Hi, at my company we use sogo and smime to encrypt all of our emails.The problem is that I'm not able to use the webmail client with this since it is not able to decrypt the emails. Since I do not want to upload my key to the server, due to the security implications. That's why I started developing a FF plugin that handles the decryption in the client.
What I currently have:- a FF extension that creates window.smime object which in turn calls to the xpcom implementation. Accessible from (untrusted) javascript in a webpage - the xpcom component is able to encrypt and decrypt the emails using the firefox certificat store
The current implementation uses smime.pl and cmsutil from mozilla nss (http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_2_1_RTM/src/nss-3.2.1/mozilla/security/nss/cmd/smimetools/). This approach has several flaws:
- It needs a Perl installation - It uses a binary (cmsutil) that is platform dependantIs there any interest in using this from sogo? Should I upload it somewhere? If there is interest I would implement several missing parts:
- port the smime.pl to javascript (doesn't seem to be too complicated)- don't use cmsutil but rather directly load the nss dll's /so's and call them (some reasonable work) - give the plugin a user interface (ask the user if it want's to allow the current page to access the user's certificates)
My concern is that I do not want to implement all of this and later on no one brings it to the webmail client.
Thanks for this great OpenSource groupware server! David
smime.p7s
Description: S/MIME Kryptografische Unterschrift
