Yeah, the keys will have to be imported for every individual site using openpgpjs. I'm not very concerned about that, I think the users are more than willing to import keys everywhere. I think that's just normal usage of PKI, kind of how SSH users would have to put all their public keys on remote hosts.
One thing related to this that I haven't looked into though is: how persistent is the HTML5 web storage, and when and under what circumstances does it expire? It would suck to have to import private keys from a local storage once a day. Perhaps if that becomes a problem later on JavaScript cookies could be used as backup. But once again, I haven't looked at this at all, and it might not be a problem at all. OpenPGP.js is actually a fork of GPG4Browsers :-) Regards, Nik On 7/12/12 10:19 PM, Thomas Bruederli wrote: > On Wed, Jul 11, 2012 at 5:00 PM, Niklas <[email protected]> wrote: >> Hey-hey! >> >> The key manager uses HTML5 web storage to store keys, perhaps your >> browser doesn't support it yet? I've confirmed that part to work in both >> Firefox and Chrome. The plugin is heavily depending on HTML5 and things >> like window.crypto, which Chrome currently supports but Firefox is >> lagging (for some reason they're holding the release back because it's >> not finished for the mobile app). > > I tried with Chrome and importing public keys worked fine. Nevermind, > I guess the problem was somewhere between the chair and the keyboard > :-) > > BTW: as far as I understand HTML5 local storage, the key store is > restricted to the host/domain of the Roundcube installation. Of course > that's a reasonable security feature. But it also means that I'd have > to install my keys at every website using openpgpjs individually, > right? >> Decryption works as a proof of concept currently and currently it can >> only decrypt using one (the first) private key in the key manager. The >> decryption function is on rows 275-334 here: >> https://github.com/qnrq/rc_openpgpjs/blob/master/js/openpgpjs.js >> >> I see what you mean about message parsing being a big project to get >> working somehow on the client side. I can't say that I'm looking forward >> to that part, but for now the most important thing imho is to get any >> PGP safely into Roundcube. It might be something that requires patching >> openpgp.js and that's fine by me, I've already planned doing >> modifications there. > I recently found http://gpg4browsers.recurity.com which actually heads > into that direction. >> I think it's OK if it takes some time to get full multipart messaging >> support. Browsers haven't implemented HTML5 fully yet so either what is >> done with the plugin it won't function 100 % until things like that are >> ready. > That's certainly true. But as always, users want that feature ASAP... > _______________________________________________ > Roundcube Development discussion mailing list > [email protected] > http://lists.roundcube.net/mailman/listinfo/dev _______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
