#98 OpenPGP implementation

open
nobody
1
2007-08-02
2007-08-02
naufragio
No

I use GPG with my email client, but when I'm away from home, and I receive encrypted messages, I can't read them in Webmail. It would be handy, at least for me, to be able to sign, encrypt, read signatures, and decrypt messages in Webmail.

I'll admit I suspect not many Webmail users use GPG, but I know there are at least some. If there was a feature available in Webmail, who knows, maybe some people would start using it.

If the Webmail team isn't interested in working on this themselves, this seems like the sort of project some CS students would enjoy.

See these email threads for some discussion about how this could be implemented:

http://lists.ufl.edu/cgi-bin/wa?A2=ind07&L=ffc-discus-l&D=1&T=0&O=D&P=14385
http://lists.ufl.edu/cgi-bin/wa?A2=ind07&L=linux-l&D=1&T=0&P=61284

Discussion

  • Sandy McArthur
    Sandy McArthur
    2007-08-02

    • labels: --> Message View
    • priority: 5 --> 1
     
  • Sandy McArthur
    Sandy McArthur
    2007-08-02

    Logged In: YES
    user_id=45467
    Originator: NO

    Would you really trust a shared server maintained by someone else with your private PGP key?!? Yes, it could be stored on the server in an encrypted form but to actually sign/encrypt it would have to be decrypted briefly by the server. At some level you have to trust your system admins to get stuff done, but you should never trust them that much.

    Now, checking and verifying received messages and public keys would be a nice feature ... but demand for that has been rather low. (As I recall, you're the first to ask.)

     
  • naufragio
    naufragio
    2007-08-02

    Logged In: YES
    user_id=1858775
    Originator: YES

    You're right, I don't want to trust the server with my private key. Unfortunately, there's no good solution for "GPG on the road"... I just have to bring my key with me.

    But as we discuss in the email threads linked in the bug report, the best solution we could come up with is an API for the server to talk to the browser, and the browser is the one with access to the private key. Again, that's not a great solution for "on the road", but at least it'd work for the user who only uses WebMail.