Feature #5299

symmetric OpenPGP vs recent Iceweasel

Added by Tails 9 months ago. Updated 9 months ago.

Status:ResolvedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
QA Check: Blueprint:
Feature Branch: Easy:
Type of work:Code

Description

Rationale

A great bunch of Tails users currently use symmetric OpenPGP encryption in Iceweasel, thanks to FireGPG. We want to support this usecase on the long run.

Also, we've been wanting to ship "Iceweasel 5.x":./Iceweasel_5.x.html as soon as possible, but FireGPG is discontinued upstream is known not to work with FF4+ "because of the missing IPC library", and generally is a security mess.

We need to find a way to support symmetric OpenPGP encryption in Tails.

Work in progress

The Seahorse applet already knows how to decrypt symmetrically encrypted text. But it does not support symmetric encryption, seems dead upstream, was never released for GNOME3 and therefore is not part of Debian testing.

Therefore, we have written another OpenPGP panel applet; the bugfix/remove_firegpg branch does not run the Seahorse applet anymore. It does not install FireGPG either. Our own panel applet features:

  • symmetrically encrypt clipboard content
  • decrypt clipboard content (regardless of the kind of OpenPGP encryption)
  • status icon and action menu change depending on the content of the clipboard(s), the same way as the Seahorse applet does

Missing features wrt. the Seahorse + FireGPG combo, we can live with:

  • asymmetric (i.e. public key) encryption
  • import key (covered by other parts of the Seahorse UI, though)
  • symmetric encryption of files

Also, we prepared a "fake" FireGPG plugin that explains why it's not here anymore and points to the alternative.

done in Tails 0.10.

Long term

On the long run, we hope Seahorse gets support for symmetric encryption, and seahorse-plugins to be relived upstream. See details below.

Archive: implementation ideas

Port FireGPG to recent Firefox/Iceweasel releases

Dismissed: the webbrowser is too much of a scary place to run GnuPG operations in.

As of June 2011, the most active FireGPG fork is darkpixel's one. It recently merged bit's branch in, that adds support for Firefox 4. It's build system depends on:

Mike Cardwell's easy installation recipe works, but it uses a binary IPC extension shipped in the Git repository.

We therefore need to build the IPC extension against the Iceweasel 5 source code and test the result. Note that a "simple" clone of the Mercurial mozilla-release repository seems not enough as it lacks the obj-ff-release directory. Is this directory generated when compiling Firefox itself?

The Html Validator compilation instructions have stuff related to the mysterious obj-ff-release.

Find another user-interface that provides the missing feature

This could be a nice middle-term workaround.

Local GUI

Writing a simplistic GUI able to symmetrically encrypt/decrypt text should be quite quick.

Hints:

  • May be needed to show all of GPG's output to the user: one can be burnt by GPG-wrapper GUIs misleading about what GPG thinks.
  • A message may be signed and encrypted using gpg --symmetric --sign

Local webapp

  • Herbert Hanewinkel's OpenPGP Message Encryption in JavaScript:
  • homepage
  • only supports encryption
  • gooxdoo JavaScript classes for OpenPGP encryption
  • homepage
  • only supports encryption

Add symmetric encryption support to GNOME

The Seahorse applet already knows how to decrypt symmetrically encrypted text. So the missing bit is symmetric encryption.

This would be the perfect long-term solution, but we probably lack the time and energy needed to implement it.

We asked the Seahorse authors to include this feature a while ago:

seahorse-plugins vs. GNOME3

Another problem is that seahorse-plugins (which the panel applet is part of) is not very well maintained upstream.

Stef Walters wants to get the Nautilus plugin ready for GNOME 3.4, we've asked about their plans for the panel applet.

History

#1 Updated by intrigeri 9 months ago

  • Type of work set to Code

Type of work: Code

Also available in: Atom PDF