New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GPG support #53

Closed
rsertelon opened this Issue Jan 17, 2014 · 15 comments

Comments

Projects
None yet
7 participants
@rsertelon
Copy link

rsertelon commented Jan 17, 2014

Hi,

I just stumble upon your project. It looks really nice, by far one of the best interfaces in open source webmails.

Do you plan to add support for GPG encryption? Roundcube has a GPG plugin that works quite well. MailPile is planning to integrate GPG from the ground up (in its architecture).

In these times where our privacy is endangered by mass surveillance, this would be very nice :)

Just my 2 cents!

Regards,

@RainLoop

This comment has been minimized.

Copy link
Owner

RainLoop commented Jan 17, 2014

Yeah, I'm interested in this functionality.
However, I still do not understand where the users to store their private and public keys?
They will not trust web application.

@rsertelon

This comment has been minimized.

Copy link
Author

rsertelon commented Jan 18, 2014

Yep, that's actually the biggest problem. There's a draft from the W3C (WebCrypto: http://www.w3.org/TR/WebCryptoAPI/) That should help in the future. For now, I've seen that the roundcube plugin for GPG uses a library named openpgpjs.

It stores the keys in the localstore. This is a nice idea, but I don't know how it does to be secure enough.

Maybe interesting to investigate though :)

As for MailPile, they are now only focused on desktop usage, therefore, the keys are stored in the OS keyring.

@heubergen

This comment has been minimized.

Copy link

heubergen commented Jan 21, 2014

Maybe you will find some insperation in this project:
https://github.com/toberndo/mailvelope

RainLoop added a commit that referenced this issue Jan 27, 2014

RainLoop added a commit that referenced this issue Jan 28, 2014

RainLoop added a commit that referenced this issue Jan 28, 2014

@RainLoop RainLoop self-assigned this Feb 12, 2014

@RainLoop RainLoop added the feature label Feb 12, 2014

@rsertelon

This comment has been minimized.

Copy link
Author

rsertelon commented Feb 15, 2014

@RainLoop I see you've started to work on it: thanks a lot!

Can't wait to use it :)

RainLoop added a commit that referenced this issue Mar 12, 2014

OpenPGP Key Storage (Settings) (#53)
Import, Delete, Generate, View
@RainLoop

This comment has been minimized.

Copy link
Owner

RainLoop commented Mar 12, 2014

Note!
Complete functional is not ready.

openpgp01

@heubergen

This comment has been minimized.

Copy link

heubergen commented Mar 13, 2014

Thanks!

I will test that soon and give you a feedback.

@rsertelon

This comment has been minimized.

Copy link
Author

rsertelon commented Mar 13, 2014

That seems really promising! Will see if I can set up a beta installation of rainloop to test it :)

RainLoop added a commit that referenced this issue Mar 19, 2014

RainLoop added a commit that referenced this issue Mar 20, 2014

RainLoop added a commit that referenced this issue Mar 20, 2014

@ariejan

This comment has been minimized.

Copy link

ariejan commented Mar 25, 2014

This looks very promising! I'm running master on a test server, so let me know if I can test something or other.

RainLoop added a commit that referenced this issue Apr 1, 2014

RainLoop added a commit that referenced this issue Apr 1, 2014

OpenPGP (#53) Beta
Archive  (Closes #110)
Delete, Spam and Archive button in mail view when preview pane is off  (Closes #72)
Small fixes  (Closes #101)
@RainLoop

This comment has been minimized.

Copy link
Owner

RainLoop commented Apr 5, 2014

Please, try latest version of the RainLoop Webmail with OpenPGP.

@RainLoop RainLoop added this to the 1.4.1 milestone Apr 7, 2014

@namezk

This comment has been minimized.

Copy link

namezk commented Apr 7, 2014

Thanks for implementing this feature. I'm experiencing a problem however, the generated keys will disappear suddenly, happened twice so far; couldn't find anything in the logs; happy to provide any info as requested.

@RainLoop

This comment has been minimized.

Copy link
Owner

RainLoop commented Apr 7, 2014

OpenPGP keys are stored in the browser local storage.
Did you use one browser in both cases?

@namezk

This comment has been minimized.

Copy link

namezk commented Apr 7, 2014

ah, I see. I went back to the original browser and found them. Sorry.
This makes for a usability issue managing private keys when using multiple computers; that is outside the scope of this product though.

Thanks.

@RainLoop RainLoop closed this Apr 15, 2014

@kesavanm

This comment has been minimized.

Copy link

kesavanm commented Apr 25, 2016

Thanks for the awesome product.
Can we store the OpenPGP keys in the server side instead of browser local storage ? In that case , I can use the keys regardless of browser I use as well as on-the-go mobile device , wherever I'm .

Since the key stored at server (web host) , I feel that's safe and secure , access is limited. I thought of sessions Vs Cookies. Correct me if I'm wrong.Browser cache can be accessed by one who , right?

@rsertelon

This comment has been minimized.

Copy link
Author

rsertelon commented Apr 26, 2016

@kesavanm It's common good practice not to give your private key to anyone, even what would be a "secure" web host. This key is the only one that proves that's really you. So you should try hard to limit its exposure.

This is the general problem encountered with PGP, keys storage is the least convenient thing in PGP (IMHO).

@zeigerpuppy

This comment has been minimized.

Copy link

zeigerpuppy commented Nov 4, 2016

storing public keys in the contacts would be a more logical place for these. It's also quite safe to store public keys server-side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment