[dev] Automatic S/MIME encryption

Fri Mar 10 16:46:02 UTC 2017

Zitat von jnaegele at grierforensics.com:

> Quoting Joseph Naegele <jnaegele at grierforensics.com>:
>
>> Hi folks,
>>
>> I submitted an initial patch for automatic S/MIME encryption in IMP for
>> enhancement #12736 (https://bugs.horde.org/ticket/12736). Thanks to Jan
>> for replying and approving. I figured I'd move the discussion here since I
>> have questions about how to implement the remaining necessary
>> functionality.
>>
>> Automatically checking if we have public keys for all intended recipients
>> is easy. Now I need to notify the user when encryption can't be performed
>> for all recipients. The suggested methods are:
>>
>> 1. Display a warning message (OK/Cancel) if not all public keys are found
>>
>> 2. Connect autocompleter with public key lookup in order to show a lock
>> icon in recipient bubble when a key is found
>>
>> I'm not sure where to start on either. I looked briefly at the
>> autocompleter code and decided it may be easier to notify the user with a
>> message. I haven't figured out how to do this from Compose.php however. My
>> hope was to find a way to use a JS alert, similar to the compose
>> onbeforeunload handler that asks "Are you sure you want to do this" when
>> you close the window.
>>
>> I'm sure this isn't too difficult but any tips would be appreciated (or if
>> anyone with more knowledge has time to implement, please do!).
>>
>> Thanks!
>>
>> -- 
>> Joe Naegele
>> Grier Forensics
>> -- 
>> dev mailing list
>> Frequently Asked Questions: http://wiki.horde.org/FAQ
>> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
>
> Hi all,
>
> I want to point out once more that we at Grier Forensics will soon  
> release a plugin for Horde IMP that enables users to send and  
> receive S/MIME emails without prior exchange of keys. The plugin is  
> part of a suite of tools called Great DANE, and utilizes DANE SMIMEA  
> for automatic S/MIME certificate retrieval.
>
> The Horde plugin is now on Github here:  
> https://github.com/grierforensics/Great-DANE-Horde-Webmail. It's not  
> up to date with Horde's master branch, but it's trivial to update  
> it. We would love to see these features become part of Horde  
> Webmail. At a minimum, automatic encryption would be a great feature  
> to have. I've provided the initial portion of the patch here:  
> https://bugs.horde.org/ticket/12736.
>
> After investigating the Horde/IMP codebase it's still unclear to me  
> how to implement the additional requested feature of notifying the  
> user when encryption can't be performed for all recipients. It  
> appears to be very difficult to integrate S/MIME functionality with  
> the autocompleter, or to alternatively prevent sending and notify  
> the user after they send a message. It would be very helpful if  
> someone could point me in the right direction.

Amending the autocompleter to include new icons is indeed not an easy task.

For a starter how to implement the notification instead, look at the  
(and grep for it in the code) "attach_body_check" hook in IMP. This  
checks for certain words in the message body, and displays a warning  
if you try to send such a message. You can still send the message if  
you hit the Send button a second time. This is probably exactly the  
same behavior that you are looking for, just that you would be  
checking for recpients' certs instead.

-- 
Jan Schneider
The Horde Project
https://www.horde.org/