|
0
|
1 Enigma Plugin for Roundcube
|
|
|
2
|
|
|
3 This plugin adds support for viewing and sending of signed and encrypted
|
|
|
4 messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format.
|
|
|
5
|
|
|
6 The plugin uses gpg binary on the server and stores all keys
|
|
|
7 (including private keys of the users) on the server.
|
|
|
8 Encryption/decryption is done server-side. So, this plugin
|
|
|
9 is for users that trust the server.
|
|
|
10
|
|
|
11
|
|
|
12 Implemented features:
|
|
|
13 ---------------------
|
|
|
14 + PGP: signatures verification
|
|
|
15 + PGP: messages decryption
|
|
|
16 + PGP: Sending of encrypted/signed messages
|
|
|
17 + PGP: keys management UI (key import, export, delete)
|
|
|
18 + PGP: key generation (client- or server-side)
|
|
|
19 + Handling of PGP keys attached to incoming messages
|
|
|
20 + User preferences to disable plugin features
|
|
|
21 + Attaching public keys to email
|
|
|
22 + Key server(s) support (search, import)
|
|
|
23
|
|
|
24
|
|
|
25 TODO:
|
|
|
26 -----
|
|
|
27 - Handling of big messages with temp files (? - security)
|
|
|
28 - Key info in contact details page (optional)
|
|
|
29 - Extended key management:
|
|
|
30 - disable,
|
|
|
31 - revoke,
|
|
|
32 - change expiration date, change passphrase, add photo,
|
|
|
33 - manage user IDs
|
|
|
34 - export private keys
|
|
|
35 - Generate revocation certs
|
|
|
36 - Search filter to see invalid/expired keys
|
|
|
37 - Key server(s) support (upload, refresh)
|
|
|
38 - Mark keys as trusted/untrasted, display appropriate message in verify/decrypt status
|
|
|
39 - Support for multi-server installations (store keys in sql database? probably impossible with GnuPG 2.1)
|
|
|
40 - Performance improvements:
|
|
|
41 - cache decrypted message key id so we can skip decryption if we have no password in session
|
|
|
42 - cache (last or successful only?) sig verification status to not verify on every msg preview (optional)
|
|
|
43 - S/MIME: Certs generation (?)
|
|
|
44 - S/MIME: Certs management
|
|
|
45 - S/MIME: signed messages verification
|
|
|
46 - S/MIME: encrypted messages decryption
|
|
|
47 - S/MIME: Sending signed/encrypted messages
|
|
|
48 - S/MIME: Handling of certs attached to incoming messages
|
|
|
49 - S/MIME: Certificate info in Contacts details page (optional)
|
|
|
50
|
|
|
51
|
|
|
52 KNOWN ISSUES:
|
|
|
53 -------------
|
|
|
54 There are some known issues with accepting key passphrases on various
|
|
|
55 system configurations. This is caused by issues in PinEntry handling.
|
|
|
56 Make sure that vendor/bin/crypt-gpg-pinentry works from command line.
|
|
|
57
|
|
|
58 Possible reasons:
|
|
|
59 - non-working loader in shebang (#! /usr/bin/env php)
|
|
|
60 Make sure it works for the user the php scripts are executed upon
|
|
|
61 (i.e. apache, www-date, etc.)
|
|
|
62 - SELinux setting, try command: setsebool -P httpd_unified 0
|
|
|
63
|
|
|
64 Note: pinentry is used with gpg >= 2.0 and <= 2.1.12.
|
|
|
65 Note: for server use GnuPG developers still recommend version 1.4.
|
