Ask / Submit
457

GPG for email (and other stuff?)

asked 2013-12-25 04:13:29 +0300

nander gravatar image

updated 2013-12-25 21:26:40 +0300

ortylp gravatar image

Hi,

It would be pretty nice to have gpg (gnu version of pgp) support on the jolla mail client. Security is vital these days..

edit retag flag offensive close delete

Comments

3
1

Any update on this ? Its a very necessary feature.

pavi ( 2015-01-08 21:37:20 +0300 )edit
7

Sorry upfront if i go to much off-topic as this is not an answere. BUT the guy behind GnuPG /GPG (Werner Koch) seems to need public help as there was a donation call today. Just wanted to make you all aware of the situation. Well, implementing GPG into Sailfish is onething we all want, but what if there is no maintained GPG in a whole anymore? http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke

[Edit:] thanks to the propublica article and hacker news coverage and probably other publications, there was a lot of donation money coming in. Very well deserved. Glad this happened!

mosen ( 2015-02-06 12:25:51 +0300 )edit
1

Yes I even heard that he was asking donations for the project. This is very important for the future of email encryption and other hand Dear Dear Sailfish OS a graphical support in the phone would really bring all those GNU/Linux users to buy a Jolla phone instead of android.

pavi ( 2015-02-06 21:49:47 +0300 )edit
4

"Update, Feb. 5, 2015, 8:10 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Koch’s project."

chemist ( 2015-02-10 14:01:46 +0300 )edit

12 Answers

Sort by » oldest newest most voted
44

answered 2013-12-25 04:14:58 +0300

chemist gravatar image

updated 2015-01-21 02:14:25 +0300

was said to be in the making with securing the whole device (IRC comments)

update 2015/01: as of now this kind of feature has yet to come, hopes up that SailfishOS 2.0 drives the security bits a step forward, device encryption is roadmap'ed now fingers crossed this will be included too

edit flag offensive delete publish link more

Comments

9

i would like to have logs or timestamps regarding these talks, so i can reread them... too bad i missed those :-(

AL13N ( 2013-12-26 01:15:19 +0300 )edit

Is there a status on the progress?

Blizzz ( 2014-03-19 18:19:55 +0300 )edit
8

What about making the mail app extensible with plugins? Then community could jump in and help building this.

schmittlauch ( 2014-05-05 18:04:17 +0300 )edit

I agree with @schmittlauch . The community is more then willing to contribute on this, so the more you open up your stuff (either through code or plugin support), the more featureful Sailfish becomes!

hobarrera ( 2015-02-06 14:03:08 +0300 )edit
29

answered 2014-02-19 01:29:29 +0300

00prometheus gravatar image

updated 2015-03-11 00:54:23 +0300

A feature I consider important: GPG-support for Draft email. Thunderbird Enigmail supports this, and it gives a very useful feature. Many already use email to themselves as reminders. Using Drafts is almost the same, but with an added feature: The message stays editable, and automatically synchronizes between all your machines! So for note taking and other stuff that isn't really attention seeking, just notes for the future, Draft email is best. And best of all is encrypted Draft email:

Now you can store all your passwords in a completely secure way that is future compatible!

All these various safe-keeping apps and programs for storing passwords are incompatible with each other. An encrypted Draft email is secure and readable on any machine that can access IMAP and decode PGP. That combination will still be around for the next 20 years, at least, on most machines you can find.

Oh, and it gives you a use for GPG on your own, even if you don't have anyone with PGP to send email to, so that we might finally get the critical mass PGP needs!

So, I want built-in GPG encryption in the email app, including optional encrypt-with-your-own-public-key when saving in Drafts. K9 unfortunately does not support gpg encrypted drafts, however the Android e-mail program r2mail2 does. It is what I currently use, but unfortunately it is a payed app (though just 5 dollars) and is not open-source.

edit flag offensive delete publish link more

Comments

2

I will wait for BUILD IN PGP, CalDav and WebDav. We would like to move from Adroid away with our business phones. Workarounds are not stable enough and often breaks after updates.

poddl ( 2014-05-07 11:09:35 +0300 )edit

Sounds good. Universal encryption (GPG) which is compatible with different devices and operating systems.

Jolla095 ( 2014-06-04 07:04:11 +0300 )edit
3

Having drafts encrypted is really good and if they are not, it would be good to configure email client to store drafts locally.

That said, email is no place for storing passwords. Please do not use email as password storage, encrypted or not. Password managers may be incompatible with each other but the solution is to make them compatible, or export information to another manager. Certainly not switching to draft emails.

vmaatta ( 2014-12-23 23:48:07 +0300 )edit
1

I don't see why not? GPG is about as strong encryption as you can get, and all encryption/decryption takes place on the local machine. With any good GPG email integration, the decrypted message will never be saved to disk, and obviously will never be uploaded unencrypted to the server. Good GPG integrations take encryption very seriously: some uses of GPG are for situations much more dangerous than just loosing your credit card number! From this point of view, IMAP is simply a cloud file storage with well working synchronization and vast platform support.

00prometheus ( 2015-01-27 19:34:37 +0300 )edit
1

It is simply the wrong tool for the purpose. One reason is just given above, K9's lack of support for draft emails. One needs to actually be aware of such an implementation detail in a client application to be able to avoid it. Another simple reason is that the purpose of email is to send and receive mail, not to store changing documents to self. It only takes one simple 'oops' and you've emailed a password or even the whole collection of passwords somewhere it should not have been sent.

From a protocol point of view IMAP is close to a folder structure synchronised across locations. It's purpose is to serve email but it is possible to use it for other purposes, yes. It is possible to make an actual password manager that utilises IMAP as a storage / transfer protocol. Draft emails are not that implementation.

GPG is one of the best general purpose encryption tools there are. I use it every single day. That doesn't mean use of GPG magically makes something a good idea.

If you are intent on using your own manual management for passwords you can do it just as well outside the email client. You can use GPG for encryption and any number of solutions for synchronisation such as 'vcsh' over 'git' or something.

There are advantages to password managers that simply can't be had with the manual method:

  • Strong password generation.
  • Automatic single-purpose / single-site passwords.
  • Site matching and auto-login
  • Auto-fill outside browsers for some managers
  • Synchronisation of password database*

    • *Meaning in a way that is secure and appropriate. I would not advocate for some cloud service but instead local storage and syncing in a secure manner that you can control such as direct local network / WIFI sync.
vmaatta ( 2015-01-27 22:16:31 +0300 )edit
19

answered 2014-06-08 15:17:13 +0300

inte gravatar image

updated 2014-06-12 22:42:30 +0300

I just uploaded Mutt, KRB5 and Cyrus-SASL rpms to Openrepos.net: https://openrepos.net/content/inte/mutt-e-mail-client

For GPG-support you will need pinentry which I uploaded to here: https://openrepos.net/content/inte/gnupg-pinentry

It is recommended to run gpg-agent to store the gpg-password. I made a wrapper script for gpg-agent with launcher icon for mutt here: https://openrepos.net/content/inte/mutt-sailfish-gpg-wrapper

The muttrc builder is very helpful to create a mutt configuration file: http://muttrcbuilder.org/

Feel free to play around with it.

edit flag offensive delete publish link more

Comments

icecold upload!

Larswad ( 2014-09-03 14:31:45 +0300 )edit

sorry for bothering, but did you compile it with support for header caching? It doesn't understand the header_cache variable (I use IMAP).

Larswad ( 2014-09-03 16:16:35 +0300 )edit

Hi, I don't have my phone at present but why don't you check for yourself? mutt -v displays configuration and compiler options... It might be a solution to use mutt together with either fetchmail or offlineimap if you need to access large mailboxes, though.

inte ( 2014-09-03 16:58:58 +0300 )edit

Thanks for quick answer (didn't know it would burp out the configure options as well), and yes here it is:

-USE_HCACHE All other configure options are given so I guess I could compile it myself (unless you did something special for sailfish). But, it would be nice if whenever you get the time, you could add that option and rebuild since it is convenient to have it available as it is now on openrepos. Unless that option doesn't bloat it down or something like that. Never used those offline utilities, but I will considier it of course. I liked mutt instantly when I got it configured.

Larswad ( 2014-09-03 17:24:22 +0300 )edit

I can't get this installed. It requires gpgme it says!

NikosAlexandris ( 2015-11-29 18:01:38 +0300 )edit
15

answered 2017-01-30 15:43:18 +0300

Hello,

Since the email handling in SailfishOS is open source and since some versions, the email client exposes its proprietary QML files for patching, I've decided to try to implement the GPG signing capabilities into the client. Everything is visible in the Mer gitlab. The job was quite long (started last spring), or I am too slow, but it is possible now to sign mails and verify received signatures.

This is still in an early stage but it can be tested. Details are available in a Gitlab issue. Basically, the signing verification works out of the box. The signing action requires to run a parallel application for pinentry because I've not yet included the pinentry into Lipstick. In addition the signing action is currently blocking, so not very user friendly.

I'm waiting for feedback now on the implementation decisions before submitting MR upstream. Feel free to participate also.

In a not too far future, the encryption should be possible also for less work.

edit flag offensive delete publish link more
14

answered 2014-05-21 17:10:16 +0300

inte gravatar image

And we need smartcard support for Jolla (by either i2c, usbhost or Bluetooth) in order to utilize Gnupg smartcards.

edit flag offensive delete publish link more

Comments

2

a very good idea!

martind ( 2014-05-22 11:49:08 +0300 )edit
6

answered 2014-01-13 21:41:37 +0300

jukey gravatar image

As a workaround you can do the following:

  1. Install F-Droid, the OSS Android App Store
  2. Install APG
  3. Install K9 Mail

Now you are able to use K9 Mail together with keys generated by APG. You also can use APG to import OpenPGP keys using an USB connection + terminal or SSH to the device. The APG directory is /data/sdcard/APG/

APG also allows to encrypt and decrypt every file accessable within the Android VM on the device.

edit flag offensive delete publish link more

Comments

this solution is mediocre at best, in my experience on regular android devices i had to copy the text to apg to decrypt it and read it there. k9 would crash otherwise. also s/mime isnt supported. and the way attachments are handled is meh (not encrypted).

mlatu ( 2014-03-17 15:12:58 +0300 )edit

There is a better solution via Android now: R2Mail2. However, the full version app costs 5,5 € in the Google Play store, and you have to use this trick to get the license app installed. Name the license app at.rundquadrat.android.r2mail2license-1.apk. The good news is that Inline PGP and PGP/MIME work well (probably S/MIME too, but I haven't tested), and it is able to correctly map Sent, Drafts and Trash to the respective IMAP folders. It claims to support IMAP Idle (push email), though I haven't had time to test fully. Normal and draft mail can be encrypted and read both in R2Mail2 and in Thunderbird/Enigmail.

00prometheus ( 2014-05-11 20:56:41 +0300 )edit

00prometheus: using a proprietary app for encrypted mail? nope thanks. K9mail works fine nowadays and pgp/mime support is on the way, still i would prefer if the jolla mail client would support it

piratenpanda ( 2015-02-09 23:23:54 +0300 )edit

Hi! I have a question to those who use k9: can I get k9 to notify me about incoming mails? The account is connected with IMAP. I use open key chain with it and it works fine. But it doesn't tell me when a new mail comes in :-(

Nessi ( 2015-06-05 19:22:39 +0300 )edit

Solved: it works with “Android notifications”, see http://www.jollausers.com/2015/02/sound-led-and-haptic-feedback-for-android-notifications/

Nessi ( 2015-06-09 15:58:38 +0300 )edit
5

answered 2014-12-05 01:01:41 +0300

hobarrera gravatar image

gpg support would be nice, since it would also allow porting stuff like pass.

Even is the email client needs work, gpg support would help for other apps.

edit flag offensive delete publish link more

Comments

@hobarrera Shouldn't this be a comment instead of an answer?

anandrkris ( 2014-12-05 05:00:40 +0300 )edit

It should be possible to use the Android gpg stuff (eg OpenKeyChain or APG) but there's an issue in AlienDalvik that prevents importing of pre-existing key files. If you try and select the importing option, the dialog only sees image files and won't recognise key files. I was going to add that as a bug report, but I'm thinking it may get flagged as a partial duplicate of this question?

skanky ( 2015-02-06 12:07:15 +0300 )edit
2

answered 2014-10-29 10:11:46 +0300

martind gravatar image

This question is quite on top of the list "Which features do you crave and would like to know its roadmap status on?" ( https://together.jolla.com/question/27207/wiki-which-features-do-you-crave-and-would-like-to-know-its-roadmap-status-on/ ) but has no roadmap status. Can someone of the jolla team tell us if it is on the roadmap or when it will be?

edit flag offensive delete publish link more

Comments

1

No plans for this atm.

VDVsx ( 2014-10-29 15:35:24 +0300 )edit
3

That's a pity.

martind ( 2014-10-30 09:29:59 +0300 )edit
2

answered 2015-02-09 21:18:37 +0300

sm-jolla gravatar image

Maybe a port of this would be a solution https://openrepos.net/content/chrm/cryptmee. I posted this as comment somewhere above. Think it is an answer:)

edit flag offensive delete publish link more

Comments

I agree, looks like a app I (we) really need...

rannari ( 2015-02-10 21:04:07 +0300 )edit

I already asked chrm on TMO but he's got no ressources to do a port :-( - it works perfect on my N9 - if anyone has the skills to port it ...

elastic ( 2015-03-11 00:49:25 +0300 )edit
2

answered 2017-01-23 16:14:09 +0300

mase gravatar image

Mutt isn't the solution. Not nice to use on the phone. GPG must be a native feature of the email client. GPG and OMEMO should also be included in the XMPP client. I do not get it, why most OS's do not include message encryption. That is a MUST!

edit flag offensive delete publish link more

Comments

11

Hello, the email engine is open source and the UI can be easily patched now. I'm working on the GPG signature part for the email. This is quite a work, because there is no infrastructure for GPG in the mail engine nor in SailfishOS (there is no GPG agent that raises a pinentry for instance). Once this work will be finished, adding the encryption part will be easier. You can see advancing and discussions in Gitlab:

Everything is under GPL or free licenses, so feel free to contribute or discuss. I'll post an answer here as soon as I will have something functional (validation is working, but signing requires more work). Of course, everything will be propose upstream.

Damien Caliste ( 2017-01-23 16:59:40 +0300 )edit

Please convert this to an answer!

00prometheus ( 2017-01-25 20:41:29 +0300 )edit
1

I will as soon as there is something to test for advanced users. Yesterday, I've sent two merge requests to upgrade Gnupg2 and libassuan in mer-core because the versions there are not compatible with the available gpgme library and thus signing messages fails. I've upgraded also today my attempt to have a GPG daemon for these new libassuan version and gnupg version.

Up to now, it is working to sign a mail from command line. Remaining tasks are to write a QML list model of available keys (job started) and add the UI in the email app to select a key when composing an email and of course test that mail is sent with signature and signature is valid… So not too far !

Damien Caliste ( 2017-01-26 12:09:42 +0300 )edit
Login/Signup to Answer

Question tools

Follow
87 followers

Stats

Asked: 2013-12-25 04:13:29 +0300

Seen: 7,441 times

Last updated: Jan 30