Enigma S/MIME support

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Enigma S/MIME support

Kyle Francis
Alec,

Thanks for helping me get up and running with the enigma plugin and for
pointing me to the previously existing work on an SMIME plugin.

For those of you who don't know and are interested, I'm a Master's
Candidate and I'm implementing S/MIME in the enigma plugin for an
independent study this semester.

So far I have implemented the following features:

- Import PKCS#12 certificate store (password protected)
    - Pub cert, priv key, any additional certs contained in the store
treated as CA certs.
    - create a hashed directory of CA certs
- Verify S/MIME signatures (pkcs7-signatures .p7s)
- Decrypt S/MIME encrypted emails
   - Decrypt and verify signed then encrypted emails

Features that are not yet complete:

- Encrypt only outgoing
    - Add menu option to Compose Window
- Sign only outgoing (clear signing)
    - Add menu option to Compose window
- Encrypt then Sign
- Sign then Encrypt
- List certs/details from settings view
- Verify pkcs7-mime (.p7m) signed emails
- Generate CSR
- Handle CRL's (.p7c)

Modifications are available at github.com/guitarmanusa/roundcubemail in
a branch called enigma-smime-dev.

--

Kyle Francis
M.S.IT Candidate
Rensselaer Polytechnic Institute
Email - [hidden email]
         [hidden email]
_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Enigma S/MIME support

A.L.E.C
On 03/24/2016 10:07 PM, Kyle Francis wrote:
> Modifications are available at github.com/guitarmanusa/roundcubemail in
> a branch called enigma-smime-dev.

It's great to see your progress. However, you didn't fork our repository
and I don't see a simple way to compare both, i.e. to see all your
changes in one diff. Now it might be not so hard as all your commits are
in one go, but when you merge some upstream changes it will become harder.

Also, I see some commits that fix some issues in existing pgp-related
code. Could you create PRs for them separately? It would be simpler to
merge them separately and the rest when you finish with S/MIME.

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer        [http://kolab.org]
Roundcube Webmail Developer  [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Enigma S/MIME support

Kyle Francis

My apologies.  This is my first time working with someone else's repo.  I'll go ahead and delete my repo, then fork.  This will give me a chance to reorganize my commits too, as they were rather sporadic.  I'll let you when that's done.  If any of my gpg related changes are still valid I'll submit a PR as well.

-Kyle


_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Enigma S/MIME support

Kyle Francis
Fork completed and commits re-added.  Thanks for getting me squared
away.  I hope I did it right and that makes it easier for you.

Looking back on it I think the only GPG related change I made was that I
had to extend the decrypt() method abstract in enigma_engine.php so I
had to change the decrypt() function definition in
enigma_driver_gnupg.php.  But that should be all.  I'll include that in
the PR that I do when I get everything up and running with SMIME.

-Kyle

On 2016-03-25 08:08, Kyle Francis wrote:

> My apologies. This is my first time working with someone else's repo.
> I'll go ahead and delete my repo, then fork. This will give me a
> chance to reorganize my commits too, as they were rather sporadic.
> I'll let you when that's done. If any of my gpg related changes are
> still valid I'll submit a PR as well.
>
> -Kyle
> _______________________________________________
> Roundcube Development discussion mailing list
> [hidden email]
> http://lists.roundcube.net/mailman/listinfo/dev
_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Enigma S/MIME support

A.L.E.C
In reply to this post by Kyle Francis
On 03/24/2016 10:07 PM, Kyle Francis wrote:
> Modifications are available at github.com/guitarmanusa/roundcubemail in
> a branch called enigma-smime-dev.

Hi Kyle!

What is the status of your work on S/MIME. I see in the repo that work
stopped in March, but on the other hand I see on the list that you still
have been working on this in May.

It would be great to have this in Roundcube 1.3. I could help with that.

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer        [http://kolab.org]
Roundcube Webmail Developer  [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Enigma S/MIME support

Kyle Francis

Hey Alec,

I switched gears at the end of May to working on the hybrid decryption. 

For SMIME, I just have some key management tasks to finish up.  I'm also having a bigger issue that I think is an issue with the php openssl commands.  When encrypting an outgoing email, on most emails encrypting with the senders certificate is unable to be decrypted with the senders certificate.  For example, when sending I am encrypting with the senders certificate and with the certificates of all the recipients.  The resulting email can be decrypted in Thunderbird/enigmail and openssl via the command prompt, but when I go to the sent folder in roundcube the email is unable to be decrypted.  Openssl also gives an error about invalid formatting.  I can send the exact error when I get back to my workstation. 

The certificate in question is valid for encrypting.  And some shorter emails encrypt/decrypt successfully.  From my testing it appears as though it's a bug with the php function openssl_pkcs7_encrypt() but any troubleshooting ideas would be appreciated. 

I will try to send later today the exact errors I'm receiving and examples of emails that do and do not encrypt/decrypt correctly.

-Kyle


_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Enigma S/MIME support

Vladimir Gorpenko
Hello!
 
Did Alec gave you my texts on S/MIME which I sent him earlier?
Everything works for me. But I didn't use the Enigma.
 
Best regards,
   Vladimir

 

Kyle Francis писал 2016-08-23 14:14:

Hey Alec,

I switched gears at the end of May to working on the hybrid decryption. 

For SMIME, I just have some key management tasks to finish up.  I'm also having a bigger issue that I think is an issue with the php openssl commands.  When encrypting an outgoing email, on most emails encrypting with the senders certificate is unable to be decrypted with the senders certificate.  For example, when sending I am encrypting with the senders certificate and with the certificates of all the recipients.  The resulting email can be decrypted in Thunderbird/enigmail and openssl via the command prompt, but when I go to the sent folder in roundcube the email is unable to be decrypted.  Openssl also gives an error about invalid formatting.  I can send the exact error when I get back to my workstation. 

The certificate in question is valid for encrypting.  And some shorter emails encrypt/decrypt successfully.  From my testing it appears as though it's a bug with the php function openssl_pkcs7_encrypt() but any troubleshooting ideas would be appreciated. 

I will try to send later today the exact errors I'm receiving and examples of emails that do and do not encrypt/decrypt correctly.

-Kyle


_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev

_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Enigma S/MIME support

Kyle Francis

Vladimir,

I believe so, that was the vgo plugin?  I'll take a look at where you handle encryption.  Thanks.

Kyle


On Aug 23, 2016 7:27 AM, Владимир Горпенко <[hidden email]> wrote:
Hello!
 
Did Alec gave you my texts on S/MIME which I sent him earlier?
Everything works for me. But I didn't use the Enigma.
 
Best regards,
   Vladimir

 

Kyle Francis писал 2016-08-23 14:14:

Hey Alec,

I switched gears at the end of May to working on the hybrid decryption. 

For SMIME, I just have some key management tasks to finish up.  I'm also having a bigger issue that I think is an issue with the php openssl commands.  When encrypting an outgoing email, on most emails encrypting with the senders certificate is unable to be decrypted with the senders certificate.  For example, when sending I am encrypting with the senders certificate and with the certificates of all the recipients.  The resulting email can be decrypted in Thunderbird/enigmail and openssl via the command prompt, but when I go to the sent folder in roundcube the email is unable to be decrypted.  Openssl also gives an error about invalid formatting.  I can send the exact error when I get back to my workstation. 

The certificate in question is valid for encrypting.  And some shorter emails encrypt/decrypt successfully.  From my testing it appears as though it's a bug with the php function openssl_pkcs7_encrypt() but any troubleshooting ideas would be appreciated. 

I will try to send later today the exact errors I'm receiving and examples of emails that do and do not encrypt/decrypt correctly.

-Kyle


_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev


_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Enigma S/MIME support

Vladimir Gorpenko

Kyle,

I didn't even know that it was laid out somewhere. "vgo" - it really my nic. But this plugin requires adding of several hooks in RC. Therefore I was surprised that it somewhere is available.

During its writing there were difficulties with php openssl. Therefore in some places my text can be the strange.
 
I am not engaged in this task since January and already forgot everything. But if you have questions, I will try to recall.

In that text there were several minor errors which were corrected later.

Best regards,
   Vladimir

 

Kyle Francis писал 2016-08-23 14:51:

Vladimir,

I believe so, that was the vgo plugin?  I'll take a look at where you handle encryption.  Thanks.

Kyle


On Aug 23, 2016 7:27 AM, Владимир Горпенко <[hidden email]> wrote:
Hello!
 
Did Alec gave you my texts on S/MIME which I sent him earlier?
Everything works for me. But I didn't use the Enigma.
 
Best regards,
   Vladimir

 

Kyle Francis писал 2016-08-23 14:14:

Hey Alec,

I switched gears at the end of May to working on the hybrid decryption. 

For SMIME, I just have some key management tasks to finish up.  I'm also having a bigger issue that I think is an issue with the php openssl commands.  When encrypting an outgoing email, on most emails encrypting with the senders certificate is unable to be decrypted with the senders certificate.  For example, when sending I am encrypting with the senders certificate and with the certificates of all the recipients.  The resulting email can be decrypted in Thunderbird/enigmail and openssl via the command prompt, but when I go to the sent folder in roundcube the email is unable to be decrypted.  Openssl also gives an error about invalid formatting.  I can send the exact error when I get back to my workstation. 

The certificate in question is valid for encrypting.  And some shorter emails encrypt/decrypt successfully.  From my testing it appears as though it's a bug with the php function openssl_pkcs7_encrypt() but any troubleshooting ideas would be appreciated. 

I will try to send later today the exact errors I'm receiving and examples of emails that do and do not encrypt/decrypt correctly.

-Kyle


_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev

_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev

_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev