New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GPG support #53
Comments
Yeah, I'm interested in this functionality. |
Yep, that's actually the biggest problem. There's a draft from the W3C (WebCrypto: http://www.w3.org/TR/WebCryptoAPI/) That should help in the future. For now, I've seen that the roundcube plugin for GPG uses a library named openpgpjs. It stores the keys in the localstore. This is a nice idea, but I don't know how it does to be secure enough. Maybe interesting to investigate though :) As for MailPile, they are now only focused on desktop usage, therefore, the keys are stored in the OS keyring. |
Maybe you will find some insperation in this project: |
@RainLoop I see you've started to work on it: thanks a lot! Can't wait to use it :) |
Thanks! I will test that soon and give you a feedback. |
That seems really promising! Will see if I can set up a beta installation of rainloop to test it :) |
This looks very promising! I'm running master on a test server, so let me know if I can test something or other. |
Please, try latest version of the RainLoop Webmail with OpenPGP. |
Thanks for implementing this feature. I'm experiencing a problem however, the generated keys will disappear suddenly, happened twice so far; couldn't find anything in the logs; happy to provide any info as requested. |
OpenPGP keys are stored in the browser local storage. |
ah, I see. I went back to the original browser and found them. Sorry. Thanks. |
Thanks for the awesome product. Since the key stored at server (web host) , I feel that's safe and secure , access is limited. I thought of sessions Vs Cookies. Correct me if I'm wrong.Browser cache can be accessed by one who , right? |
@kesavanm It's common good practice not to give your private key to anyone, even what would be a "secure" web host. This key is the only one that proves that's really you. So you should try hard to limit its exposure. This is the general problem encountered with PGP, keys storage is the least convenient thing in PGP (IMHO). |
storing public keys in the contacts would be a more logical place for these. It's also quite safe to store public keys server-side. |
Hi,
I just stumble upon your project. It looks really nice, by far one of the best interfaces in open source webmails.
Do you plan to add support for GPG encryption? Roundcube has a GPG plugin that works quite well. MailPile is planning to integrate GPG from the ground up (in its architecture).
In these times where our privacy is endangered by mass surveillance, this would be very nice :)
Just my 2 cents!
Regards,
The text was updated successfully, but these errors were encountered: