GPG for email (and other stuff?)
Hi,
It would be pretty nice to have gpg (gnu version of pgp) support on the jolla mail client. Security is vital these days..
Hi,
It would be pretty nice to have gpg (gnu version of pgp) support on the jolla mail client. Security is vital these days..
was said to be in the making with securing the whole device (IRC comments)
update 2015/01: as of now this kind of feature has yet to come, hopes up that SailfishOS 2.0 drives the security bits a step forward, device encryption is roadmap'ed now fingers crossed this will be included too
What about making the mail app extensible with plugins? Then community could jump in and help building this.
schmittlauch ( 2014-05-05 18:04:17 +0200 )editI agree with @schmittlauch . The community is more then willing to contribute on this, so the more you open up your stuff (either through code or plugin support), the more featureful Sailfish becomes!
WhyNotHugo ( 2015-02-06 14:03:08 +0200 )edit"Sailfish 3 has a deeper level of security" but still no PGP encryption for emails :/ https://blog.jolla.com/sailfish3/
baptx ( 2018-11-02 12:02:54 +0200 )editA feature I consider important: GPG-support for Draft email. Thunderbird Enigmail supports this, and it gives a very useful feature. Many already use email to themselves as reminders. Using Drafts is almost the same, but with an added feature: The message stays editable, and automatically synchronizes between all your machines! So for note taking and other stuff that isn't really attention seeking, just notes for the future, Draft email is best. And best of all is encrypted Draft email:
Now you can store all your passwords in a completely secure way that is future compatible!
All these various safe-keeping apps and programs for storing passwords are incompatible with each other. An encrypted Draft email is secure and readable on any machine that can access IMAP and decode PGP. That combination will still be around for the next 20 years, at least, on most machines you can find.
Oh, and it gives you a use for GPG on your own, even if you don't have anyone with PGP to send email to, so that we might finally get the critical mass PGP needs!
So, I want built-in GPG encryption in the email app, including optional encrypt-with-your-own-public-key when saving in Drafts. K9 unfortunately does not support gpg encrypted drafts, however the Android e-mail program r2mail2 does. It is what I currently use, but unfortunately it is a payed app (though just 5 dollars) and is not open-source.
Having drafts encrypted is really good and if they are not, it would be good to configure email client to store drafts locally.
That said, email is no place for storing passwords. Please do not use email as password storage, encrypted or not. Password managers may be incompatible with each other but the solution is to make them compatible, or export information to another manager. Certainly not switching to draft emails.
vmaatta ( 2014-12-23 23:48:07 +0200 )editI don't see why not? GPG is about as strong encryption as you can get, and all encryption/decryption takes place on the local machine. With any good GPG email integration, the decrypted message will never be saved to disk, and obviously will never be uploaded unencrypted to the server. Good GPG integrations take encryption very seriously: some uses of GPG are for situations much more dangerous than just loosing your credit card number! From this point of view, IMAP is simply a cloud file storage with well working synchronization and vast platform support.
00prometheus ( 2015-01-27 19:34:37 +0200 )editIt is simply the wrong tool for the purpose. One reason is just given above, K9's lack of support for draft emails. One needs to actually be aware of such an implementation detail in a client application to be able to avoid it. Another simple reason is that the purpose of email is to send and receive mail, not to store changing documents to self. It only takes one simple 'oops' and you've emailed a password or even the whole collection of passwords somewhere it should not have been sent.
From a protocol point of view IMAP is close to a folder structure synchronised across locations. It's purpose is to serve email but it is possible to use it for other purposes, yes. It is possible to make an actual password manager that utilises IMAP as a storage / transfer protocol. Draft emails are not that implementation.
GPG is one of the best general purpose encryption tools there are. I use it every single day. That doesn't mean use of GPG magically makes something a good idea.
If you are intent on using your own manual management for passwords you can do it just as well outside the email client. You can use GPG for encryption and any number of solutions for synchronisation such as 'vcsh' over 'git' or something.
There are advantages to password managers that simply can't be had with the manual method:
Synchronisation of password database*
2019-06-11: As seen in localisation strings for 3.1.0, the PGP and S/MIME signature handling in email that I contributed will be included in the next version. This will not be in the default image and will require to be installed from command-line. But after installation, everything will be integrated in the UI: like selecting a key to sign outgoing emails in the account setting page, or an item to download a missing public key on e-mail reception. When available, I'm eager to receive feedback on implementation and UI design to go further, like key management or encryption.
Hello,
Since the email handling in SailfishOS is open source and since some versions, the email client exposes its proprietary QML files for patching, I've decided to try to implement the GPG signing capabilities into the client. Everything is visible in the Mer gitlab. The job was quite long (started last spring), or I am too slow, but it is possible now to sign mails and verify received signatures.
This is still in an early stage but it can be tested. Details are available in a Gitlab issue. Basically, the signing verification works out of the box. The signing action requires to run a parallel application for pinentry because I've not yet included the pinentry into Lipstick. In addition the signing action is currently blocking, so not very user friendly.
I'm waiting for feedback now on the implementation decisions before submitting MR upstream. Feel free to participate also.
In a not too far future, the encryption should be possible also for less work.
No, I didn't give up but things are moving slowly. Some of the patches have been accepted upstream already but not all yet.
Damien Caliste ( 2017-12-24 11:04:03 +0200 )editHow can one install the PGP suport from the command-line?
ahappyhuman ( 2019-10-27 14:50:30 +0200 )edit@ahappyhuman, thanks for being interesting in this. @Jaymzz is preparing a blog post to explain the technicalities. In essence, you have to install the following package : jolla-email-crypto-gnupg
from official repositories.
I just uploaded Mutt, KRB5 and Cyrus-SASL rpms to Openrepos.net: https://openrepos.net/content/inte/mutt-e-mail-client
For GPG-support you will need pinentry which I uploaded to here: https://openrepos.net/content/inte/gnupg-pinentry
It is recommended to run gpg-agent to store the gpg-password. I made a wrapper script for gpg-agent with launcher icon for mutt here: https://openrepos.net/content/inte/mutt-sailfish-gpg-wrapper
The muttrc builder is very helpful to create a mutt configuration file: http://muttrcbuilder.org/
Feel free to play around with it.
Thanks for quick answer (didn't know it would burp out the configure options as well), and yes here it is:
-USE_HCACHE All other configure options are given so I guess I could compile it myself (unless you did something special for sailfish). But, it would be nice if whenever you get the time, you could add that option and rebuild since it is convenient to have it available as it is now on openrepos. Unless that option doesn't bloat it down or something like that. Never used those offline utilities, but I will considier it of course. I liked mutt instantly when I got it configured.
Larswad ( 2014-09-03 17:24:22 +0200 )editI can't get this installed. It requires gpgme
it says!
As a workaround you can do the following:
Now you are able to use K9 Mail together with keys generated by APG. You also can use APG to import OpenPGP keys using an USB connection + terminal or SSH to the device. The APG directory is /data/sdcard/APG/
APG also allows to encrypt and decrypt every file accessable within the Android VM on the device.
There is a better solution via Android now: R2Mail2. However, the full version app costs 5,5 € in the Google Play store, and you have to use this trick to get the license app installed. Name the license app at.rundquadrat.android.r2mail2license-1.apk. The good news is that Inline PGP and PGP/MIME work well (probably S/MIME too, but I haven't tested), and it is able to correctly map Sent, Drafts and Trash to the respective IMAP folders. It claims to support IMAP Idle (push email), though I haven't had time to test fully. Normal and draft mail can be encrypted and read both in R2Mail2 and in Thunderbird/Enigmail.
00prometheus ( 2014-05-11 20:56:41 +0200 )edit00prometheus: using a proprietary app for encrypted mail? nope thanks. K9mail works fine nowadays and pgp/mime support is on the way, still i would prefer if the jolla mail client would support it
piratenpanda ( 2015-02-09 23:23:54 +0200 )editSolved: it works with “Android notifications”, see http://www.jollausers.com/2015/02/sound-led-and-haptic-feedback-for-android-notifications/
Nessi ( 2015-06-09 15:58:38 +0200 )editThe new translation strings for 3.1.0 contains mentions of PGP and S/MIME, so it may land in the next Sailfish OS update.
Yes, I just came back from translate.sailfishos.org for missing italian translations and was pleasantly surprised by the new strings.
magullo ( 2019-06-12 08:31:49 +0200 )editgpg support would be nice, since it would also allow porting stuff like pass.
Even is the email client needs work, gpg support would help for other apps.
@hobarrera Shouldn't this be a comment instead of an answer?
anandrkris ( 2014-12-05 05:00:40 +0200 )editIt should be possible to use the Android gpg stuff (eg OpenKeyChain or APG) but there's an issue in AlienDalvik that prevents importing of pre-existing key files. If you try and select the importing option, the dialog only sees image files and won't recognise key files. I was going to add that as a bug report, but I'm thinking it may get flagged as a partial duplicate of this question?
skanky ( 2015-02-06 12:07:15 +0200 )editThis question is quite on top of the list "Which features do you crave and would like to know its roadmap status on?" ( https://together.jolla.com/question/27207/wiki-which-features-do-you-crave-and-would-like-to-know-its-roadmap-status-on/ ) but has no roadmap status. Can someone of the jolla team tell us if it is on the roadmap or when it will be?
Maybe a port of this would be a solution https://openrepos.net/content/chrm/cryptmee. I posted this as comment somewhere above. Think it is an answer:)
Asked: 2013-12-25 04:13:29 +0200
Seen: 10,657 times
Last updated: Jun 11 '19
Related https://together.jolla.com/question/626/smime-support-in-e-mail/
Tanghus ( 2014-04-17 21:42:26 +0200 )editAny update on this ? Its a very necessary feature.
pavi ( 2015-01-08 21:37:20 +0200 )editSorry upfront if i go to much off-topic as this is not an answere. BUT the guy behind GnuPG /GPG (Werner Koch) seems to need public help as there was a donation call today. Just wanted to make you all aware of the situation. Well, implementing GPG into Sailfish is onething we all want, but what if there is no maintained GPG in a whole anymore? http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke
[Edit:] thanks to the propublica article and hacker news coverage and probably other publications, there was a lot of donation money coming in. Very well deserved. Glad this happened!
mosen ( 2015-02-06 12:25:51 +0200 )editYes I even heard that he was asking donations for the project. This is very important for the future of email encryption and other hand Dear Dear Sailfish OS a graphical support in the phone would really bring all those GNU/Linux users to buy a Jolla phone instead of android.
pavi ( 2015-02-06 21:49:47 +0200 )edit"Update, Feb. 5, 2015, 8:10 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Koch’s project."
chemist ( 2015-02-10 14:01:46 +0200 )edit