Roundcube Community Forum
SVN Releases => Requests => Topic started by: flosoft on August 31, 2006, 07:23:47 PM
-
It would be nice to have GPG / PGP Support.
The problem will be to be able to trust the Webmail Server to upload your private key.
A thing that would be needed is a Key manager, where you have the public keys of the other users.
It would be really good.
-
it would be nice to have that, my sever doesn't support it, but one of old severs did.
-
Hi,
Your webmail really rocks. Just a question, what about GPG, I read on the website it was a feature you're willing to provide. It could be a real step forward for Roundcube.
Sincerely,
Chaica
-
I will second this request. This is something that I use on squirrelmail and would like to see it here.
-
The more I think about it and the less I think this feature is interesting, because you have to trust the server side to allow your secret passphrase going from you to the server. You have a lot of problems which could rise from this situation (man-in-the-middle, tapping the connection, ...). The very requirement is to use https to lower the risk losing you passphrase (is it enough? https seems really debated today).
Given the different elements, I don't think I would use such a feature on a webmail. Firegpg (http://firegpg.tuxfamily.org/), a plugin for Firefox allowing you to crypt easily from your web brower seems really promising.
-
I own the server that webmail is running on, so it's very relevant to me. I have an ssl server running and feel that my server is secure.
-
Merged topics.
-
It would be nice to have GPG / PGP Support.
The problem will be to be able to trust the Webmail Server to upload your private key.
A thing that would be needed is a Key manager, where you have the public keys of the other users.
It would be really good.
I would really like to see gnupg support added as well. Now I use Squirrel for my GnuPG mail and roundcube for the rest..
-
seconded!
-
For imformation, I'm working on it :)
-
I would like to see pgp / gnupg support added as well. I would like to keep my conversations privat without sniffing from providers or governments
-
hi
I'd also like to see GPG support in roundcube
I would add support to it if I could get some help from the community
as rouncube's code is very new to me it's hard for me to understand it.
the current way encrypted/signed messages are "filtered out" is very unclear to me so I'm very un-productive at the moment.
it'd be great if someone could implement some nice helpers that I could use to handle the encrypted/signed message from within my code
I thought of some helpers like decryptGPGMessage() or verifyGPGSignedMessage()
You just need to add "stubs" to the current codebase (or well, it'd be great if the current "This is an encrypted message and can not be displayed. Sorry!" message could be replaced by using those helper functions)
If someone is interested please tell me
we could discuss what exact requirements each one has and code our stuff then.
PS: I'm planning to add GPG support through GnuPG: PHP: GnuPG - Manual (http://php.net/gnupg) as it doesn't need the gpg binary installed and you can install that library VERY easy (it's just a `pecl install gnupg` as root)
Regards,
darklight
-
Is it really necessary to upload your private key to the server? Sending a private key over a network and storing it on a server is inherently insecure. It contradicts the idea of PGP. You never have complete control over a remote server. Most people don't even own the servers they use. Remember Hushmail (http://www.schneier.com/blog/archives/2007/11/hushmail_turns.html)?
I'd very much favor a zero knowledge solution where en-/decryption is done in clientside javascript. Recent developments in standards and browsers (faster javascript engines, ECMAscript 5 secure scripting, clientside storage) could make this possible soon.
In the meantime, there are browser plugins. FireGPG (http://getfiregpg.org/s/webmails) says it is Roundcube-compatible. It also says it has been discontinued. I hope that's not the last word.
-
HI, any news on this?