Kyle Francis
2016-10-06 16:43:15 UTC
So it appears as though there is a bug in decrypting emails when using
. It appears as though the error only surfaces (sometimes) when
decrypting with the sender's credentials. This leads to some, not all,
messages not being able to be decrypted from the "Sent" folder in
Roundcube. The emails that cannot be decrypted from the "Sent" folder
are successfully decrypted when viewing in Thunderbird (either from the
recipients account or the sender's account). This tells me the bug is
with the php function openssl_pkcs7_decrypt. The same email is also not
able to be decrypted utilizing openssl from the command line.
All emails successfully decrypt with gpgsm.
I could do one of two things:
1. Decrypt utilizing gpgsm, keep openssl_pkcs7_* functions for
everything else and
attempt to fix/submit patch for openssl[_pkcs7_decrypt] function at
a later date.
Pro - least amount of re-work
could make it into an upcoming beta
Con - "messy"/fragmented solution
2. Re-write all openssl_pkcs7_* PHP functions to utilize gpgsm
Pro - unified, "clean" solution
gpgsm integrates with gpg for public/private key storage
decrypted emails would never be written to file
Con - extensive rework
Probably won't make the next beta
Importing pkcs12 files into keyrings is currently "messy"
and would still require use of openssl_pkcs7 function for
certificate manipulation
I'd really like to see this feature be wrapped up, but I also want to do
it right. Thoughts?
-Kyle
. It appears as though the error only surfaces (sometimes) when
decrypting with the sender's credentials. This leads to some, not all,
messages not being able to be decrypted from the "Sent" folder in
Roundcube. The emails that cannot be decrypted from the "Sent" folder
are successfully decrypted when viewing in Thunderbird (either from the
recipients account or the sender's account). This tells me the bug is
with the php function openssl_pkcs7_decrypt. The same email is also not
able to be decrypted utilizing openssl from the command line.
All emails successfully decrypt with gpgsm.
I could do one of two things:
1. Decrypt utilizing gpgsm, keep openssl_pkcs7_* functions for
everything else and
attempt to fix/submit patch for openssl[_pkcs7_decrypt] function at
a later date.
Pro - least amount of re-work
could make it into an upcoming beta
Con - "messy"/fragmented solution
2. Re-write all openssl_pkcs7_* PHP functions to utilize gpgsm
Pro - unified, "clean" solution
gpgsm integrates with gpg for public/private key storage
decrypted emails would never be written to file
Con - extensive rework
Probably won't make the next beta
Importing pkcs12 files into keyrings is currently "messy"
and would still require use of openssl_pkcs7 function for
certificate manipulation
I'd really like to see this feature be wrapped up, but I also want to do
it right. Thoughts?
-Kyle