首頁 探索 說明
登入
mirrors
/
mailcow-dockerized
镜像来自 https://github.com/mailcow/mailcow-dockerized
2
0
複刻 0
Files 問題管理 0 Wiki
目錄樹: 0eb932b3ab
分支列表 標籤列表
mailcow-dockeri...
/
data
/
web
/
rc
/
plugins
/
enigma
/
README

README 2.4 KB
文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. Enigma Plugin for Roundcube
    2. 

  2. 

  3. This plugin adds support for viewing and sending of signed and encrypted
    4. 

  4. messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format.
    5. 

  5. 

  6. The plugin uses gpg binary on the server and stores all keys
    7. 

  7. (including private keys of the users) on the server.
    8. 

  8. Encryption/decryption is done server-side. So, this plugin
    9. 

  9. is for users that trust the server.
    10. 

  10. 

  11. 

  12. Implemented features:
    13. 

  13. ---------------------
    14. 

  14. + PGP: signatures verification
    15. 

  15. + PGP: messages decryption
    16. 

  16. + PGP: Sending of encrypted/signed messages
    17. 

  17. + PGP: keys management UI (key import, export, delete)
    18. 

  18. + PGP: key generation (client- or server-side)
    19. 

  19. + Handling of PGP keys attached to incoming messages
    20. 

  20. + User preferences to disable plugin features
    21. 

  21. + Attaching public keys to email
    22. 

  22. + Key server(s) support (search, import)
    23. 

  23. 

  24. 

  25. TODO:
    26. 

  26. -----
    27. 

  27. - Handling of big messages with temp files (? - security)
    28. 

  28. - Key info in contact details page (optional)
    29. 

  29. - Extended key management:
    30. 

  30.    - disable,
    31. 

  31.    - revoke,
    32. 

  32.    - change expiration date, change passphrase, add photo,
    33. 

  33.    - manage user IDs
    34. 

  34.    - export private keys
    35. 

  35. - Generate revocation certs
    36. 

  36. - Search filter to see invalid/expired keys
    37. 

  37. - Key server(s) support (upload, refresh)
    38. 

  38. - Mark keys as trusted/untrasted, display appropriate message in verify/decrypt status
    39. 

  39. - Support for multi-server installations (store keys in sql database? probably impossible with GnuPG 2.1)
    40. 

  40. - Performance improvements:
    41. 

  41.    - cache decrypted message key id so we can skip decryption if we have no password in session
    42. 

  42.    - cache (last or successful only?) sig verification status to not verify on every msg preview (optional)
    43. 

  43. - S/MIME: Certs generation (?)
    44. 

  44. - S/MIME: Certs management
    45. 

  45. - S/MIME: signed messages verification
    46. 

  46. - S/MIME: encrypted messages decryption
    47. 

  47. - S/MIME: Sending signed/encrypted messages
    48. 

  48. - S/MIME: Handling of certs attached to incoming messages
    49. 

  49. - S/MIME: Certificate info in Contacts details page (optional)
    50. 

  50. 

  51. 

  52. KNOWN ISSUES:
    53. 

  53. -------------
    54. 

  54. There are some known issues with accepting key passphrases on various
    55. 

  55. system configurations. This is caused by issues in PinEntry handling.
    56. 

  56. Make sure that vendor/bin/crypt-gpg-pinentry works from command line.
    57. 

  57. 

  58. Possible reasons:
    59. 

  59. - non-working loader in shebang (#! /usr/bin/env php)
    60. 

  60.   Make sure it works for the user the php scripts are executed upon
    61. 

  61.   (i.e. apache, www-date, etc.)
    62. 

  62. 

  63. Note: pinentry is used with gpg >= 2.0 and <= 2.1.12.
    64. 

  64. Note: for server use GnuPG developers still recommend version 1.4.
    65.