
Cheers
On 24/11/2015 02:15, Thomas Bruederli wrote:
We're proud to announce that the beta release of the next major version 1.2 of Roundcube webmail is out now for download and testing. With this milestone we introduce new features primarily focusing on security and PGP encryption:
- PHP7 compatibility
- PGP encryption
- Drag-n-drop attachments from mail preview to compose window
- Mail messages searching with predefined date interval
- Improved security measures to protect from brute-force attacks
And of course plenty of small improvements and bug fixes.
The PGP encryption support in Roundcube comes with two options:
Mailvelope
The integration of this browser plugin [1] for Firefox and Chrome comes out of the box in Roundcube 1.2 and is enabled if the Mailvelope API is detected in a user's browser. See the Mailvelope documentation [2] how to enable it for your site.
Read more about the Mailvelope integration and how this looks like in Alec's blog [3].
Enigma plugin
This Roundcube plugin adds server-side PGP encryption features to Roundcube. Enabling this means that users need to fully trust the webmail server as encryption is done on the server GnuPG and private keys are also stored there.
In order to activate server-side PGP encryption for all your users, the 'enigma' plugin, which is shipped with this package, has to be enabled in the Roundcube config. See the plugin's README for details.
Also read Alec's blogpost about the Enigma plugin and how it works [4].
Both encryption features are pretty new and not yet perfectly documented. We'd much appreciate your feedback and your contribution to the end-user documentation [5] or our wiki page [6].
IMPORTANT: with this version, we finally deprecate some old Roundcube library functions [7]. Plugin developers, please test your plugins thoroughly and look for deprecation warnings in the logs. These function will be removed in the final 1.2.0 release and can therefore render plugins dysfunctional.
See the full changelog on trac.roundcube.net [8] and download the new packages from https://roundcube.net/download
Please note that this is a beta release and we recommend to test it on a separate environment. And don't forget to backup your data before installing it!
Enjoy and please share your experience either through our mailing lists or as comments in the blog posts mentioned above.
Kind regards, Thomas
[1] https://www.mailvelope.com [2] https://www.mailvelope.com/en/help#watchlist [3] https://kolabian.wordpress.com/2015/10/10/mailvelope-integration-pgp-encrypt... [4] https://kolabian.wordpress.com/2015/10/13/enigma-plugin-pgp-encryption/ [5] http://trac.roundcube.net/wiki/Online_Help [6] http://trac.roundcube.net/wiki/Dev_Encryption [7] https://github.com/roundcube/roundcubemail/blob/master/program/include/bc.ph... [8] http://trac.roundcube.net/wiki/Changelog _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users