Enigma: Support key generation for multiple identities (#5383)

Update OpenPGP.js to version 1.6.2.
Get rid of server-side key generation - Crypt_GPG does not support
multiple user IDs, it's also slow and requires entrophy generator.
pull/5335/merge
Aleksander Machniak 8 years ago
parent 48585867f3
commit 462faace73

@ -22,6 +22,7 @@ CHANGELOG Roundcube Webmail
- Remove PHP mail() support, smtp_server is required now (#5340)
- Display full message subject in onmouseover on truncated subject in mail view (#5346)
- Searching in both contacts and groups when LDAP addressbook with group_filters option is used
- Enigma: Support key generation for multiple identities (#5383)
- Enigma: Import keys from key-server(s) (#5286)
- Enigma: Search missing public keys on a key-server in mail compose (#5286)
- Enigma: Delete user keys when using deluser.sh script

@ -36,13 +36,11 @@ TODO:
- Search filter to see invalid/expired keys
- Key server(s) support (upload, refresh)
- Mark keys as trusted/untrasted, display appropriate message in verify/decrypt status
- Change attachment icon on messages list for encrypted messages (like vcard_attachment plugin does)
- Support for multi-server installations (store keys in sql database?)
- Per-Identity settings (including keys/certs)
- Performance improvements:
- cache decrypted message key id so we can skip decryption if we have no password in session
- cache (last or successful only?) sig verification status to not verify on every msg preview (optional)
- S/MIME: Certs generation
- S/MIME: Certs generation (?)
- S/MIME: Certs management
- S/MIME: signed messages verification
- S/MIME: encrypted messages decryption

@ -46,17 +46,6 @@ $config['enigma_attach_pubkey'] = false;
// When set to 0 passwords will be stored for the whole session.
$config['enigma_password_time'] = 5;
// Enables server-side keys generation which would be used
// if user browser does not support web-crypto features.
//
// WARNING: Key generation requires true random numbers, and as such can be
// slow. If the operating system runs out of entropy, key generation will
// block until more entropy is available.
//
// To solve that a hardware entropy generator or
// an entropy gathering daemon may be installed (e.g. randomsound).
$config['enigma_keygen_server'] = false;
// With this option you can lock composing options
// of the plugin forcing the user to use configured settings.
// The array accepts: 'sign', 'encrypt', 'pubkey'.

@ -93,12 +93,15 @@ rcube_webmail.prototype.enigma_key_create = function()
// Generate key(s) and submit them
rcube_webmail.prototype.enigma_key_create_save = function()
{
var options, lock,
user = $('#key-ident > option').filter(':selected').text(),
var options, lock, users = [],
password = $('#key-pass').val(),
confirm = $('#key-pass-confirm').val(),
size = $('#key-size').val();
$('[name="identity[]"]:checked').each(function() {
users.push(this.value);
});
// validate the form
if (!password || !confirm)
return alert(this.get_label('enigma.formerror'));
@ -106,8 +109,8 @@ rcube_webmail.prototype.enigma_key_create_save = function()
if (password != confirm)
return alert(this.get_label('enigma.passwordsdiffer'));
if (user.match(/^<[^>]+>$/))
return alert(this.get_label('enigma.nonameident'));
if (!users.length)
return alert(this.get_label('enigma.noidentselected'));
// generate keys
// use OpenPGP.js if browser supports required features
@ -115,7 +118,7 @@ rcube_webmail.prototype.enigma_key_create_save = function()
lock = this.set_busy(true, 'enigma.keygenerating');
options = {
numBits: size,
userId: user,
userId: users,
passphrase: password
};
@ -131,12 +134,6 @@ rcube_webmail.prototype.enigma_key_create_save = function()
rcmail.display_message(rcmail.get_label('enigma.keygenerateerror'), 'error');
});
}
// generate keys on the server
else if (rcmail.env.enigma_keygen_server) {
lock = this.set_busy(true, 'enigma.keygenerating');
options = {_a: 'generate', _user: user, _password: password, _size: size};
rcmail.http_post('plugin.enigmakeys', options, lock);
}
else {
rcmail.display_message(rcmail.get_label('enigma.keygennosupport'), 'error');
}

@ -624,6 +624,12 @@ class enigma_ui
*/
private function key_generate()
{
// Crypt_GPG does not support key generation for multiple identities
// It is also very slow (which is problematic because it may exceed
// request time limit) and requires entropy generator
// That's why we use only OpenPGP.js method of key generation
return;
$user = rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST, true);
$pass = rcube_utils::get_input_value('_password', rcube_utils::INPUT_POST, true);
$size = (int) rcube_utils::get_input_value('_size', rcube_utils::INPUT_POST);
@ -669,8 +675,6 @@ class enigma_ui
'keyform' => array($this, 'tpl_key_create_form'),
));
$this->rc->output->set_env('enigma_keygen_server', $this->rc->config->get('enigma_keygen_server'));
$this->rc->output->set_pagetitle($this->enigma->gettext('keygenerate'));
$this->rc->output->send('enigma.keycreate');
}
@ -685,16 +689,14 @@ class enigma_ui
// get user's identities
$identities = $this->rc->user->list_identities(null, true);
// Identity
$select = new html_select(array('name' => 'identity', 'id' => 'key-ident'));
$checkbox = new html_checkbox(array('name' => 'identity[]'));
foreach ((array) $identities as $idx => $ident) {
$name = empty($ident['name']) ? ('<' . $ident['email'] . '>') : $ident['ident'];
$select->add($name, $idx);
$name = empty($ident['name']) ? ($ident['email']) : $ident['ident'];
$identities[$idx] = html::label(null, $checkbox->show($name, array('value' => $name)) . rcube::Q($name));
}
$table->add('title', html::label('key-name', rcube::Q($this->enigma->gettext('newkeyident'))));
$table->add(null, $select->show(0));
$table->add(null, implode($identities, "\n"));
// Key size
$select = new html_select(array('name' => 'size', 'id' => 'key-size'));
@ -715,7 +717,7 @@ class enigma_ui
$this->rc->output->add_gui_object('keyform', $attrib['id']);
$this->rc->output->add_label('enigma.keygenerating', 'enigma.formerror',
'enigma.passwordsdiffer', 'enigma.keygenerateerror', 'enigma.nonameident',
'enigma.passwordsdiffer', 'enigma.keygenerateerror', 'enigma.noidentselected',
'enigma.keygennosupport');
return $this->rc->output->form_tag(array(), $table->show($attrib));

@ -126,9 +126,12 @@ $messages['keyimportsearchtext'] = 'You can search for public keys by key identi
$messages['formerror'] = 'Please, fill the form. All fields are required!';
$messages['passwordsdiffer'] = 'Passwords do not match!';
$messages['nonameident'] = 'Identity must have a user name defined!';
$messages['keygenerateerror'] = 'Failed to generate a key pair';
$messages['keygeneratesuccess'] = 'A key pair generated and imported successfully.';
$messages['keygennosupport'] = 'Your web browser does not support cryptography. Unable to generate a key pair!';
$messages['noidentselected'] = 'You have to select at least one identity for the key!';
// removed in 1.3
$messages['nonameident'] = 'Identity must have a user name defined!';
?>

File diff suppressed because one or more lines are too long

@ -156,6 +156,10 @@ div.enigmascreen
padding: 5px 0px;
}
#keycreateform td > label {
display: block;
}
#keystoolbar
{
position: absolute;

@ -9,7 +9,7 @@
<div id="keyimport-title" class="boxtitle"><roundcube:label name="enigma.createkeys" /></div>
<div id="import-form" class="boxcontent">
<roundcube:object name="keyform" class="propform" size="40" textareacols="40" textarearows="6" />
<roundcube:object name="keyform" id="keycreateform" class="propform" size="40" textareacols="40" textarearows="6" />
<div id="formfooter">
<div class="footerleft">

@ -149,6 +149,10 @@ p.enigmaattachment a {
padding: 10px;
}
#keycreateform td > label {
display: block;
}
#keystoolbar
{
position: absolute;

@ -9,7 +9,7 @@
<h1 class="boxtitle"><roundcube:label name="enigma.createkeys" /></h1>
<div id="key-details" class="boxcontent">
<roundcube:object name="keyform" class="propform" size="40" textareacols="40" textarearows="6" />
<roundcube:object name="keyform" id="keycreateform" class="propform" size="40" textareacols="40" textarearows="6" />
</div>
<div class="footerleft formbuttons">

Loading…
Cancel
Save