Enigma Plugin for Roundcube
This plugin adds support for viewing and sending of signed and encrypted
messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format.
The plugin uses gpg binary on the server and stores all keys
(including private keys of the users) on the server.
Encryption/decryption is done server-side. So, this plugin
is for users that trust the server.
For multi-host environments see enigma_multihost setting description.
Implemented features:
+ PGP: signatures verification
+ PGP: messages decryption
+ PGP: Sending of encrypted/signed messages
+ PGP: keys management UI (key import, export, delete)
+ PGP: key generation (client- or server-side)
+ Handling of PGP keys attached to incoming messages
+ User preferences to disable plugin features
+ Attaching public keys to email
+ Key server(s) support (search, import)
INSTALLATION
------------
1. Rename config.inc.php.dist to config.inc.php.
2. Create a directory for keys storage that is writeable for the PHP process.
This directory should be out of the document root, so it is not accessible
from the web browser. Set it's location in $config['enigma_pgp_homedir'].
3. Make sure GnuPG is installed.
TODO
----
- Handling of big messages with temp files (? - security)
- Key info in contact details page (optional)
- Extended key management:
- disable,
- revoke,
- change expiration date, change passphrase, add photo,
- manage user IDs
- export private keys
- Generate revocation certs
- Search filter to see invalid/expired keys
- Key server(s) support (upload, refresh)
- Mark keys as trusted/untrasted, display appropriate message in verify/decrypt status
- Performance improvements:
- cache decrypted message key id so we can skip decryption if we have no password in session
- cache (last or successful only?) sig verification status to not verify on every msg preview (optional)
- S/MIME: Certs generation (?)
- S/MIME: Certs management
- S/MIME: signed messages verification
- S/MIME: encrypted messages decryption
- S/MIME: Sending signed/encrypted messages
- S/MIME: Handling of certs attached to incoming messages
- S/MIME: Certificate info in Contacts details page (optional)
KNOWN ISSUES
------------
There are some known issues with accepting key passphrases on various
system configurations. This is caused by issues in PinEntry handling.
Make sure that vendor/bin/crypt-gpg-pinentry works from command line.
Possible reasons:
- non-working loader in shebang (#! /usr/bin/env php)
Make sure it works for the user the php scripts are executed upon
(i.e. apache, www-data, etc.)
- SELinux setting, try command: setsebool -P httpd_unified 0
Note: pinentry is used with gpg >= 2.0 and <= 2.1.12.
Note: for server use GnuPG developers still recommend version 1.4.