GnuPG/PGP Support #600

Closed
rcubetrac opened this Issue Feb 28, 2006 · 45 comments

Projects

None yet

2 participants

@rcubetrac

Reported by nobody on 28 Feb 2006 15:29 UTC as Trac ticket #1440396

This would be a nice feature, altough it could probably
only be implemented on Unix/Linux boxes.

Keywords: glu
Migrated-From: http://trac.roundcube.net/ticket/1440396

@rcubetrac

Comment by arlolra on 2 Nov 2006 13:14 UTC

hello roundcubemail,

is anyone working on this? if not, would you like me to give it a try?

be well,
arlo

@rcubetrac

Severity changed by arlolra on 2 Nov 2006 13:14 UTC

=> critical

@rcubetrac

Comment by beni on 9 Oct 2007 07:21 UTC

I want to drop a "vote in" for this.

I think it would be good, to implement a config option to give the path to the gnupg binary.
This way it should be possible to get this to fly even with windows servers.

The only problem i see is, how the users private key can be securely stored.
It should, however, at least be possible to send encrypted mails without security concerns.

@rcubetrac

Comment by beni on 9 Oct 2007 07:56 UTC

There is a PEAR proposal for PGP support: http://pear.php.net/pepr/pepr-proposal-show.php?id=229

maybe we can work on this, so others may benefit too.

@rcubetrac

Comment by Natureshadow on 16 Oct 2007 08:08 UTC

I think that one special aspect would be a great thing.

When I used SquirrelMail (before I switched to RCMail), I had a hard time keeping GPG keyrings in ~username/.gnupg in sync with what SquirrelMail used. So it would be nice if RCMail could look for a keyring (as well private as public) in this place on Unix/Linux, and in C:\Documents And Settings\username\Application Data.gnupg on Windows.

@rcubetrac

Comment by the glu on 27 Jan 2008 21:10 UTC

For information, I'm working on it :)

@rcubetrac

Comment by seansan on 17 Feb 2008 09:31 UTC

glu, moved to 0.1.5

@rcubetrac

Keywords changed by seansan on 17 Feb 2008 09:31 UTC

glu

@rcubetrac

Severity changed by seansan on 17 Feb 2008 09:31 UTC

critical => normal

@rcubetrac

Milestone changed by seansan on 17 Feb 2008 09:31 UTC

=> 0.1.5

@rcubetrac

Comment by seansan on 17 Feb 2008 09:39 UTC

http://trac.roundcube.net/ticket/1483818

@rcubetrac

Milestone changed by @thomascube on 4 Mar 2008 07:41 UTC

0.1.5 => later

@rcubetrac

Comment by AlfonsName on 16 Jun 2008 12:37 UTC

I'd also like vote for it.
@the_glu: thanks for working at this.

I've just checked out 0.2-alpha.
How far has this progressed? Is it targeted for the 0.2 release already?

@rcubetrac

Comment by codesurgeon on 9 Sep 2008 14:48 UTC

... and one "vote" from me. :-)

@rcubetrac

Comment by the glu on 9 Sep 2008 15:11 UTC

I some system who works, but I have a lot of things to do ;).

I'm asking me if I should wait for the plugin api before continue my implementation..

Curently the option pane is fully working (key's list, key import, usage of firegpg or gnupg on the server)

@rcubetrac

Comment by the glu on 9 Sep 2008 15:11 UTC

"I some system who works, but I have a lot of things to do ;). "

-> "I have some code who works, but I have a lot of things to do ;). "

@rcubetrac

Comment by bennibu on 4 Oct 2008 09:42 UTC

and one vote from me...

@the_glu: I would like to test your code. Mabey you can attach a patch or something?

@rcubetrac

Comment by darklight on 22 Dec 2008 15:25 UTC

it seems that there's been no activity on this ticket recently.

as I'd also like to see roundcube supporting GPG/PGP I'd like to help developing this feature.
Unfortunately I'm very new to roundcube's code so I'm pretty lost in it at the moment

maybe someone who is more familiar could help me a bit - for example by writing some dummy helper functions (and moving them to the correct place)
e.g. we need some method for decrypting the message
now it would be really nice (and a big help for me) if someone could write a method called decryptMessage() (or something like this) and just make it return "Sorry, but this mail is encrypted, but RoundCube can't display encrypted mails yet!"

Little note: I'll use php's GnuPG library in my code: http://www.php.net/manual/en/function.gnupg-sign.php

Regards,
"darklight"

@rcubetrac

Comment by the glu on 22 Dec 2008 16:46 UTC

I'm waiting for the plugin api to continue my work, that why there are no activity ;)

@rcubetrac

Comment by darklight on 24 Dec 2008 02:38 UTC

@the_glu: nice, I didn't know this

Are there any particular features in the plugin API that you are missing?
maybe some others could help contributing this part :)

also do you need any help writing your plugin?

Oh and I have a question to you (the_glu): what php library are you using in your plugin?
maybe we can team up and discuss all possible libraries and choose the best one for roundcube

Regards,
darklight

@rcubetrac

Comment by the glu on 24 Dec 2008 10:09 UTC

Are there any particular features in the plugin API that you are missing?

Yes, the whole plugin API :]

And for the library : I'm the author of FireGPG, so I have my libraries in javascript. It's won't take time to adapt them. And I want to add a gnupg support on both side, server and client (with Firegpg), so it's will be good to have the same library on both sides ;)

Regards,

@rcubetrac

Comment by adrian on 18 Feb 2010 11:26 UTC

My vote goes for this feature as well. It would be great to have it in 0.4.

@rcubetrac

Comment by old admin on 10 Mar 2010 08:57 UTC

I would like to add my 2 cents worth for PGP.

We moved from SquirrelMail to RoundCube a few weeks ago, and think its excellent. However, users are inclined to use Thunderbird/Mozilla etali, because Enigmail provides the PGP functionality that they use.

Thus I would like to like to express my support for PGP support. Ideally this could include the ability to import keys and maybe even create keys (if the backend is trusted). There is no reliance on Linux because SSH keys can be easily created with putty (putty-gen). Putty is often used by most Windows users to connect with SSH servers. (Cygwin can also be used).

I consider PGP to be a killer feature along with Global IMAP folders and a User administration interface.

@rcubetrac

Comment by voidzero on 21 Aug 2010 10:01 UTC

This should be given top priority, imho. There are days like these when I wish I were a programmer.

@rcubetrac

Comment by @alecpl on 24 Sep 2010 13:16 UTC

Work in progress http://trac.roundcube.net/browser/trunk/plugins/enigma

@rcubetrac

Comment by mickeyc on 2 Nov 2010 14:43 UTC

I'd really like to see this built into RoundCube too. Ideally it would be possible to just use my keys from ~/.gnupg/

@rcubetrac

Comment by rediculum on 2 Nov 2010 14:58 UTC

Replying to mickeyc:

I'd really like to see this built into RoundCube too. Ideally it would be possible to just use my keys from ~/.gnupg/
Symlink ../plugins/enigma/home/user@localhost -> /home/user/.gnupg and grant webserver's user to access the files and folder.
But this is IMO very dangerous. If there is a leak in the code, an attacker could access ALL your GPG keys. With a dedicated folder like enigma is using in ./home/user@localhost/ you only import and use specific keys.

@rcubetrac

Comment by mickeyc on 2 Nov 2010 15:09 UTC

Replying to rediculum:

Symlink ../plugins/enigma/home/user@localhost -> /home/user/.gnupg and grant webserver's user to access the files and folder.
But this is IMO very dangerous. If there is a leak in the code, an attacker could access ALL your GPG keys. With a dedicated folder like enigma is using in ./home/user@localhost/ you only import and use specific keys.

You're right of course. Does enigma store my private key password protected?

@rcubetrac

Comment by beli sk on 30 Dec 2010 19:13 UTC

Replying to rediculum:

Symlink ../plugins/enigma/home/user@localhost -> /home/user/.gnupg and grant webserver's user to access the files and folder.
But this is IMO very dangerous. If there is a leak in the code, an attacker could access ALL your GPG keys. With a dedicated folder like enigma is using in ./home/user@localhost/ you only import and use specific keys.

Hi,
Anyway, giving web server access to users' private keys is a REALLY bad idea. Have you considered using gpg-agent for example?

Beli

@rcubetrac

Comment by kluner on 12 Apr 2011 12:08 UTC

I would love GPG/PGP in roundcube.

as for key-storage: why not in a .gpg directory/folder inside IMAP? That eliminates the risk that a leak in the code could allow access to all keys of all users, since roundcube never gains access to IMAP without the user's credentials.

@rcubetrac

Comment by mejo on 10 May 2011 23:44 UTC

Alec, one of the main roundcube developers, added a preliminary 'enigma' plugin to the roundcube SVN trunk many months ago. Most of the design/UI work and core features seem to be done. In the announcement mail to roundcube-dev (http://lists.roundcube.net/mail-archive/dev/2010-08/0000106.html) he asked for help because "it's to much work for one person".

If you're interested in a working GnuPG/PGP plugin for roundcube and capable of coding PHP, you might want to check out the plugin at https://svn.roundcube.net/trunk/plugins/enigma/ and help with the development.

@rcubetrac

Comment by rediculum on 5 Jun 2012 05:41 UTC

The repository has been removed since May 1. Is there another one still in work progress?

@rcubetrac

Comment by @alecpl on 5 Jun 2012 06:05 UTC

We're on github now: https://github.com/roundcube/roundcubemail/

@rcubetrac

Comment by qnrq on 7 Jan 2013 03:59 UTC

They're here...

Please find the following discussion on the mailing list: http://lists.roundcube.net/pipermail/dev/2013-January/022123.html

It includes all cool links to the release announcement with a demonstrative video and listed issues to fix before the implementation goes stable.

Much love and many fluffy bunnies,

/qnrq

@rcubetrac

Comment by rediculum on 7 Jan 2013 10:37 UTC

Replying to qnrq:

They're here...

Please find the following discussion on the mailing list: http://lists.roundcube.net/pipermail/dev/2013-January/022123.html

It includes all cool links to the release announcement with a demonstrative video and listed issues to fix before the implementation goes stable.

Much love and many fluffy bunnies,

/qnrq
Sounds interesting.
I unzipped your plugin in the ./plugins directory and named the folder as the php file. I added the name to the plugins array in main.inc.php but I don't see anything and "About" does not show up your plugin.

@rcubetrac

Comment by qnrq on 7 Jan 2013 13:11 UTC

Replying to rediculum:

Replying to qnrq:

They're here...

Please find the following discussion on the mailing list: http://lists.roundcube.net/pipermail/dev/2013-January/022123.html

It includes all cool links to the release announcement with a demonstrative video and listed issues to fix before the implementation goes stable.

Much love and many fluffy bunnies,

/qnrq
Sounds interesting.
I unzipped your plugin in the ./plugins directory and named the folder as the php file. I added the name to the plugins array in main.inc.php but I don't see anything and "About" does not show up your plugin.

"openpgpjs" in the plugins array in main.inc.php, plugins/openpgpjs/:

$ ls plugins/openpgpjs
README.md css img js openpgpjs.php

Roundcube 0.8.4? Larry skin? Did you check compose and mail view? That's where the OpenPGP key manager icon resides.

I have no idea what "About" is or why it matters for anything to show there. Please specify.

I'm going to need more information about your environment if you have everything correct. Did you check your JavaScript error console? What web browser? Roundcube version? Etc. etc. etc. etc.... Please fill me in on the mailing list, I don't want to spam this ticket with support :)

@rcubetrac

Status changed by @alecpl on 9 Mar 2013 13:46 UTC

assigned => new

@rcubetrac

Owner changed by @alecpl on 9 Mar 2013 13:46 UTC

nobody => none

@rcubetrac

Comment by @alecpl on 10 Apr 2015 12:09 UTC

Yes, there are some client-side solutions (rc_openpgpjs, mailvelope). Enigma is going to be the a server-side solution (it's where the keys are stored). I recently returned to work on Enigma plugin, I expect to have something working soon.

@rcubetrac

Owner changed by @alecpl on 10 Apr 2015 12:09 UTC

=> alec

@rcubetrac

Milestone changed by @alecpl on 10 Apr 2015 12:09 UTC

later => 1.2-beta

@rcubetrac

Comment by dma k on 15 Jun 2015 00:44 UTC

Replying to beli.sk:

Replying to rediculum:

But this is IMO very dangerous. If there is a leak in the code, an attacker could access ALL your GPG keys. With a dedicated folder like enigma is using in ./home/user@localhost/ you only import and use specific keys.

Anyway, giving web server access to users' private keys is a REALLY bad idea. Have you considered using gpg-agent for example?

I agree with above: if Apache server is compromised, then attacker has an access to private keys, but also can capture the key password. If so, private key needs to be revoked and regenerated and all signatures re-issued. Thus I will never allow access for Apache user to my ~/.gpg folder.

I think the only way out is to allow Apache to run gpg via sudo. The password can still be compromised and attacker may decrypt incoming messages and encrypt and send out messages, but he will not get the private key (at least quickly). So recovery is simply change the private key password. And sudo is easier to trace and control.

Perhaps experience exchange with developers of mailpile will be fruitful, see More thoughts on working with GnuPG.

@rcubetrac

Comment by uudruid74 on 27 Jun 2015 02:31 UTC

Or you could set up a service similar to FastCGI so that the mail is sent over a Unix domain socket to be encrypted or decrypted by another process and then sent back. The process separation prevents most forms of attacks that could lead to key compromise.

@rcubetrac

Comment by @alecpl on 29 Sep 2015 07:31 UTC

I consider Enigma plugin ready for testing. There's also Mailvelope integration in git-master, but this is handled by another ticket.

@rcubetrac

Status changed by @alecpl on 29 Sep 2015 07:31 UTC

new => closed

@rcubetrac rcubetrac closed this Sep 29, 2015
@alecpl alecpl was assigned by rcubetrac Mar 20, 2016
@rcubetrac rcubetrac added this to the 1.2-beta milestone Mar 20, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment