Roundcube Webmail 1.2.0 released with PGP support

I came here to comment about this. Rainloop is amazing.

It also has some extra security features for the end user. For instance, you can tell Rainloop to proxy images from the email and serve them to you instead of your browser getting them from a remote source. It's amazing because you get faster load times and don't leak your desktop IP, only whatever server your running Rainloop on.

The only thing it's lacking is PGP, which is very sad.

That does look nice, looks like they've come quite a way very quickly too. Still a little put off by the idea of host PHP apps for such critical systems but hats probably my internal bias towards using Ruby/Python/Go.

I'm waiting for Let's Encrypt to start offering S/MIME certificates.

Can you get a free S/MIME certificate? Even if you could, S/MIME leaves you dependent on CA infrastructure that's often state-controlled.

Is S/MIME really that widely used? It seems to be sort of widely deployed, but not necessarily understood or required by users in secure environments.

Thanx for the update, I tweeted them repeatedly, never getting any reply. It looks pretty bad that the last tweet is so old. In the meantime, I've been using Nylas N1 (local mail client) and ownCloud mail (webmail), both have become pretty good!

I may be wrong (and hope to be corrected!), but I think that End-to-End is never expected to be in the Chrome Web Store. I think they feel that this kind of encryption is too complicated for the average user. It's intended more for "power users" who already know that they want it.

As far as I understood Mailpile is a mail user agent, so not comparable. Roundcube runs on a server, Mailpile runs on your own computer.

I will be doing that as soon the 1.0 release is out and available as a debian package. Any idea how stable the current beta version is?

Encryption is also supported via a browser plugin, so it's not necessary to upload the private key to the server. Regarding your questions: 1) yes, you can revoke the key by generating a revocation certificate and publishing it on a public keyserver (of course, your correspondents would need to refresh the public key from the keyserver to know it was revoked, which is something they might not do); 2) sent and received messages from the past, unfortunately, are readable by the person who is in possession of the private key, if such key is not protected by a strong password; 3) yes, you still need the old private key to read the old messages; 4) you can generate a master key (to be kept strictly offline) and several, frequently rotating subkeys for encryption purposes. It's not a silver bullet solution (in the sense that a thief would still have access to all your subkeys, meaning he could read all your messages up to the point the keys are stolen, but it mitigates the damage somehow). See here: https://alexcabal.com/creating-the-perfect-gpg-keypair

Yes, you can revoke the key and publish the revocation. This means that it will be flagged as revoked in the server keys and assuming that senders keep their GPG keybase up to date with server keys, they'll get a warning that this key is out of date. All e-mails already encrypted with the key can still be decrypted though.

As for the second part of your post, you're probably asking about this:

https://alexcabal.com/creating-the-perfect-gpg-keypair/

If you generated a revocation certificate, yes, you can revoke it. Otherwise no. The private key is protected (should be) by a password, so even in the event it gets compromised it should be OK.

Encrypted messages from the past are unreadable, unless you have the private key. No private "master" that I know of.

If you don't use the browser extension you would probably only want to use this feature if you control that Roundcube instance yourself because yes if you upload it to the server and your key gets lost all past and future communication with that key is only as secure as your keys password.

You don't have to upload the key. It also supports the mailvelope browser extension.

Actually I think it means support for browser plugins that will handle the PGP part.

You're right. Before any integration of a server-side PGP key like this, they ought to have deployed some basic hygiene like a strict Content Security Policy (CSP) and a better sanitization library like HTMLpurifier. I don't trust webmail software, and definitely not PHP webmail software, to hold my keys for me otherwise.

What about the various RCE bugs, do those not worry you?

How about OWA? Despite requiring windows, it's a pretty solid product.

Zimbra works remarkably well.

There are extensions that do this. A standardized interface between site and browser-managed crypto is what's really needed though.

Hmmm... They give out an option of PHP or .NET, not sure I'd really like to run either of those?