Encryption

on this page thoughts about the development of an encryption plugin will be shared.

quick brainstorming (jonas): see ​RoundCube-Dev Thread for discussion on the mailinglist.

• add some abstraction layer to support several implementations of gnupg key management
  • possible drivers:
    • server side key storage (either use gnupg binary or the php pecl gnupg library)
    • client side key storage (using FireGPG)
    • maybe even other encryption systems, i.e. s/mime
• list of essential functions:
  • encrypt(text, keys): encrypt text for public keys
  • decrypt(text): decrypt text with appropriate private key
  • sign(text, privatekey): sign text with private key
  • verify(text): verify
  • import_key(text): import keys
• list of additional useful functions:
  • export_key(key): export public key
  • signandencrypt(text, keys, privatekey): sign with private key and encrypt for public keys
  • del_key(key): delete public key
  • del_priv_key(privatekey): delete private key
  • edit_priv_key(privatekey): edit private key
  • list_keys(): list all public keys
  • list_priv_keys(): list all private keys
  • gen_priv_key(): generate new private key
  • get_key(email/keyid): get a new public key
• list of insecure functions (should not be implemented):
  • import_priv_key(privatekey): import private key
  • export_priv_key(privatekey): export private key
• for mail layer:
  • decrypt inline encrypted mails
  • decrypt openpgp/mime encrypted mails
  • verify inline signed mails
  • verify opengpg/mime signed mails
  • encrypt and/or sign outgoing mails with opengpg/mime standard
  • encrypt and/or sign outgoing mails inline
  • We need to handle attachements too !

• storage interface(?): Interface to keys implemented by drivers
  • encrypt(text,keys)
  • decrypt(text, passphrase_callback)
  • sign(text,keys,passphrase_callback)
  • verify(text)

• for server side storage:
  • create gnupg home directories with pubring.gpg and secring.gpg for every single user
  • pass $GNUGPGHOME to gnupg/gpgme library according to roundcube user
  • requirement to give read+write access to webserver user to all gnupg home directories
  • maybe maintain a mysql database with all keys, fingerprints etc to detect manipulated key data in the keyrings. objection: if attacker has webserver user privileges, s/he has access to the roundcube mysql password as well.
  • maybe print md5/sha256 sums of keyring files in roundcube interface. urge user to write them down and compare. the code that creates theses sums doesn't need to be writeable to the webserver user.
  • public keys retrieval - ldap, keyserver lookup, database

• additional useful user settings/options:
  • default private key to sign mails
  • default public key to encrypt mails for in addition to recipient keys (i.e. own key)
  • default (sign y/n; encrypt y/n) for new mails
  • default for replies to signed and/or encrypted mails
  • default for replies to unsigned and unencrypted mails

• additional useful global settings/options:
  • backend plugin(s)
  • ldap servers and query method
  • keyservers
  • default public key to encrypt mails for in addition to recipient keys (i.e. escrow)

• To check
  • We need a mime parser and a mime generator to works with OpenPGP/Mime. Is roundcube's class usable for that ?
  • See plugin hooks message_part_encrypted and message_load plus rcube_message::get_part_content()

• Ressources
  • Parameters for GnuPG: Here is how FireGPG works: ​http://svn.getfiregpg.org/filedetails.php?repname=FireGPG&path=%2Fcontent%2FCore%2Fcgpgaccess.js
  • Inline and OpenPGP/Mime detector: ​http://svn.getfiregpg.org/filedetails.php?repname=FireGPG&path=%2Fcontent%2FMime%2Fdecoder.js
  • FireGPG's source: ​http://svn.getfiregpg.org/listing.php?repname=FireGPG
  • Enigmail's source: ​http://www.mozilla-enigmail.org/download/source/enigmail-0.96.0.tar.gz
  • OpenPGP/Mime RFC: ​http://www.mhonarc.org/~ehood/MIME/rfc3156.txt

please extend this design draft with your thoughts ...