[dev] Automatic S/MIME encryption
jnaegele at grierforensics.com
jnaegele at grierforensics.com
Mon Mar 13 21:14:30 UTC 2017
Quoting Jan Schneider <jan at horde.org>:
> Zitat von jnaegele at grierforensics.com:
>
>> Quoting Joseph Naegele <jnaegele at grierforensics.com>:
>>
>>> Hi folks,
>>>
>>> I submitted an initial patch for automatic S/MIME encryption in IMP for
>>> enhancement #12736 (https://bugs.horde.org/ticket/12736). Thanks to Jan
>>> for replying and approving. I figured I'd move the discussion here
>
> since I
>>> have questions about how to implement the remaining necessary
>>> functionality.
>>>
>>> Automatically checking if we have public keys for all intended
>
> recipients
>>> is easy. Now I need to notify the user when encryption can't be
>
> performed
>>> for all recipients. The suggested methods are:
>>>
>>> 1. Display a warning message (OK/Cancel) if not all public keys are
>
> found
>>> 2. Connect autocompleter with public key lookup in order to show a lock
>>> icon in recipient bubble when a key is found
>>>
>>> I'm not sure where to start on either. I looked briefly at the
>>> autocompleter code and decided it may be easier to notify the user with
>
> a
>>> message. I haven't figured out how to do this from Compose.php however.
>
> My
>>> hope was to find a way to use a JS alert, similar to the compose
>>> onbeforeunload handler that asks "Are you sure you want to do this"
>
> when
>>> you close the window.
>>>
>>> I'm sure this isn't too difficult but any tips would be appreciated (or
>
> if
>>> anyone with more knowledge has time to implement, please do!).
>>>
>>> Thanks!
>>>
>>> --
>>> Joe Naegele
>>> Grier Forensics
>>> --
>>> dev mailing list
>>> Frequently Asked Questions: http://wiki.horde.org/FAQ
>>> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
>>
>> Hi all,
>>
>> I want to point out once more that we at Grier Forensics will soon
>> release a plugin for Horde IMP that enables users to send and
>> receive S/MIME emails without prior exchange of keys. The plugin is
>> part of a suite of tools called Great DANE, and utilizes DANE
>> SMIMEA for automatic S/MIME certificate retrieval.
>>
>> The Horde plugin is now on Github here:
>> https://github.com/grierforensics/Great-DANE-Horde-Webmail. It's
>> not up to date with Horde's master branch, but it's trivial to
>> update it. We would love to see these features become part of Horde
>> Webmail. At a minimum, automatic encryption would be a great
>> feature to have. I've provided the initial portion of the patch
>> here: https://bugs.horde.org/ticket/12736.
>>
>> After investigating the Horde/IMP codebase it's still unclear to me
>> how to implement the additional requested feature of notifying the
>> user when encryption can't be performed for all recipients. It
>> appears to be very difficult to integrate S/MIME functionality with
>> the autocompleter, or to alternatively prevent sending and notify
>> the user after they send a message. It would be very helpful if
>> someone could point me in the right direction.
>
> Amending the autocompleter to include new icons is indeed not an easy
> task.
>
> For a starter how to implement the notification instead, look at the
> (and grep for it in the code) "attach_body_check" hook in IMP. This
> checks for certain words in the message body, and displays a warning
> if you try to send such a message. You can still send the message if
> you hit the Send button a second time. This is probably exactly the
> same behavior that you are looking for, just that you would be
> checking for recpients' certs instead.
>
> --
> Jan Schneider
> The Horde Project
> https://www.horde.org/
>
> --
> dev mailing list
> Frequently Asked Questions: http://wiki.horde.org/FAQTo unsubscribe,
> mail: dev-unsubscribe at lists.horde.org
That was very helpful, thanks. I posted an updated patch that provides
all the discussed functionality for automatic S/MIME encryption
(https://bugs.horde.org/ticket/12736).
Thanks again,
Joe Naegele
Grier Forensics
More information about the dev
mailing list