Our Wish List for Encryption Browser Extensions

PGP encryption is one of the most frequently requested features for Roundcube and for good reasons more and more people start caring about end-to-end encryption in their everyday communication. But unfortunately webmail applications currently can’t fully participate in this game and doing PGP encryption right in web-based applications isn’t a simple task. Although there are ways and even some basic implementations, all of them have their pros and cons. And yet the ultimate solution is still missing.

Browser extensions to the rescue

In our opinion, the way to go is with a browser extension to do the important work and guard the keys. A crucial point is to keep the encryption component under the user’s full control which in the browser and http world can only be provided with a native browser plugin. And the good news is, there are working extensions available today. The most prominent one probably is Mailvelope which detects encrypted message bodies in various webmail applications and also hooks into the message composition to send signed and encrypted email messages with your favorite webmail app. Plus another very promising tool for end-to-end encryption is coming our way: p≡p. A browser extension is at least planned in the longer term. And even Google just started their own project with the recently announced end-to-end Chrome extension.

That’s a good start indeed. However, the encryption capabilities of those extensions only cover the message body but leave out attachments or even pgp/mime messages. Mostly because there extension has limited knowledge about webmail app and there’s no interaction between the web app and the extension. On the other side, the webmail app isn’t aware of the encryption features available in the user’s browser and therefore suppresses certain parts of a message like signatures. A direct interaction between the webmail and the encryption extension could help adding the missing pieces like encrypted attachment upload and message signing. All we need to do is to introduce the two components to each others.

From the webmail developer’s perspective

So here’s a loose list of functionality we’d like to see exposed by an encryption browser extension and which we believe would contribute to an integrated solution for secure emailing.

A global (window.encryption-style) object providing functions to:

  • List of supported encryption technologies (pgp, s/mime)
  • Switch to manual mode (i.e. disabling automatic detection of webmail containers)

For message display:

  • Register message content area (jQuery-like selector)
  • Setters for message headers (e.g. sender, recipient)
  • Decrypt message content (String) directly
  • Validate signature (pass signature as argument)
  • Download and decrypt attachment from a given URL and
    • a) prompt for saving file
    • b) return a FileReader object for inline display
  • Bonus points: support for pgp/mime; implies full support for MIME message structures

For message composition:

  • Setters for message recipients (or recipient text fields)
  • Register message compose text area (jQuery-like selector)
  • … or functions to encrypt and/or sign message contents (String) directly
  • Query the existence of a public key/certificate for a given recipient address
  • File selector/upload with transparent encryption
  • … or an API to encrypt binary data (from a FileReader object into a new FileReader object)

Regarding file upload for attachments to an encrypted messages, some extra challenges exist in an asynchronous client-server web application: attachment encryption requires the final recipients to be known before the (encrypted) file is uploaded to the server. If the list of recipients or encryption settings change, already uploaded attachments are void and need to be re-encrypted and uploaded again.

And presumably that’s just one example of possible pitfalls in this endeavor to add full featured PGP encryption to webmail applications. Thus, dear developers of Mailvelope, p≡p, WebPG and Google, please take the above list as a source of inspiration for your further development. We’d gladly cooperate to add the missing pieces.

Advertisements

15 thoughts on “Our Wish List for Encryption Browser Extensions

  1. Thank you for that wishlist! Input like that is really helpful.

    With p≡p you can control which kind of encryption is chosen. But you can let the p≡p engine choose, too.

    If you would be interested in doing a pilot, please contact me.

    Volker Birk, p≡p

  2. JohnnyHead says:

    Hey guys,

    not a developer so I cannot understand the technical difficulties of the task, but from my point of view browser extension is not the solution. That’s because I use kolab/roundcube from a number of different desktop and laptops and it is just not feasible to install and maintain extensions on all of them.

    Bye,
    Thanks for the hard work!

  3. Torsten Grote says:

    JohnnyHead, you have a point there, but the alternative is to either expose your private key to the server or to all the different desktop and laptops you might be using in a shady internet cafe. Personally, I’m hoping for NFC smartcards to solve that problem.

    • JohnnyHead says:

      From what I’ve read Mailpile is gonna be first and foremost a local app (like Thunderbird) so it shouldn’t be a problem to store the key on your local machine.

      Have no idea if they are doing something magic with the webmail part of the project.

      • asoijdfasdf says:

        I’m pretty sure they have a Client / Server architecture, the server being written on Python (not that it matters) and handling all of the PGP / IMAP / etc. stuff.
        The webmail talks to this server to get the data and provides user interaction.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s