Gnu PGP support? about nylas-mail HOT 35 CLOSED

👍

I'm guessing this will take some effort. But this is a great idea for a plugin!

from nylas-mail.

I'd love to contribute with such plugin. Using https://github.com/openpgpjs/openpgpjs should be quite straightforward I believe.

from nylas-mail.

Or just straight up GnuPG which is what GPG tools (https://gpgtools.org/) uses for their Apple Mail extension. Since Nylas is a desktop app, you don't need to work within the confines of a browser.

from nylas-mail.

👍

from nylas-mail.

👍

I also agree with @dmvaldman that N1 should rather use the underlying GPG implementation instead of a new one.

from nylas-mail.

I agree with using a battle-tested implementation is the way to go... My point on suggesting openpgpjs was more related to cross-platform.

from nylas-mail.

Hey folks—this is a great idea. It's definitely the kind of thing we'd like to see implemented as a plugin. I'm not sure how the PGP extension for Mac Mail works, but something similar should work in N1 because we have access to the filesystem, can run shell commands, etc. I've added this to the plugin ideas section of our public Trello board: https://trello.com/b/hxsqB6vx/n1-open-source-roadmap. Feel free to hop on our community Slack channel if you'd like to try building the plugin, or upvote the card on Trello!

from nylas-mail.

Just another idea along the same vein would be to add keybase.io support for public/private key for the user, and public key lookup for contacts.

from nylas-mail.

@whitj00 I am not part of nylas but I think that the +1 won't affect the plan here. That's why the issue was closed. So you would rather have to make your +1 on the referenced trello link.

@tracker1 I would say getting keys from keyservers is another issue and doesn't have to be part of the initial implementation. Especially because some native GPG frontends have support for keyservers anyway.

from nylas-mail.

+1

from nylas-mail.

I'm trying to PGP support to Nylas.

It's definitely the kind of thing we'd like to see implemented as a plugin.

I'll do as much as I can within the plugin system, but I'll probably have to modify it my fork of N1 in deeper ways.

There are a some challenges that make encryption hard to just layer on as a plugin:

• You don't want to save drafts unencrypted
• You don't want to upload attachments unencrypted
• Doing it right requires integration in a lot of places. A row in the inbox should a lock icon if it's an encrypted mail. The Send button should show a lock icon when all recipients have keys. The Compose screen needs to help the user find keys for recipients, looking them up in Keybase. A lot of screens require hooks to transparently decrypt and verify mail.

There are additional challenges that make it hard for N1 in particular:

• N1 currently delegates search to the Sync Engine API. For a PGP client, search has to be on the client.
• N1 assumes that the Sync Engine has access to plaintext in a few other places, for example for the inbox preview snippets.

from nylas-mail.

I am working on this. @dcposch thank you for the goals I should be working on.

from nylas-mail.

My package is live https://github.com/mbilker/email-pgp

from nylas-mail.

@mbilker Is this a fork or plugin? ooor?

from nylas-mail.

@teamcoltra no, it is a N1 plugin.

from nylas-mail.

Whatever the solution, encrypting should be seriously considered from the UI point of view (take a look at Mailpile). It should be part of the base design. The user should have a way to know which of his contacts can decrypt messages and the system should automatically encrypt every message sent to them without asking. For instance.

from nylas-mail.

@sicofante I could add a option to encrypt every outgoing message, and how to encrypt the message. Whether its straight encrypt where you need the private key to read the email or a signed message to verify the message comes from the owner.

I am working on decoding the Keybase sig chain to verify the user's tracked users. Because the tracked users are based upon an encrypted message using the public key, I can verify the signature matches the locally stored public key from the user with gpg --verify <message file name>. Figuring out how to do that in openpgp.js is hard.

from nylas-mail.

@sicofante Here is my preferences tab as it stands:

from nylas-mail.

I'm afraid I don't quite understand the technical explanations you have given, but if you can achieve what I propose, it would encourage the use of PGP, which should be a primary goal of Nylas N1. Thanks for your work.

from nylas-mail.

Currently the encryption aspect is implemented, but I need to implement decryption with proper storage for private/secret keys. I also need to find a way to handle quoted previous emails.

from nylas-mail.

Hi,

First of all thank you for your efforts to integrate this functionality. However, I used Enigmail and I did not feel that he was storing the key (just the password for a defined period). It is not possible to do something similar here?

from nylas-mail.

I haven't used Enigmail myself, but all I've read is it's not trivial to use. A solution that's not straightforward (think Signal for Android or Mailpile for e-mail) and works only for geeks is not good.

from nylas-mail.

I have not found that Enigmail was difficult to use, but if you have read that it was the opposite I understand.

from nylas-mail.

It won't be difficult for you or for me, but for ordinary users the process should be transparent. If I send an email to someone who uses PGP, that message should be automatically and transparently encrypted. If not, the message should not be encrypted. I should never see any non-decrypted text. No gibberish in sight. Ever. Zero configuration, or almost. That's what Signal offers for encrypted communications in Android.

Make it easy to tell secure messages from ordinary ones, make it easy to invite your friends, family and colleagues to use this new e-mail privacy-minded service and you'll have a hit.

Ask users to go through steps to encrypt a message and [almost] nobody will use it. Exactly what happens today with Enigmail.

EDIT: I assume this transparency would be much more easily achieved if the Nylas framework took care of it, not [just] the client. I'm disappointed that Nylas Inc. hasn't taken encryption, privacy and security seriously enough.

from nylas-mail.

Currently the steps to encrypt an email with my plugin: Create email -> Click Encrypt -> Type User's Keybase name -> Click Submit -> Message is Encrypted shortly thereafter -> Send Email

from nylas-mail.

My task right now is to decode the sig chain to pull out tracking users to eliminate typing a user's keybase name.

I am not an algorithms person, so I will need to find some algorithm that takes the tracked users and the most recently used usernames to compile a list to make the selection process quicker. I may even allow binding of emails to usernames, since keybase doesn't provide a way to search by email to user (for obvious privacy reasons).

from nylas-mail.

Hmm. I will continue to use #19 (this issue) as the primary issue to address any concerns regarding PGP in N1.

from nylas-mail.

Could someone who uses any kind of PGP send a PGP encrypted email to [email protected] with the public key (fingerprint: 69AD F8AE B6C8 B5D1):

EDIT: Public key hosted at https://gist.github.com/mbilker/0d11b766dc8f9f205e8e or https://keybase.io/mbilker/key.asc

from nylas-mail.

I need to get a grasp how the PGP emails appear in N1. From what I saw in the screenshots for GPGTools, there are 2 attachments. The first attachment is a dummy, but it has a MIME type set. The second attachment is the actual encrypted message, with the file extension being .asc dictating its a PGP encrypted message.

from nylas-mail.

I'll set up an account to help you. Give me a few hours.

from nylas-mail.

What's the state of Gnu PGP support and why is the issue closed?

from nylas-mail.

@nickolai people are opening GPG/PGP tickets all the time (#19, #65, #96, #432). But as you can see in this ticket there is a reference from/to a tickets that is still open.

So the ticket currently handling GPG/PGP is #96, although people seem to talk in parallel anyway.

PS: If you want to vote on the official trello board, you can do it here.

from nylas-mail.

@nickolai The issue has been solved with https://github.com/mbilker/email-pgp

from nylas-mail.

@willricketts Still in development. I slowed down development because of school work.

from nylas-mail.

I moved this conversation to #96

from nylas-mail.