[dev] Automatic S/MIME encryption

jnaegele at grierforensics.com jnaegele at grierforensics.com
Tue Mar 7 22:53:34 UTC 2017 

Quoting Joseph Naegele <jnaegele at grierforensics.com>:

> Hi folks,
>
> I submitted an initial patch for automatic S/MIME encryption in IMP for
> enhancement #12736 (https://bugs.horde.org/ticket/12736). Thanks to Jan
> for replying and approving. I figured I'd move the discussion here since I
> have questions about how to implement the remaining necessary
> functionality.
>
> Automatically checking if we have public keys for all intended recipients
> is easy. Now I need to notify the user when encryption can't be performed
> for all recipients. The suggested methods are:
>
> 1. Display a warning message (OK/Cancel) if not all public keys are found
>
> 2. Connect autocompleter with public key lookup in order to show a lock
> icon in recipient bubble when a key is found
>
> I'm not sure where to start on either. I looked briefly at the
> autocompleter code and decided it may be easier to notify the user with a
> message. I haven't figured out how to do this from Compose.php however. My
> hope was to find a way to use a JS alert, similar to the compose
> onbeforeunload handler that asks "Are you sure you want to do this" when
> you close the window.
>
> I'm sure this isn't too difficult but any tips would be appreciated (or if
> anyone with more knowledge has time to implement, please do!).
>
> Thanks!
>
> -- 
> Joe Naegele
> Grier Forensics
> -- 
> dev mailing list
> Frequently Asked Questions: http://wiki.horde.org/FAQ
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org

Hi all,

I want to point out once more that we at Grier Forensics will soon  
release a plugin for Horde IMP that enables users to send and receive  
S/MIME emails without prior exchange of keys. The plugin is part of a  
suite of tools called Great DANE, and utilizes DANE SMIMEA for  
automatic S/MIME certificate retrieval.

The Horde plugin is now on Github here:  
https://github.com/grierforensics/Great-DANE-Horde-Webmail. It's not  
up to date with Horde's master branch, but it's trivial to update it.  
We would love to see these features become part of Horde Webmail. At a  
minimum, automatic encryption would be a great feature to have. I've  
provided the initial portion of the patch here:  
https://bugs.horde.org/ticket/12736.

After investigating the Horde/IMP codebase it's still unclear to me  
how to implement the additional requested feature of notifying the  
user when encryption can't be performed for all recipients. It appears  
to be very difficult to integrate S/MIME functionality with the  
autocompleter, or to alternatively prevent sending and notify the user  
after they send a message. It would be very helpful if someone could  
point me in the right direction.

Thanks!

--
Joe Naegele
Grier Forensics

More information about the dev mailing list