mail icon indicating copy to clipboard operation
mail copied to clipboard

Published 20 hours ago verified publisher icon elementary

Add native mail encryption out of the box through the integration of pEp

Open 4jNsY6fCVqZv opened this issue 6 years ago • 18 comments

Background I think this (pEp) approach is the most comprehensive one to face the huge problem that online communication — for the most users out there — is visible like a postcard & that this world has mass surveillance. The solution would be mass encryption and mass anonymization for all users out there. But this has not been accomplished through PGP/OpenPGP/GPG for the past 30 years now. And this is where pEp approach steps in. It's neither just plain GPG/OpenPGP, nor does it use/is build upon Autocrypt. It handles OpenPGP and S/MIME without hassle for the user (pEp automatizes all the steps a user would need to carry out for a secure communication -> key management, key discovery, private key handling, next step here is key syncing), what has not been solved by integrating plain GPG in Clients functionality so far.

For developers it's very easy as you can just plug'n'play the engine, which means that you don't have to maintain any crypto. It's developed and financed by a swiss foundation, cooperative and company, has external code audits.

Feature summary what it says on the tin!

I don't want to feel the need to install & use Thunderbird (cause pEp is provided there by Enigmail's default) just to make my communication on elementary OS more secure and sustainable. This could be solved by adding privacy by design support for pEp in Mail. Guess the pEp developement team would love to support your implementation if you just ask them!

How would you like it to work? I would love to see it as an privacy by design and default enabled, build in plugin, that secures my future communication out of the box, after (installing &) running Mail as my primary Mail client.

Relevant links, screenshots, etc

Definitely a good place to start — for the code — is https://pep.foundation/pep-software/

Further I would recommend Sva's talk from last years FROSCON https://media.ccc.de/v/froscon2018-2181-let_s_roll_out_mass_encryption It contains everything you should know, about the concept, the technical side and provides links to all of their code & communication channels as well. There is a part about the difference to Autocrypt as well.

What are your thoughts on this?

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

4jNsY6fCVqZv avatar Jan 10 '19 14:01 4jNsY6fCVqZv

There's a $1000 bounty offered on PGP support generally here. https://github.com/elementary/mail/issues/82

eljefuri avatar Feb 14 '19 02:02 eljefuri

Hello, thanks for your comment! Maybe the title is a bit misleading - I'll change it directly.The goal of my issue is to add native mail encryption out of the box through the integration of pEp Engine. I find the bounty exciting! But at the moment shows only $50 and not $1,000.

4jNsY6fCVqZv avatar Feb 14 '19 14:02 4jNsY6fCVqZv

@cassidyjames @danrabbit
Hello, short question, is there currently the wish of the elementary team that such an integration of pEp takes place and will be developed for a rewritten Mail?

And if so, what conditions do you wish for such an integration?

4jNsY6fCVqZv avatar Mar 06 '19 09:03 4jNsY6fCVqZv

@4jNsY6fCVqZv I do think pEp would be accepted, but we'd want to work closely on the design. Also, since the rewritten mail is a simpler front-end to the Evolution Data Server, I believe the work would need to be done in EDS so we could hook into it from the front-end.

cassidyjames avatar Mar 07 '19 05:03 cassidyjames

@cassidyjames Hello Cassidy, thank you very much for your message! How exactly do you mean that the work should be done in EDS? As far as I understand it, pEp is already a frontend solution.

4jNsY6fCVqZv avatar Mar 09 '19 07:03 4jNsY6fCVqZv

@4jNsY6fCVqZv EDS is the client-side library that handles email in GNOME's Evolution app as well as the new elementary Mail app. I'm not familiar with the intimate details of EDS or pEp, but I believe pEp bindings would be added to EDS so we could more easily use them in elementary Mail without having to carry all of the code to handle it in the Mail app ourselves. The advantage would also be that any EDS-using app could work with pEp without manual integration work.

@tintou would likely have a more precise explanation of this than I can provide, though.

cassidyjames avatar Mar 10 '19 20:03 cassidyjames

If I'm not mistaken then a pEp adapter could go to libedataserver or live nearby. Reading in now. To implement pEp functions for sending and receiving mail have to be hooked.

fdik avatar Mar 11 '19 17:03 fdik

@fdik What can pEp offer to provide a solution for apps based on EDS?

4jNsY6fCVqZv avatar Nov 11 '19 09:11 4jNsY6fCVqZv

On Mon, Nov 11, 2019 at 01:50:18AM -0800, 4jNsY6fCVqZv wrote:

@fdik What can pEp offer to provide a solution for apps based on EDS? @tintou Do you want to contribute your thoughts to bring a good and sustainable solution to this issue?

Hi,

because Geary decided for p≡p we're developing the p≡p Freedesktop.org adapter already. This could be used by Elementary, too.

p≡p is a pure client concept.

If a free MUA is deciding for implementing the complete p≡p concept with Privacy by Default p≡p foundation is helping with financing, consulting and development as far as this is required. In case you want to do this please tell us this decision and your needs.

Yours, VB.

Volker Birk, p≡p project mailto:[email protected] https://pep.software

fdik avatar Nov 11 '19 16:11 fdik

@fdik the current master version of elementary Mail is not based on Geary, but is a lighter-weight front-end to Evolution Data Server. So a solution that works with Evolution Data Server would be ideal, and as a bonus it would work with any app (like Evolution itself) that talks to EDS. The question of course is how to integrate it into the UI, and if it's possible to use this new adapter with EDS already, then all the better.

cassidyjames avatar Nov 15 '19 19:11 cassidyjames

So a solution that works with Evolution Data Server would be ideal

Hi,

as I said pEp is purely client based. I'm not aware of a possibility to implement it in a data server.

Yours, VB.

fdik avatar Nov 20 '19 15:11 fdik

@fdik ah, I didn't know in this case if EDS (which is a data server on the desktop) would be considered a client (since it is a client to the mail server). Multiple layers of servers and clients. :)

cassidyjames avatar Nov 20 '19 17:11 cassidyjames

OK. Sorry, then I'm probably the wrong person to ask. Who could explain what EDS is and does? Is there any architecturaly diagram where we can see this?

fdik avatar Nov 20 '19 23:11 fdik

@fdik There is a reference manual here. I'm not sure about an archetecture diagram, but its source is on the GNOME GitLab, and according to the Evolution page on the GNOME wiki, you can get in touch with devs in #evolution on irc.gimp.org.

cassidyjames avatar Nov 22 '19 17:11 cassidyjames

@fdik Does this information help you? How can an integration and thus Privacy by Design in Mail be realized together with pEp in the near future?

4jNsY6fCVqZv avatar Dec 16 '19 03:12 4jNsY6fCVqZv

Here's a specification which might be worth looking into regarding end-to-end encryption: https://autocrypt.org

Came up in a more general discussion I had regarding email.

alcinnz avatar May 11 '23 21:05 alcinnz

@alcinnz This issue is about integrating pEp. Autocrypt has its own issue ;) https://github.com/elementary/mail/issues/180

4jNsY6fCVqZv avatar May 12 '23 11:05 4jNsY6fCVqZv

Sorry, my searches didn't turn it up. Must have been writing them too general!

alcinnz avatar May 12 '23 23:05 alcinnz