Implement PGP on Roundcube


Reading around and doing some checking I notice that the install of Roundcube in MIAB includes the Enigma Plugin, but it’s not yet set up. However it seems fairly straight forward to enable it.

  1. Create a folder to store the PGP keys
    sudo mkdir /home/user-data/pgpkeys

  2. Change Owner and Group to www-data and limit access
    sudo chown www-data /home/user-data/pgpkeys
    sudo chgrp www-data /home/user-data/pgpkeys
    sudo chmod 700 /home/user-data/pgpkeys

  3. Enigma comes with a default config file which can be copied out:
    sudo cp /usr/local/lib/roundcubemail/plugins/enigma/ /usr/local/lib/roundcubemail/plugins/enigma/

  4. Now edit the newly created file:
    sudo nano /usr/local/lib/roundcubemail/plugins/enigma/

AFAICT all that needs changing is to add the location of the PGP keys folder, by default this is set to NULL

// REQUIRED! Keys directory for all users.
// Must be writeable by PHP process, and not in the web server document root
$config['enigma_pgp_homedir'] = '/home/user-data/pgpkeys';

This was the only alteration I made. The rest of the config was left as is.

  1. Edit the roundcube config file to add enigma to the list of plugins:

sudo nano /usr/local/lib/roundcubemail/config/
$config['plugins'] = array('html5_notifier', 'archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'persistent_login', 'carddav', 'enigma');

Once I’d saved the changes the last thing to do was to reboot the server and try it out:

Clicking on the new PGP Keys option allows me to add and view keys.

The Enigma Plugin handles adding the subfolders in the PGP Key directory for each address. You can also import existing keys or export a created key in case you want to use them with email clients.

@JoshData - would you consider adding this officially?


Edited to add step 5



An excellent suggestion for the GitHub – I am not sure if there is a similar request there or not. Perhaps you can actually make a pull request?

Actually this was discussed years ago … I think that it is time to reopen the discussion as things have changed.


I’ve used Mail-in-a-Box before and enjoyed the experience and have been looking at deploying it once again and this feature being built in would definitely be a nice-to-have!

Hi all,
Will these changes be gone after the next MIAB update??