Author Topic: GPG / PGP Support  (Read 22887 times)

Offline flosoft

  • Sr. Member
  • ****
  • Posts: 349
    • http://flosoft.biz
GPG / PGP Support
« on: August 31, 2006, 07:23:47 PM »
It would be nice to have GPG / PGP Support.

The problem will be to be able to trust the Webmail Server to upload your private key.
A thing that would be needed is a Key manager, where you have the public keys of the other users.

It would be really good.

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: GPG / PGP Support
« Reply #1 on: November 15, 2006, 05:31:25 PM »
it would be nice to have that, my sever doesn't support it, but one of old severs did.

Offline chaicatop

  • Newbie
  • *
  • Posts: 2
GPG
« Reply #2 on: June 05, 2007, 05:33:17 AM »
Hi,

Your webmail really rocks. Just a question, what about GPG, I read on the website it was a feature you're willing to provide. It could be a real step forward for Roundcube.
Sincerely,
Chaica

Offline nelgin

  • Jr. Member
  • **
  • Posts: 12
Re: GPG
« Reply #3 on: June 17, 2007, 08:41:21 PM »
I will second this request. This is something that I use on squirrelmail and would like to see it here.

Offline chaicatop

  • Newbie
  • *
  • Posts: 2
Re: GPG
« Reply #4 on: June 17, 2007, 10:56:05 PM »
The more I think about it and the less I think this feature is interesting, because you have to trust the server side to allow your secret passphrase going from you to the server. You have a lot of problems which could rise from this situation (man-in-the-middle, tapping the connection, ...). The very requirement is to use https to lower the risk losing you passphrase (is it enough? https seems really debated today).

Given the different elements, I don't think I would use such a feature on a webmail. Firegpg (http://firegpg.tuxfamily.org/), a plugin for Firefox allowing you to crypt easily from your web brower seems really promising.

Offline nelgin

  • Jr. Member
  • **
  • Posts: 12
Re: GPG
« Reply #5 on: June 18, 2007, 02:51:31 AM »
I own the server that webmail is running on, so it's very relevant to me. I have an ssl server running and feel that my server is secure.

Offline flosoft

  • Sr. Member
  • ****
  • Posts: 349
    • http://flosoft.biz
Re: GPG / PGP Support
« Reply #6 on: June 18, 2007, 06:58:46 AM »
Merged topics.

Offline linuxpro

  • Newbie
  • *
  • Posts: 8
Re: GPG / PGP Support
« Reply #7 on: June 21, 2007, 04:07:57 AM »
Quote from: flosoft
It would be nice to have GPG / PGP Support.

The problem will be to be able to trust the Webmail Server to upload your private key.
A thing that would be needed is a Key manager, where you have the public keys of the other users.

It would be really good.

I would really like to see gnupg support added as well. Now I use Squirrel for my GnuPG mail and roundcube for the rest..

Offline eNTi

  • Newbie
  • *
  • Posts: 5
Re: GPG / PGP Support
« Reply #8 on: October 12, 2007, 06:07:40 AM »
seconded!

Offline the_glu

  • Newbie
  • *
  • Posts: 1
Re: GPG / PGP Support
« Reply #9 on: February 02, 2008, 01:32:48 PM »
For imformation, I'm working on it :)

Offline marcnl

  • Newbie
  • *
  • Posts: 1
GPG / PGP Support
« Reply #10 on: May 26, 2008, 06:53:35 AM »
I would like to see pgp / gnupg support added as well. I would like to keep my conversations privat without sniffing from providers or governments

Offline darklight

  • Newbie
  • *
  • Posts: 1
GPG / PGP Support
« Reply #11 on: December 21, 2008, 11:09:20 PM »
hi

I'd also like to see GPG support in roundcube

I would add support to it if I could get some help from the community
as rouncube's code is very new to me it's hard for me to understand it.
the current way encrypted/signed messages are "filtered out" is very unclear to me so I'm very un-productive at the moment.

it'd be great if someone could implement some nice helpers that I could use to handle the encrypted/signed message from within my code
I thought of some helpers like decryptGPGMessage() or verifyGPGSignedMessage()
You just need to add "stubs" to the current codebase (or well, it'd be great if the current "This is an encrypted message and can not be displayed. Sorry!" message could be replaced by using those helper functions)

If someone is interested please tell me
we could discuss what exact requirements each one has and code our stuff then.

PS: I'm planning to add GPG support through GnuPG: PHP: GnuPG - Manual as it doesn't need the gpg binary installed and you can install that library VERY easy (it's just a `pecl install gnupg` as root)

Regards,
darklight

Offline rng

  • Newbie
  • *
  • Posts: 1
GPG / PGP Support
« Reply #12 on: July 20, 2010, 12:17:45 PM »
Is it really necessary to upload your private key to the server? Sending a private key over a network and storing it on a server is inherently insecure. It contradicts the idea of PGP. You never have complete control over a remote server. Most people don't even own the servers they use. Remember Hushmail?
I'd very much favor a zero knowledge solution where en-/decryption is done in clientside javascript. Recent developments in standards and browsers (faster javascript engines, ECMAscript 5 secure scripting, clientside storage) could make this possible soon.
In the meantime, there are browser plugins. FireGPG says it is Roundcube-compatible. It also says it has been discontinued. I hope that's not the last word.
« Last Edit: July 20, 2010, 12:27:40 PM by rng »

Offline BUGHUNTER

  • Newbie
  • *
  • Posts: 3
GPG / PGP Support
« Reply #13 on: January 30, 2012, 04:14:12 PM »
HI, any news on this?