Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPG support #53

Closed
rsertelon opened this issue Jan 17, 2014 · 15 comments
Closed

GPG support #53

rsertelon opened this issue Jan 17, 2014 · 15 comments
Assignees
@RainLoop
Labels
feature
Milestone
1.6.5

Comments

@rsertelon
Copy link

Hi,

I just stumble upon your project. It looks really nice, by far one of the best interfaces in open source webmails.

Do you plan to add support for GPG encryption? Roundcube has a GPG plugin that works quite well. MailPile is planning to integrate GPG from the ground up (in its architecture).

In these times where our privacy is endangered by mass surveillance, this would be very nice :)

Just my 2 cents!

Regards,
@RainLoop
Copy link
Owner

Yeah, I'm interested in this functionality.
However, I still do not understand where the users to store their private and public keys?
They will not trust web application.

@rsertelon
Copy link
Author

Yep, that's actually the biggest problem. There's a draft from the W3C (WebCrypto: http://www.w3.org/TR/WebCryptoAPI/) That should help in the future. For now, I've seen that the roundcube plugin for GPG uses a library named openpgpjs.

It stores the keys in the localstore. This is a nice idea, but I don't know how it does to be secure enough.

Maybe interesting to investigate though :)

As for MailPile, they are now only focused on desktop usage, therefore, the keys are stored in the OS keyring.

@heubergen
Copy link

Maybe you will find some insperation in this project:
https://github.com/toberndo/mailvelope

RainLoop added a commit that referenced this issue Jan 27, 2014
@RainLoop
OpenPGP first look (#53)
098a04e
RainLoop added a commit that referenced this issue Jan 28, 2014
@RainLoop
OpenPGP - part 2 - unstable (#53)
0bb69d4
RainLoop added a commit that referenced this issue Jan 28, 2014
@RainLoop
OpenPGP - part 3 - unstable (#53)
3d3ad8d
@RainLoop RainLoop self-assigned this Feb 12, 2014
@rsertelon
Copy link
Author

@RainLoop I see you've started to work on it: thanks a lot!

Can't wait to use it :)

RainLoop added a commit that referenced this issue Mar 12, 2014
@RainLoop
OpenPGP Key Storage (Settings) (#53)
5ece4cc 
Import, Delete, Generate, View
@RainLoop
Copy link
Owner

Note!
Complete functional is not ready.

openpgp01

@heubergen
Copy link

Thanks!

I will test that soon and give you a feedback.

@rsertelon
Copy link
Author

That seems really promising! Will see if I can set up a beta installation of rainloop to test it :)

RainLoop added a commit that referenced this issue Mar 19, 2014
@RainLoop
OpenPGP (Compose) (#53) UNSTABLE
67b5a72
RainLoop added a commit that referenced this issue Mar 20, 2014
@RainLoop
OpenPGP (#53) UNSTABLE
b330f77
RainLoop added a commit that referenced this issue Mar 20, 2014
@RainLoop
OpenPGP (Compose) (#53) UNSTABLE
1c4ce1d
@ariejan
Copy link

ariejan commented Mar 25, 2014

This looks very promising! I'm running master on a test server, so let me know if I can test something or other.

RainLoop added a commit that referenced this issue Apr 1, 2014
@RainLoop
OpenPGP (#53) UNSTABLE
ee19a5c
RainLoop added a commit that referenced this issue Apr 1, 2014
@RainLoop
OpenPGP (#53) Beta
cae0cc2 
Archive  (Closes #110)
Delete, Spam and Archive button in mail view when preview pane is off  (Closes #72)
Small fixes  (Closes #101)
@RainLoop
Copy link
Owner

RainLoop commented Apr 5, 2014

Please, try latest version of the RainLoop Webmail with OpenPGP.

@RainLoop RainLoop added this to the 1.4.1 milestone Apr 7, 2014
@namezk
Copy link

namezk commented Apr 7, 2014

Thanks for implementing this feature. I'm experiencing a problem however, the generated keys will disappear suddenly, happened twice so far; couldn't find anything in the logs; happy to provide any info as requested.

@RainLoop
Copy link
Owner

RainLoop commented Apr 7, 2014

OpenPGP keys are stored in the browser local storage.
Did you use one browser in both cases?

@namezk
Copy link

namezk commented Apr 7, 2014

ah, I see. I went back to the original browser and found them. Sorry.
This makes for a usability issue managing private keys when using multiple computers; that is outside the scope of this product though.

Thanks.

@kesavanm
Copy link

Thanks for the awesome product.
Can we store the OpenPGP keys in the server side instead of browser local storage ? In that case , I can use the keys regardless of browser I use as well as on-the-go mobile device , wherever I'm .

Since the key stored at server (web host) , I feel that's safe and secure , access is limited. I thought of sessions Vs Cookies. Correct me if I'm wrong.Browser cache can be accessed by one who , right?

@rsertelon
Copy link
Author

@kesavanm It's common good practice not to give your private key to anyone, even what would be a "secure" web host. This key is the only one that proves that's really you. So you should try hard to limit its exposure.

This is the general problem encountered with PGP, keys storage is the least convenient thing in PGP (IMHO).

@zeigerpuppy
Copy link

storing public keys in the contacts would be a more logical place for these. It's also quite safe to store public keys server-side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RainLoop RainLoop

Labels
feature
Projects
None yet
Milestone
1.6.5
Development

No branches or pull requests
7 participants
@ariejan @rsertelon @zeigerpuppy @namezk @kesavanm @heubergen @RainLoop