| Version 2 (modified by mejo, 4 years ago) (diff) |
|---|
Encryption
on this page thoughts about the development of an encrpytion plugin will be shared.
quick brainstorming (jonas): see RoundCube-Dev Thread for discussion on the mailinglist.
- add some abstraction layer to support several implementations of gnupg key management
- possible drivers:
- server side key storage (either use gnupg binary or the php pecl gnupg library)
- client side key storage
- maybe even other encryption systems, i.e. s/mime
- possible drivers:
- list of essential functions:
- encrypt(text, keys): encrypt text for public keys
- decrypt(text): decrypt text with appropriate private key
- sign(text, privatekey): sign text with private key
- verify(text): verify
- import_key(text): import keys
- list of additional useful functions:
- export_key(key): export public key
- export_priv_key(key): export private key
- signandencrypt(text, keys, privatekey): sign with private key and encrypt for public keys
- del_key(key): delete public key
- del_priv_key(privatekey): delete private key
- edit_priv_key(privatekey): edit private key
- list_keys(): list all public keys
- list_priv_keys(): list all private keys
- gen_priv_key(): generate new private key
- for mail layer:
- decrypt inline encrypted mails
- decrypt openpgp/mime encrypted mails
- verify inline signed mails
- verify opengpg/mime signed mails
- encrypt and/or sign outgoing mails with opengpg/mime standard
- encrypt and/or sign outgoing mails inline
- for server side storage:
- create gnupg home directories with pubring.gpg and secring.gpg for every single user
- pass $GNUGPGHOME to gnupg/gpgme library according to roundtube user
- requirement to give read+write access to webserver user to all gnupg home directories
- maybe maintain a mysql database with all keys, fingerprints etc to detect manipulated key data in the keyrings.
- additional useful settings/options:
- default private key to sign mails
- default public key to encrypt mails for in addition to recipient keys (i.e. own key)
- default (sign y/n; encrypt y/n) for new mails
- default for replies to signed and/or encrypted mails
- default for replies to unsigned and unencrypted mails
please extend this design draft with your thoughts ...
Attachments (10)
-
plain_text_inline_signed.eml
(879 bytes) -
added by mejo 4 years ago.
plain text mail - inline signed
-
plain_text_mime_signed.eml
(1.1 KB) -
added by mejo 4 years ago.
plain text mail - mime signed
-
plain_text_inline_encrypted.eml
(1.5 KB) -
added by mejo 4 years ago.
plain text mail - inline encrypted (decrypted message: "plain text inline encrypted"
-
plain_text_mime_encrypted.eml
(1.9 KB) -
added by mejo 4 years ago.
plain text mail - mime encrypted (decrypted message: "plain text mime encrypted")
-
plain_text_inline_encrypted+signed.eml
(1.7 KB) -
added by mejo 4 years ago.
plain text mail - inline encrypted and signed (decrypted message: "plain text inline encrypted and signed")
-
plain_text_mime_encrypted+signed.eml
(2.0 KB) -
added by mejo 4 years ago.
plain text mail - mime encrypted and signed (decrypted message: "plain text mime encrypted and signed")
-
plain_text+png_attachment_mime_signed.eml
(1.8 KB) -
added by mejo 4 years ago.
plain text mail - mime signed with png image as attachment
-
plain_text+png_attachment_mime_encrypted.eml
(2.5 KB) -
added by mejo 4 years ago.
plain text mail - mime signed with png image as attachment (decrypted message: "plain text and image/png attachment mime encrypted")
-
multipart_text+html_mime_signed.eml
(2.9 KB) -
added by mejo 4 years ago.
multipart mail with two layers and both text and html content - mime signed
-
multipart_text+html_mime_encrypted.eml
(2.7 KB) -
added by mejo 4 years ago.
multipart mail with two layers and both text and html content - mime encrypted (decrypted message: same asmultipart_text+html_mime_signed.eml)
Download all attachments as: .zip
