I'm guessing he's using LDAP to retrieve public keys and the c setuid
wrapper is to get access to the user's home directory where their
private key is stored.
yep.
RoundCube would probably want multiple methods
of retrieving public keys and LDAP may be on of those methods. While
storing private keys in a user's home directory is probably the most
secure way of storing private keys it probably wouldn't work for
RoundCube because of the inflexibility of the solution (e.g. what do
you do on Windows computers?). Storing the private keys (and also
perhaps a list of trusted public keys) in MySQL is probably the most
flexible option for RoundCube but RC (or the plugin) better come with
a big disclaimer warning about the risks of exposing that data. It
would be interesting to see how Justin has integrated his PGP features
as some of that integration maybe useful for RoundCube.
i imagine that most smaller rcube installs wont have control over the
server that they are running rcube on, so it would be good to offer a
choice on how to deploy this.
the implementation we are developing will not be suitable for many
setups, but hopefully some of the code will be useable.
There are a lot of questions to work out for this feature:
-Is it part of the core or is it a plugin?
i'm not sure myself on this yet.
-What back end encryption technologies does it support? The main
options look like GnuPG and OpenSSL.
yep, we are using openssl for s/mime and gnupg pgp/mime.
