PGP Encryption and MIAB?

Continuing the discussion from Undelivered Mail Returned to Sender:

> To protect emails from prying eyes that might intercept them, set up PGP. PGP, or Pretty Good Privacy, allows you to send a message that is encrypted in a way that can only be decrypted by the intended recipient.

  • However, that means this only works if the other party is set up to use PGP as well—and many people are not.
  • Only the content of your email will be encrypted. The sender and recipient information, along with the subject line, are not.

The question is whether or not it is possible to include PGP Encryption with MIAB. I would have thought that, the title, of this post, which states “PGP Encryption and MIAB?” made the question obvious. In either case, the title is an abbreviated way of asking how or whether or not it is possible to combine the two.

Some more information: https://github.com/mail-in-a-box/mailinabox/issues/892

Do you have a specific question?

1 Like

I have flagged your repeated comment as inappropriate.

Latest update: @michaelkroes In the spirit of keeping things civil, I acknowledge your attempt to address my question about integrating PGP with MIAB via the plugin.

@assistance_pls Don’t do that. (@michaelkroes and I are project maintainers.)

Yes, you and @michaelkroes are project maintainers. And I am someone who has invested heavily in integrating your solution into my existing setup.

I can see how this particular post may have been confusing, but the other three that @michaelkroes challenged were clearly referenced to an existing question.

Every single person I have shown the threads to has said they understand the question. @michaelkroes appears to be more interested in spamming my posts (in support of the other guy) than in resolving an issue. Moreover, my original post received not one response in weeks, from the same @michaelkroes who is now oh so eager to find out my “questions”.

At the end of the day, any open source product and community is only as good as the members who contribute. The best project maintainers understand that.

:astonished: Are you saying that the title of this post, PGP encryption and MIAB? (emphasis on the question mark) does not provide any indication of what I am trying to understand?

Update

JoshData commented on May 19, 2016
Closing because it was a fun idea but it seems like no one will get around to this any time soon.

martindale commented on May 20, 2016
Please re-open this issue, as it remains a requirement for the project. Move it to another milestone if you must (propose: “Backlog”), but definitely do not close it just because someone isn’t getting to it soon.

JoshData commented on May 20, 2016
as it remains a requirement for the project
I don’t know what that even means. If it’s a requirement you have for a mail server, then this project won’t meet your needs.

martindale commented on May 20, 2016
Then close the issue as “out of scope”, and be clear about that to your community so they can find solutions that meet their needs. “no one will get around to this” is a poor explanation that you do not view this as an important feature and are removing it from the list of things other contributors can do for you.

As for the context of the issue itself, deploying a mail server without end-to-end encryption is irresponsible in the post-Snowden era. You would be doing a serious disservice to your users by even allowing unencrypted configurations, let alone explicitly removing them from your product backlog.

@JoshData I suspect this issue of end-to-end encryption will continue to crop up until a compromise is found.

Take it easy. We’re all trying to help. If it appears otherwise, it’s a misunderstanding. There are a lot of threads here and on github and it is hard to keep track of what everything is about.

1 Like

Mail-in-a-Box doesn’t support PGP encryption out of the box and modifying the box is discouraged because it makes getting help much harder. No one is currently working on adding PGP encryption.

It’s of course possible, if you build the PGP integration yourself – but again that’s discouraged. Unless you’re prepared to walk through the process of adding a new feature to Mail-in-a-Box for everyone.

Thank you for your response, @JoshData

What are the steps for adding a new feature? I am not so technically minded, but I do enjoy learning about how to build new products.

Some work was done here. That is work on implementing the enigma plugin in round cube. That works looks stalled because of php7 support. Which might change if we implement nextcloud 12.

Working towards universal PGP support where the server encrypts and decrypts (so the box holds the keys) wouldn’t be my favourite way of implementing this.

To be quite honest, I wouldn’t use the enigma plugin either. I think PGP should be a client side tool because you don’t trust the transport layer. But that just depends on your threat level I guess. I sign my email using s/mime. Which works by default in most clients. As @joshdata mentions in the PR/Issue I referenced he is willing to accept a well tested PR.

Let’s continue the discussion in whichever issue or pull request on github is closest to this topic.

I was happy to let this discussion close, however, based on a message I just received, it appears that the issue of my posts remains open.

pxl1h
Hi,
I saw your comments from today and yesterday you made in the discussion forum.
I want to remind you with this message that the discussion forum has a code of conduct [0].
Please be friendly to others and avoid unwelcoming and excluding language.
Thanks :smile:
pxl

I am beginning to feel as if the forum is more of a cult than a place to discuss matters openly.

I realize things got off to a bad start in another thread last night, but our expectations of conduct still apply even if you think you were wronged by someone else. So I’d ask that you take a break, mentally reset, and resume this conversation when you’re able to assume good intentions on the part of others in our community. If you can’t do that, I think you’ll find that folks will stop taking time out of their days to try to help you.

I think there is some confusion here on multiple levels.

1.) I think you will find that the majority of questions I have posted I have either resolved myself, or contributed significantly to resolving. I post the questions more as a reminder should I encounter the same error again, I would know what to do; and, secondly to help others. To suggest I am in some way ungrateful is just too much.

2.) I am not a member in the typical sense of being a community member. I am effectively a customer who sees no viable way to access support outside of this community.

3.) If you, Josh, as the creator of Mail in a Box, feel in ANY WAY SHAPE or FORM that my posts are unwanted or unnecessary, say the word and I will happily cancel this account.

If you, Josh, as the creator of Mail in a Box, feel in ANY WAY SHAPE or FORM that my posts are unwanted or unnecessary, say the word and I will happily cancel this account.

I’ve already told you that flagging messages as you did is unwanted. Calling our community a cult is also unwanted. Besides that you are most welcome to continue to participate here, as is anyone who stays within the bounds of the code of conduct. If you have any questions about what is wanted or unwanted, feel free to ask me here or privately.

Ok, so here is the thing.

I flagged messages that were not adding to the linked discussion (see earlier post for a more detailed explanation, if you are really that interested).

You are behaving like a cult when you attempt to stifle criticism against one party without acknowledging the overall context.

Essentially, I am saying that you are biased in your criticisms, which is nothing to be proud of.

If you have any questions about what I have just written, feel free to ask me here or privately.

Hi, new to MIAB - thanks for the contribution. I’m wondering if it has PGP support now?

You can use PGP encryption with your mail client, like Outlook or Thunderbird, but I don’t think there’s anything bundled with Roundcube in MIAB as it stands (so nothing for the web portal).

Thanks for the info, I use enigmail for Thunderbird and k9 on m Droid. Sad to hear that years later MIAB still didn’t add support