You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
roundcubemail/plugins/enigma
Aleksander Machniak 0786ab8187 Update localization 5 years ago
..
lib Fix implode() wrong parameter order (#6866) 5 years ago
localization Update localization 5 years ago
skins Elastic: Fix selection button icon in Enigma 5 years ago
tests dirname(__FILE__) -> __DIR__ 10 years ago
.gitignore Ignore enigma home dir 7 years ago
README Enigma: Fix bug where revoked users/keys were not greyed out in key info 6 years ago
composer.json Bump version number 6 years ago
config.inc.php.dist Remove default for enigma_pgp_homedir (#6173) 7 years ago
enigma.js Unified and simplified keypress event handling on a list widget 5 years ago
enigma.php Fix '\n' visible when identity has multiple GPG keys (#6885) 5 years ago

README

Enigma Plugin for Roundcube

This plugin adds support for viewing and sending of signed and encrypted
messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format.

The plugin uses gpg binary on the server and stores all keys
(including private keys of the users) on the server.
Encryption/decryption is done server-side. So, this plugin
is for users that trust the server.

For multi-host environments see enigma_multihost setting description.

Implemented features:
+ PGP: signatures verification
+ PGP: messages decryption
+ PGP: Sending of encrypted/signed messages
+ PGP: keys management UI (key import, export, delete)
+ PGP: key generation (client- or server-side)
+ Handling of PGP keys attached to incoming messages
+ User preferences to disable plugin features
+ Attaching public keys to email
+ Key server(s) support (search, import)


INSTALLATION
------------

1. Rename config.inc.php.dist to config.inc.php.
2. Create a directory for keys storage that is writeable for the PHP process.
   This directory should be out of the document root, so it is not accessible
   from the web browser. Set it's location in $config['enigma_pgp_homedir'].
3. Make sure GnuPG is installed.


TODO
----

- Handling of big messages with temp files (? - security)
- Key info in contact details page (optional)
- Extended key management:
   - disable,
   - revoke,
   - change expiration date, change passphrase, add photo,
   - manage user IDs
   - export private keys
- Generate revocation certs
- Search filter to see invalid/expired keys
- Key server(s) support (upload, refresh)
- Mark keys as trusted/untrasted, display appropriate message in verify/decrypt status
- Performance improvements:
   - cache decrypted message key id so we can skip decryption if we have no password in session
   - cache (last or successful only?) sig verification status to not verify on every msg preview (optional)
- S/MIME: Certs generation (?)
- S/MIME: Certs management
- S/MIME: signed messages verification
- S/MIME: encrypted messages decryption
- S/MIME: Sending signed/encrypted messages
- S/MIME: Handling of certs attached to incoming messages
- S/MIME: Certificate info in Contacts details page (optional)


KNOWN ISSUES
------------

There are some known issues with accepting key passphrases on various
system configurations. This is caused by issues in PinEntry handling.
Make sure that vendor/bin/crypt-gpg-pinentry works from command line.

Possible reasons:
- non-working loader in shebang (#! /usr/bin/env php)
  Make sure it works for the user the php scripts are executed upon
  (i.e. apache, www-data, etc.)
- SELinux setting, try command: setsebool -P httpd_unified 0

Note: pinentry is used with gpg >= 2.0 and <= 2.1.12.
Note: for server use GnuPG developers still recommend version 1.4.