Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S/MIME support #7085

Closed
6 tasks done
ChristophWurst opened this issue Aug 25, 2022 · 2 comments
Closed
6 tasks done

S/MIME support #7085

ChristophWurst opened this issue Aug 25, 2022 · 2 comments
Labels
2. developing enhancement skill:backend Issues and PRs that require backend development skills skill:frontend Issues and PRs that require JavaScript/Vue/styling development skills

Comments

@ChristophWurst
Copy link
Member

ChristophWurst commented Aug 25, 2022
edited by st3iny
Loading

Is your feature request related to a problem? Please describe.

As a user I want to send email in the most secure and trustworthy way. One of the many ways to secure an email is S/MIME.

This standard can be used to

  1. Sign a message – multipart/signed
  2. Encrypt a message – multipart/encrypted
  3. Sign and encrypt a message

Right now the app supports inline encryption with the help of Mailvelope. This covers the PGP/INLINE standard.

In contrast to PGP/MIME #3833 that uses a web of trust, s/mime uses a public key infrastructure. This makes key handling more practical for some environments.

Describe the solution you'd like

0. Key management

1. Verifying a signed message

Requires the sender's public key.

The app has to verify that a message is valid. Ideally it can also show the certificate information to the user.

2. Encrypting messages

Requires the public keys of all recipients. Also requires the user's own public key if the message in Sent should be decryptable.

3. Signing messages

Requires the private key.

4. Decrypting a message

Requires the private key.

Describe alternatives you've considered

PGP/MIME - #3833

Reference implementation

Google's hosted S/MIME

Encryption, decryption and signatures handled transparently at the cost of handing the private key to google.

https://support.google.com/a/answer/6374496
https://formsmarts.com/gmail-smime-encrypted-email

Mailpile

mailpile/Mailpile#81

Interesting thought on key management: mailpile/Mailpile#81 (comment)

Mew

https://www.mew.org/en/feature/smime.html

Not a comparable application, but interesting usage of gpgsm as backend.

Horde

https://www.horde.org/apps/webmail/

Thunderbird

https://www.ssl.com/how-to/installing-an-s-mime-certificate-and-sending-secure-email-in-mozilla-thunderbird-on-windows-10/

Outlook web

https://support.microsoft.com/en-us/office/encrypt-messages-by-using-s-mime-in-outlook-web-app-2e57e4bd-4cc2-4531-9a39-426e7c873e26

Roundcube

Doesn't have it either yet, but there is a similar ticket: roundcube/roundcubemail#4977.

Particularly interesting is the draft roadmap for implementation: roundcube/roundcubemail#4977 (comment). It makes sense to start with the parts that do not require a private key. Those can be done on the backend without special measures.

PR for signed message verification: roundcube/roundcubemail#6043

Zoho

https://www.zoho.com/mail/help/s-mime.html

Caveats

Work packages

Additional context

Ref https://www.rfc-editor.org/rfc/rfc1847 Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted
Ref https://www.rfc-editor.org/rfc/rfc2633 S/MIME Version 3 Message Specification
Ref https://www.rfc-editor.org/rfc/rfc5751 Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2: Message Specification
Ref https://www.rfc-editor.org/rfc/rfc8551 Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0: Message Specification
Ref https://proton.me/support/pgp-mime-pgp-inline
Ref #3833
Ref https://help.nextcloud.com/t/any-plans-to-add-s-mime-support-to-one-of-the-webmail-apps/59061
@ChristophWurst ChristophWurst changed the title Support S/MIME S/MIME support Aug 25, 2022
@ChristophWurst ChristophWurst self-assigned this Aug 25, 2022
@ChristophWurst ChristophWurst moved this to 🧭 Planning evaluation (dont pick) in 💌 📅 👥 Groupware team Aug 26, 2022
@ChristophWurst
Copy link
Member Author

Right now the app supports inline encryption with the help of Mailvelope. This covers the PGP/INLINE standard.

If mailvelope/mailvelope#342 ever happens we could get S/MIME support through Mailvelope. Right now it doesn't look like that will happen although Mailvelope can use GnuPG as a backend (mailvelope/mailvelope#238 (comment)) and gpgsm could be accessed in theory.

@ChristophWurst ChristophWurst removed their assignment Nov 24, 2022
@ChristophWurst ChristophWurst moved this from 🧭 Planning evaluation (dont pick) to 📄 To do (~10 entries) in 💌 📅 👥 Groupware team Nov 24, 2022
This was referenced Nov 24, 2022
Closed
Closed
Closed
Closed
Closed
@ChristophWurst ChristophWurst added skill:backend Issues and PRs that require backend development skills skill:frontend Issues and PRs that require JavaScript/Vue/styling development skills labels Nov 30, 2022
@ChristophWurst ChristophWurst mentioned this issue Dec 14, 2022
Open
1 task
@ChristophWurst
Copy link
Member Author

It's done

@github-project-automation github-project-automation bot moved this from 📄 To do (~10 entries) to ☑️ Done in 💌 📅 👥 Groupware team Feb 27, 2023
@ChristophWurst ChristophWurst mentioned this issue Jul 7, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2. developing enhancement skill:backend Issues and PRs that require backend development skills skill:frontend Issues and PRs that require JavaScript/Vue/styling development skills
Projects
💌 📅 👥 Groupware team
Archived in project
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ChristophWurst