Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request]: PGP Encryption / GPG Support / Keybase #25

Closed
heywoodlh opened this issue Oct 4, 2017 · 95 comments
Closed

[Feature Request]: PGP Encryption / GPG Support / Keybase #25

heywoodlh opened this issue Oct 4, 2017 · 95 comments

Comments

@heywoodlh
Copy link

Can I use GPG to encrypt email in Mailspring yet? Couldn't find anything in the KB and I also couldn't use any plugins to add the functionality myself.

I would have checked out the roadmap to see if there was a plan to implement this but it doesn't seem to be public. #

@bengotow bengotow changed the title Encryption? [Feature Request]: PGP Encryption / GPG Support / Keybase Oct 4, 2017
@bengotow
Copy link
Collaborator

bengotow commented Oct 4, 2017

Hey @heywoodlh — thanks for reaching out! There used to be a Keybase plugin for Nylas Mail that added GPG encryption to the app, and theoretically it /should/ still mostly work. In a few months, Mailspring will have a plugin browser built into it and I think it'd be great to have an encryption plugin in there. If anyone has some time to dive in to this, it'd be great!

@heywoodlh
Copy link
Author

In OS X I can't use the menu to install plugins. Is there any way for me to install the plugin manually in Mailspring? I would totally love to dig into it and report back.

@bengotow
Copy link
Collaborator

bengotow commented Oct 4, 2017

Oh wow - yeah, it just... doesn't work. I'll see if I can get that fixed.

In the meantime, if you want to install a plugin open ~/Library/Application Support/Mailspring in the Finder. Create a folder called packages there, and put your plugin folder inside it. If you relaunch Mailspring it should find it and attempt to load it!

@heywoodlh
Copy link
Author

Perfect, thank you for the quick responses.

I'll work on getting that plugin installed and see how it goes.

@heywoodlh
Copy link
Author

I found an open source N1 PGP plugin called Cypher and forked it here.

I placed it in ~/Library/Application Support/Mailspring/packages/ and when I run MailSpring I get an error in the developer's console stating that it cannot find the module 'nylas-export'.

Not sure where that module is, as I cannot seem to find it in the original Nylas Mail repository, in the Mailspring repo, or in the cypher repository that I forked.

Attached is a copy of the error log:
nylas-error.txt

I am submitting this here to ask for additional help as I am not a developer and I think this would really be a great feature to add to Mailspring.

I opened an issue on the repository I forked here. Any help fixing this would be appreciated. :)

@buildersbrewery
Copy link

Probably due to config.json always being overridden with these?

    "disabledPackages": [
        "message-view-on-github",
        "personal-level-indicators",
        "phishing-detection",
        "nylas-private-salesforce",
        "github-contact-card",
        "keybase",
        "composer-markdown",
        "composer-scheduler",
        "composer-mail-merge",
        "send-and-archive",
        "main-calendar"
      ]

@heywoodlh
Copy link
Author

@buildersbrewery I'll have to take a look at that tomorrow. Do you have a proposed solution?

@buildersbrewery
Copy link

Seems to be part of a planned paywall (#25, #28, #33)?

@alxjsn
Copy link

alxjsn commented Oct 6, 2017

S/MIME support would also be a nice feature to add. :)

@agsdot
Copy link
Contributor

agsdot commented Oct 24, 2017

👍 for re-adding keybase integration in the future again.

@tim-hm
Copy link

tim-hm commented Oct 25, 2017

Would love to see keebase/gpg support!

@deidyomega
Copy link

Just as a note, once gpg support is working, I'll become a paying customer.

dweremeichik pushed a commit to dweremeichik/Mailspring that referenced this issue Dec 29, 2017
…76#25)

* Implementing a descending order view of the message list

* Moved the option under the reading section in preferences and changed the wording of the option

* Forgot to update .gitignore
@simotek
Copy link

simotek commented Feb 6, 2018

I also need this to fully migrate away from firefox.

@JDsnyke
Copy link

JDsnyke commented Feb 14, 2018

Any news on this feature?

@TheChiefMeat
Copy link

Would also love to see this feature. I know Keybase has an open source javascript implementation of PGP (https://github.com/keybase/kbpgp), I even helped implement some features (signing, signing and encryption) onto a website you can find here:

https://thechiefmeat.github.io/pgp/

Seeing as the client uses quite a bit of Javascript already, you should be able to implement kbpgp into the client, I'd even help out if that meant getting this feature done :)

@SkyCrawl
Copy link

SkyCrawl commented May 5, 2018

Another +1. I could repeat many statements from the above comments. This is a very important feature for Mailspring to get more users/customers.

@zaphbbrox
Copy link

And another +1. Really looking forward to this feature, so I can use Mailspring as my only mail app.

@daanpanis
Copy link

+1. I've been looking for a good looking email client that supports PGP encryption. If Mailspring starts supporting this it would be the perfect mail client.

@pirhoo
Copy link

pirhoo commented May 14, 2018

@thomwiggers
Copy link

The EFF and the authors of that paper are doing PGP a disservice. There are some bugs in handling decryption failures in various email clients, PGP itself is mostly fine.

@jramb
Copy link

jramb commented May 14, 2018

In this case it is related to the email encoding and HTML features (sadly Mailspring allows only HTML, no plain text only right now). That is a serious issue and not just a simple implementation glitch and has nothing to do with the PGP algorithm being good or not. EFF seems right to recommend to switch GPG / S/MIME off completely in the clients. Sadly.

@samtuke
Copy link

samtuke commented May 28, 2018

Another +1 for GPG.

@Lacroze
Copy link

Lacroze commented May 31, 2018

+1

1 similar comment
@franktopel
Copy link

+1

@jorgedferreira
Copy link

Any news on this? Doing a test drive of the email client and this is a must for me.

@gdude2002
Copy link

gdude2002 commented Jun 16, 2018

@bengotow Has there been any movement on this? It's a very important thing to be able to do, given just how holey the global email infrastructure actually is.

I tried to load the old Nylas plugin, but nothing visible happens when I do. The disabled plugin plugin in this repo just throws errors.

EDIT: It does enable, though. No errors in the console.

image

@klention
Copy link

klention commented Jan 21, 2020

@RaitoBezarius fork it would be the best option regarding mailspring team decision not taking any action for so long about this extension importance. Unfortunately I as System Administrator do not have the right professional experience as Software Developer to take this role. Anyone who will, will be highly appreciated.
Regards

@hpk42
Copy link

hpk42 commented Jan 21, 2020 via email

@RaitoBezarius
Copy link

RaitoBezarius commented Jan 21, 2020 via email

@insipx
Copy link

insipx commented Jan 21, 2020

I too, would support a fork. Not sure I would be able to contribute my time, but privacy-focused mailspring sounds wonderful.

However, how would the fork deal with the underlying sync engine mailspring runs off of? AFAIU, that is still closed-source.

Mailspring's sync engine is spawned by the Electron application and runs locally on your computer. It will be open-sourced in the future but is currently closed source. When you set up your development environment, Mailspring uses the latest version of the sync process we've shipped for your platform so you don't need to pull sources or install its compile-time dependencies.

not sure how large of an undertaking that is, or if there are any alternative engines to use.

@simotek
Copy link

simotek commented Jan 22, 2020

I am a React.js longtime developer so I think I could hack the feature given enough time, I'm also very interested into having plaintext emails which is another feature request. But to be honest, I don't think I can pull it alone, I'd be glad if at least someone else would lend me an hand just for some peer review. If you guys are that interested into that, I'll try to see what how much effort that would take and try to come up with a plan. To be honest, I'm super interested into this too, I hate having two emails clients because of this for now.

I don't think you could do PGP Encryption without supporting plaintext which is maybe why the dev's haven't focused on it. But I think being able to support plain text is likely the starting point. Unfortunetly I don't have time atm and last time I tried mailspring couldn't handle the volume of email i have to pull and filter.

@RaitoBezarius
Copy link

I too, would support a fork. Not sure I would be able to contribute my time, but privacy-focused mailspring sounds wonderful.

However, how would the fork deal with the underlying sync engine mailspring runs off of? AFAIU, that is still closed-source.

Mailspring's sync engine is spawned by the Electron application and runs locally on your computer. It will be open-sourced in the future but is currently closed source. When you set up your development environment, Mailspring uses the latest version of the sync process we've shipped for your platform so you don't need to pull sources or install its compile-time dependencies.

not sure how large of an undertaking that is, or if there are any alternative engines to use.

I agree ; for now, we can focus on adding nice privacy oriented features on the frontend, Mailspring has planned to open source the engine so we can hope they will honor their words, otherwise:

Not only they just ignore feature requests for years, ignore requests to some pointers to implement ourselves some features (I asked many times, how should we go to add this feature and contribute back to upstream, they just ignore it), and eventually they lie to everyone.

I am a React.js longtime developer so I think I could hack the feature given enough time, I'm also very interested into having plaintext emails which is another feature request. But to be honest, I don't think I can pull it alone, I'd be glad if at least someone else would lend me an hand just for some peer review. If you guys are that interested into that, I'll try to see what how much effort that would take and try to come up with a plan. To be honest, I'm super interested into this too, I hate having two emails clients because of this for now.

I don't think you could do PGP Encryption without supporting plaintext which is maybe why the dev's haven't focused on it. But I think being able to support plain text is likely the starting point. Unfortunetly I don't have time atm and last time I tried mailspring couldn't handle the volume of email i have to pull and filter.

Plaintext is a must, indeed. That's why I have #52 as priority first, then this feature.

@bengotow
Copy link
Collaborator

Hey folks! Going to merge #940 and #1240 into this so we can track interest in this feature in one place. I think this is definitely doable — I was hoping the community might pick up one of the old plugins and get it working because I don't know much about encryption, but I think it'd take a lot of debugging and tweaking. (We moved the whole app to TypeScript which complicates the use of the old CoffeeScript plugins from Nylas N1 a bit.)

It should be possible to implement this as a plugin in the Mailspring UI—I think there's some separate interest in a privacy-focused fork removing the Mailspring ID concept, etc., but I'd encourage folks to create a bogus Mailspring ID during sign up and then block id.getmailspring.com if you're concerned about telemetry or pro features. Rolling an encryption / message signing plugin into the mainline app will make it accessible to a lot more folks! (If you don't use the pro features like link tracking everything should work fine with the hostname blocked - we also don't do any email verification when you create a Mailspring ID, so you can use something totally fake if you'd like.)

I think @RaitoBezarius is right that plaintext composing is probably step 1 here. That's been on the backlog for a long time and I can look at getting that implemented since it'll take a few changes to the SMTP requests and MIME building.

Beyond that, I'd love to collect some specific feedback / info from everyone who has used message encryption before, since I don't know much about it.

  • Is there a gold standard plugin for Thunderbird, etc. that we can look at or clone?

  • Can we focus on /signing/ messages and checking message signatures, or is there significant interest in message encryption as well? My understanding is that most corporate / government environments want S/MIME based message signing, not encryption (which forces the recipient to decrypt the message.)

  • How should the plugin manage YOUR private key / certificate for each email account? We could allow you to specify the path to your key or try to read it out of the system config / keystore in some way, but I really want to support all three platforms and integrating with other apps might make that tricky.

  • How should the plugin retrieve OTHERS public keys? This is the part of message encryption / signing that has always been rough I think. We experimented years ago with using Keybase and that works well but might be frustrating if it's the only option. I've also played around with the encyption plugin for Mail.app on the Mac, and it uses a separate GPG Keychain app you have to populate with public keys. Is there a key management tool that works on Mac, Windows and Linux we could delegate the management of keys to? Or maybe for V1, we just let you throw them all in a folder with names like [email protected]? I think for S/MIME the public keys are also sent in the email MIME itself, which takes care of signing if you receive an email before sending one.

@hpk42
Copy link

hpk42 commented Feb 17, 2020 via email

@RaitoBezarius
Copy link

Thank you for taking seriously privacy, @bengotow ; if we can lend a hand, let us know.

Is there a key management tool that works on Mac, Windows and Linux we could delegate the management of keys to? Or maybe for V1, we just let you throw them all in a folder with names like [email protected]? I think for S/MIME the public keys are also sent in the email MIME itself, which takes care of signing if you receive an email before sending one.

There is actually something called GPGME which is often used in some tooling (Mutt/NeoMutt can use it for example): https://gnupg.org/software/gpgme/index.html

It could be used if that's required.

@MalteKiefer
Copy link

In no case should Mailspring manage the keys. Linux has gpg directly on board, Mac and Windows can install it after.
The two keyservers that are the current standards here are these:

The latter is actually the standard in all major apps (Enigmail) by now. It also verifies that the email really exists and exceeds old keys, so that there are not 5000 keys from a user.

I think no matter how you do it now, everyone has different requirements. Some will be satisfied with signing with certificates, but some will definitely want to encrypt with PGP. Order the Autocrypt as already mentioned.

@knussear
Copy link

Got to have this feature! is anyone awake at Mailspring?

@raphael-milliere
Copy link

I really want this feature too, the lack of PGP support is preventing me and many people I know to switch to Mailspring from Thunderbird.

Is this feature on the roadmap?

@korovamilk
Copy link

any news regarding PGP support? love the interface but without PGP support I have to switch back to other client

@openarun
Copy link

openarun commented Oct 7, 2020

Any update with this please ?

@maskari
Copy link

maskari commented Oct 18, 2020

+1

@raphael-milliere
Copy link

Please do give us an update on PGP encryption. This is at the very top of many users or potential users' list of vital features for a web client. Thunderbird now supports PGP encryption natively (although it could already support it before with the Enigmail plugin). I think Mailspring is superior to Thunderbird in almost every way, but the lack of PGP encryption sticks out like a sore thumb in an age where more and more users are deeply concerned about privacy.

@compuguy
Copy link

Outside of some commits related to Office 365 accounts in August, there hasn't been much work on Mailspring in the past couple of months...😢

@jmanuel1
Copy link

Maybe this plugin could help? mailspring-keybase

@rgpublic
Copy link

+1 from me as well. Now that the new Thunderbird versions are shipping with basically broken PGP support, I looked for some alternative mail client to use. Unfortunately, I ended up here and found that PGP isn't supported :-(

@knussear
Copy link

knussear commented Oct 30, 2020 via email

@cpot
Copy link

cpot commented Dec 11, 2020

PGP and S/MIME for corporations is a must have. No doubt

@valentt

This comment has been minimized.

@CodeMouse92
Copy link
Contributor

Project is not dead. 2020 happened is all. Project owner replied to #2231.

In any case, I too need this feature.

@CodeMouse92 CodeMouse92 added the audit Auditing issue label Jan 12, 2021
@foundry376-bot
Copy link

This issue has been mentioned on Mailspring Community. There might be relevant details there:

https://community.getmailspring.com/t/pgp-encryption-gpg-support-keybase/83/1

@CodeMouse92
Copy link
Contributor

CodeMouse92 commented Jan 18, 2021

Hey everyone,

This is something both @bengotow and I would love to see, but we really need some members of the community to step up and help us implement this!

We are in the process of migrating issues to Discourse, which can better facilitate discussion and discovery, and so GitHub Issues can focus on issues that are confirmed and slated for resolution in the near term. Learn more about the changes here.

As part of this, we've migrated this issue to Discourse:

https://community.getmailspring.com/t/pgp-encryption-gpg-support-keybase/83

Please consider joining that community and continuing the discussion there!
We're closing and locking the issue here as part of this migration. Rest assured, this doesn't mean the issue is being discarded or ignored.

We hope to see you on Discourse soon!

-The Mailspring Team

@Foundry376 Foundry376 locked and limited conversation to collaborators Jan 18, 2021
@CodeMouse92 CodeMouse92 removed the audit Auditing issue label Jan 18, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests