Mailvelope integration (PGP encryption)

The most valuable feature of incoming Roundcube 1.2 release is PGP encryption support. There are two independent solutions for this, Enigma plugin and Mailvelope. In this article I’ll describe what we achived with Mailvelope. The integration code was mostly written by Thomas Brüderli and only slightly improved/fixed by me.

It looks like Mailvelope is the best (if not only) solution for encryption in a web browser. It’s based on OpenPGP.js that is an implementation of PGP encryption in JavaScript. Mailvelope is distributed as Chrome and Firefox extensions. It supports some email services like GMail, it also provides an API for programmers. And this is the way we decided to integrate it with Roundcube.

Mailvelope installation

For more info goto Mailvelope documentation. To have it working with Roundcube you have to install the extension in your browser, then goto your Roundcube webmail and using Mailvelope “Add” button add your page to list of mail providers. One last required step is to enable API use on the provider edit page.

Compose an encrypted message

If Roundcube detects enabled Mailvelope, new button will appear in compose toolbar. It may be disabled in HTML mode, so switch to plain text. If you click it Mailvelope frame will appear. There you can write your message and add attachments. As you notice on the screenshot some features are disabled. Unfortunately, at the moment we can do much more with the Mailvelope textarea. Note: to send an encrypted message you first have to import/generate a private key in Mailvelope settings.

Figure 1. Message compose screen with enabled encryption frame.
mailvelope_compose

When you try to send a mail to an address for which no public key was found in the Mailvelope database (keyring), you will be provided with possibility to search public key servers and import the keys.

Figure 2. Key search result in compose.
mailvelope_compose_keyserver

Preview an encrypted message

Also in a message preview Mailvelope will add its frame containing decrypted text and attachments. You’ll be prompted for a key passphrase when needed.

Figure 3. Encrypted message preview.
mailvelope_preview

Summary

Unfortunately this is way from being complete. The Mailvelope API is very limited at the moment. It does not support signing and signature verification. Access to the encryption frame is limited. There are also some bugs. Currently you can only send and receive simple encrypted messages (attachments are supported).

You can track progress and read about the issues in this ticket.

Advertisements

One thought on “Mailvelope integration (PGP encryption)

Comments are closed.