Discussion:
[RCD] Enigma S/MIME support
Kyle Francis
2016-03-24 21:07:26 UTC
Permalink
Alec,

Thanks for helping me get up and running with the enigma plugin and for
pointing me to the previously existing work on an SMIME plugin.

For those of you who don't know and are interested, I'm a Master's
Candidate and I'm implementing S/MIME in the enigma plugin for an
independent study this semester.

So far I have implemented the following features:

- Import PKCS#12 certificate store (password protected)
- Pub cert, priv key, any additional certs contained in the store
treated as CA certs.
- create a hashed directory of CA certs
- Verify S/MIME signatures (pkcs7-signatures .p7s)
- Decrypt S/MIME encrypted emails
- Decrypt and verify signed then encrypted emails

Features that are not yet complete:

- Encrypt only outgoing
- Add menu option to Compose Window
- Sign only outgoing (clear signing)
- Add menu option to Compose window
- Encrypt then Sign
- Sign then Encrypt
- List certs/details from settings view
- Verify pkcs7-mime (.p7m) signed emails
- Generate CSR
- Handle CRL's (.p7c)

Modifications are available at github.com/guitarmanusa/roundcubemail in
a branch called enigma-smime-dev.
--
Kyle Francis
M.S.IT Candidate
Rensselaer Polytechnic Institute
Email - ***@rpi.edu
***@linuxtoolbox.ninja
A.L.E.C
2016-03-25 11:17:22 UTC
Permalink
Post by Kyle Francis
Modifications are available at github.com/guitarmanusa/roundcubemail in
a branch called enigma-smime-dev.
It's great to see your progress. However, you didn't fork our repository
and I don't see a simple way to compare both, i.e. to see all your
changes in one diff. Now it might be not so hard as all your commits are
in one go, but when you merge some upstream changes it will become harder.

Also, I see some commits that fix some issues in existing pgp-related
code. Could you create PRs for them separately? It would be simpler to
merge them separately and the rest when you finish with S/MIME.
--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer [http://kolab.org]
Roundcube Webmail Developer [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
Kyle Francis
2016-03-25 12:08:10 UTC
Permalink
_______________________________________________
Roundcube Development discussion mailing list
***@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Kyle Francis
2016-03-26 02:47:34 UTC
Permalink
Fork completed and commits re-added. Thanks for getting me squared
away. I hope I did it right and that makes it easier for you.

Looking back on it I think the only GPG related change I made was that I
had to extend the decrypt() method abstract in enigma_engine.php so I
had to change the decrypt() function definition in
enigma_driver_gnupg.php. But that should be all. I'll include that in
the PR that I do when I get everything up and running with SMIME.

-Kyle
My apologies. This is my first time working with someone else's repo.
I'll go ahead and delete my repo, then fork. This will give me a
chance to reorganize my commits too, as they were rather sporadic.
I'll let you when that's done. If any of my gpg related changes are
still valid I'll submit a PR as well.
-Kyle
_______________________________________________
Roundcube Development discussion mailing list
http://lists.roundcube.net/mailman/listinfo/dev
A.L.E.C
2016-08-23 07:12:29 UTC
Permalink
Post by Kyle Francis
Modifications are available at github.com/guitarmanusa/roundcubemail in
a branch called enigma-smime-dev.
Hi Kyle!

What is the status of your work on S/MIME. I see in the repo that work
stopped in March, but on the other hand I see on the list that you still
have been working on this in May.

It would be great to have this in Roundcube 1.3. I could help with that.
--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer [http://kolab.org]
Roundcube Webmail Developer [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
Kyle Francis
2016-08-23 11:14:51 UTC
Permalink
_______________________________________________
Roundcube Development discussion mailing list
***@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Владимир Горпенко
2016-08-23 11:27:29 UTC
Permalink
Hello!

Did Alec gave you my texts on S/MIME which I sent him earlier?
Everything works for me. But I didn't use the Enigma.

Best regards,
Vladimir
Hey Alec,
I switched gears at the end of May to working on the hybrid decryption.
For SMIME, I just have some key management tasks to finish up. I'm also having a bigger issue that I think is an issue with the php openssl commands. When encrypting an outgoing email, on most emails encrypting with the senders certificate is unable to be decrypted with the senders certificate. For example, when sending I am encrypting with the senders certificate and with the certificates of all the recipients. The resulting email can be decrypted in Thunderbird/enigmail and openssl via the command prompt, but when I go to the sent folder in roundcube the email is unable to be decrypted. Openssl also gives an error about invalid formatting. I can send the exact error when I get back to my workstation.
The certificate in question is valid for encrypting. And some shorter emails encrypt/decrypt successfully. From my testing it appears as though it's a bug with the php function openssl_pkcs7_encrypt() but any troubleshooting ideas would be appreciated.
I will try to send later today the exact errors I'm receiving and examples of emails that do and do not encrypt/decrypt correctly.
-Kyle
_______________________________________________
Roundcube Development discussion mailing list
http://lists.roundcube.net/mailman/listinfo/dev
Kyle Francis
2016-08-23 11:51:31 UTC
Permalink
_______________________________________________
Roundcube Development discussion mailing list
***@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Владимир Горпенко
2016-08-23 12:07:40 UTC
Permalink
Kyle,

I didn't even know that it was laid out somewhere. "vgo" - it really my
nic. But this plugin requires adding of several hooks in RC. Therefore I
was surprised that it somewhere is available.

During its writing there were difficulties with php openssl. Therefore
in some places my text can be the strange.

I am not engaged in this task since January and already forgot
everything. But if you have questions, I will try to recall.

In that text there were several minor errors which were corrected later.

Best regards,
Vladimir
Vladimir,
I believe so, that was the vgo plugin? I'll take a look at where you handle encryption. Thanks.
Kyle
Hello!
Did Alec gave you my texts on S/MIME which I sent him earlier?
Everything works for me. But I didn't use the Enigma.
Best regards,
Vladimir
Hey Alec,
I switched gears at the end of May to working on the hybrid decryption.
For SMIME, I just have some key management tasks to finish up. I'm also having a bigger issue that I think is an issue with the php openssl commands. When encrypting an outgoing email, on most emails encrypting with the senders certificate is unable to be decrypted with the senders certificate. For example, when sending I am encrypting with the senders certificate and with the certificates of all the recipients. The resulting email can be decrypted in Thunderbird/enigmail and openssl via the command prompt, but when I go to the sent folder in roundcube the email is unable to be decrypted. Openssl also gives an error about invalid formatting. I can send the exact error when I get back to my workstation.
The certificate in question is valid for encrypting. And some shorter emails encrypt/decrypt successfully. From my testing it appears as though it's a bug with the php function openssl_pkcs7_encrypt() but any troubleshooting ideas would be appreciated.
I will try to send later today the exact errors I'm receiving and examples of emails that do and do not encrypt/decrypt correctly.
-Kyle
_______________________________________________
Roundcube Development discussion mailing list
http://lists.roundcube.net/mailman/listinfo/dev
Continue reading on narkive:
Loading...