Enigma: Support key generation for multiple identities (#5383)

Update OpenPGP.js to version 1.6.2.
Get rid of server-side key generation - Crypt_GPG does not support
multiple user IDs, it's also slow and requires entrophy generator.

CHANGELOG

@@ -22,6 +22,7 @@ CHANGELOG Roundcube Webmail
 - Remove PHP mail() support, smtp_server is required now (#5340)
 - Display full message subject in onmouseover on truncated subject in mail view (#5346)
 - Searching in both contacts and groups when LDAP addressbook with group_filters option is used
+- Enigma: Support key generation for multiple identities (#5383)
 - Enigma: Import keys from key-server(s) (#5286)
 - Enigma: Search missing public keys on a key-server in mail compose (#5286)
 - Enigma: Delete user keys when using deluser.sh script

plugins/enigma/README

@@ -36,13 +36,11 @@ TODO:
 - Search filter to see invalid/expired keys
 - Key server(s) support (upload, refresh)
 - Mark keys as trusted/untrasted, display appropriate message in verify/decrypt status
-- Change attachment icon on messages list for encrypted messages (like vcard_attachment plugin does)
 - Support for multi-server installations (store keys in sql database?)
-- Per-Identity settings (including keys/certs)
 - Performance improvements:
    - cache decrypted message key id so we can skip decryption if we have no password in session
    - cache (last or successful only?) sig verification status to not verify on every msg preview (optional)
-- S/MIME: Certs generation
+- S/MIME: Certs generation (?)
 - S/MIME: Certs management
 - S/MIME: signed messages verification
 - S/MIME: encrypted messages decryption

plugins/enigma/config.inc.php.dist

@@ -46,17 +46,6 @@ $config['enigma_attach_pubkey'] = false;
 // When set to 0 passwords will be stored for the whole session.
 $config['enigma_password_time'] = 5;
 
-// Enables server-side keys generation which would be used
-// if user browser does not support web-crypto features.
-//
-// WARNING: Key generation requires true random numbers, and as such can be
-// slow. If the operating system runs out of entropy, key generation will
-// block until more entropy is available.
-//
-// To solve that a hardware entropy generator or
-// an entropy gathering daemon may be installed (e.g. randomsound).
-$config['enigma_keygen_server'] = false;
-
 // With this option you can lock composing options
 // of the plugin forcing the user to use configured settings.
 // The array accepts: 'sign', 'encrypt', 'pubkey'.

plugins/enigma/enigma.js

@@ -93,12 +93,15 @@ rcube_webmail.prototype.enigma_key_create = function()
 // Generate key(s) and submit them
 rcube_webmail.prototype.enigma_key_create_save = function()
 {
-    var options, lock,
-        user = $('#key-ident > option').filter(':selected').text(),
+    var options, lock, users = [],
         password = $('#key-pass').val(),
         confirm = $('#key-pass-confirm').val(),
         size = $('#key-size').val();
 
+    $('[name="identity[]"]:checked').each(function() {
+      users.push(this.value);
+    });
+
     // validate the form
     if (!password || !confirm)
         return alert(this.get_label('enigma.formerror'));
@@ -106,8 +109,8 @@ rcube_webmail.prototype.enigma_key_create_save = function()
     if (password != confirm)
         return alert(this.get_label('enigma.passwordsdiffer'));
 
-    if (user.match(/^<[^>]+>$/))
-        return alert(this.get_label('enigma.nonameident'));
+    if (!users.length)
+        return alert(this.get_label('enigma.noidentselected'));
 
     // generate keys
     // use OpenPGP.js if browser supports required features
@@ -115,7 +118,7 @@ rcube_webmail.prototype.enigma_key_create_save = function()
         lock = this.set_busy(true, 'enigma.keygenerating');
         options = {
             numBits: size,
-            userId: user,
+            userId: users,
             passphrase: password
         };
 
@@ -131,12 +134,6 @@ rcube_webmail.prototype.enigma_key_create_save = function()
             rcmail.display_message(rcmail.get_label('enigma.keygenerateerror'), 'error');
         });
     }
-    // generate keys on the server
-    else if (rcmail.env.enigma_keygen_server) {
-        lock = this.set_busy(true, 'enigma.keygenerating');
-        options = {_a: 'generate', _user: user, _password: password, _size: size};
-        rcmail.http_post('plugin.enigmakeys', options, lock);
-    }
     else {
         rcmail.display_message(rcmail.get_label('enigma.keygennosupport'), 'error');
     }

plugins/enigma/lib/enigma_ui.php

@@ -624,6 +624,12 @@ class enigma_ui
      */
     private function key_generate()
     {
+        // Crypt_GPG does not support key generation for multiple identities
+        // It is also very slow (which is problematic because it may exceed
+        // request time limit) and requires entropy generator
+        // That's why we use only OpenPGP.js method of key generation
+        return;
+
         $user = rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST, true);
         $pass = rcube_utils::get_input_value('_password', rcube_utils::INPUT_POST, true);
         $size = (int) rcube_utils::get_input_value('_size', rcube_utils::INPUT_POST);
@@ -669,8 +675,6 @@ class enigma_ui
             'keyform' => array($this, 'tpl_key_create_form'),
         ));
 
-        $this->rc->output->set_env('enigma_keygen_server', $this->rc->config->get('enigma_keygen_server'));
-
         $this->rc->output->set_pagetitle($this->enigma->gettext('keygenerate'));
         $this->rc->output->send('enigma.keycreate');
     }
@@ -685,16 +689,14 @@ class enigma_ui
 
         // get user's identities
         $identities = $this->rc->user->list_identities(null, true);
-
-        // Identity
-        $select = new html_select(array('name' => 'identity', 'id' => 'key-ident'));
+        $checkbox   = new html_checkbox(array('name' => 'identity[]'));
         foreach ((array) $identities as $idx => $ident) {
-            $name = empty($ident['name']) ? ('<' . $ident['email'] . '>') : $ident['ident'];
-            $select->add($name, $idx);
+            $name = empty($ident['name']) ? ($ident['email']) : $ident['ident'];
+            $identities[$idx] = html::label(null, $checkbox->show($name, array('value' => $name)) . rcube::Q($name));
         }
 
         $table->add('title', html::label('key-name', rcube::Q($this->enigma->gettext('newkeyident'))));
-        $table->add(null, $select->show(0));
+        $table->add(null, implode($identities, "\n"));
 
         // Key size
         $select = new html_select(array('name' => 'size', 'id' => 'key-size'));
@@ -715,7 +717,7 @@ class enigma_ui
 
         $this->rc->output->add_gui_object('keyform', $attrib['id']);
         $this->rc->output->add_label('enigma.keygenerating', 'enigma.formerror',
-            'enigma.passwordsdiffer', 'enigma.keygenerateerror', 'enigma.nonameident',
+            'enigma.passwordsdiffer', 'enigma.keygenerateerror', 'enigma.noidentselected',
             'enigma.keygennosupport');
 
         return $this->rc->output->form_tag(array(), $table->show($attrib));

plugins/enigma/localization/en_US.inc

@@ -126,9 +126,12 @@ $messages['keyimportsearchtext'] = 'You can search for public keys by key identi
 
 $messages['formerror'] = 'Please, fill the form. All fields are required!';
 $messages['passwordsdiffer'] = 'Passwords do not match!';
-$messages['nonameident'] = 'Identity must have a user name defined!';
 $messages['keygenerateerror'] = 'Failed to generate a key pair';
 $messages['keygeneratesuccess'] = 'A key pair generated and imported successfully.';
 $messages['keygennosupport'] = 'Your web browser does not support cryptography. Unable to generate a key pair!';
+$messages['noidentselected'] = 'You have to select at least one identity for the key!';
+
+// removed in 1.3
+$messages['nonameident'] = 'Identity must have a user name defined!';
 
 ?>

plugins/enigma/skins/classic/enigma.css

@@ -156,6 +156,10 @@ div.enigmascreen
   padding: 5px 0px;
 }
 
+#keycreateform td > label {
+  display: block;
+}
+
 #keystoolbar
 {
   position: absolute;

plugins/enigma/skins/classic/templates/keycreate.html

@@ -9,7 +9,7 @@
 <div id="keyimport-title" class="boxtitle"><roundcube:label name="enigma.createkeys" /></div>
 
 <div id="import-form" class="boxcontent">
-    <roundcube:object name="keyform" class="propform" size="40" textareacols="40" textarearows="6" />
+    <roundcube:object name="keyform" id="keycreateform" class="propform" size="40" textareacols="40" textarearows="6" />
 
     <div id="formfooter">
         <div class="footerleft">

plugins/enigma/skins/larry/enigma.css

@@ -149,6 +149,10 @@ p.enigmaattachment a {
   padding: 10px;
 }
 
+#keycreateform td > label {
+  display: block;
+}
+
 #keystoolbar
 {
   position: absolute;

plugins/enigma/skins/larry/templates/keycreate.html

@@ -9,7 +9,7 @@
 <h1 class="boxtitle"><roundcube:label name="enigma.createkeys" /></h1>
 
 <div id="key-details" class="boxcontent">
-    <roundcube:object name="keyform" class="propform" size="40" textareacols="40" textarearows="6" />
+    <roundcube:object name="keyform" id="keycreateform" class="propform" size="40" textareacols="40" textarearows="6" />
 </div>
 
 <div class="footerleft formbuttons">