Nylas-mail: Supporting PGP / GnuPG 🔒🔑

:+1:

@Natim commented on Oct 17, 2015, 9:44 AM EDT:

I need to sign my email before they are send as well as encrypting/decrypting mail I am exchanging with some people.

Do you have any plan on support GnuPG integration with N1?

This was the first thing I was looking for when I saw this project, tbh. I wonder if Keybase could help here; it could begin with support for them and then abstract out to allow for local keys to be used.

Reference docs: https://keybase.io/docs/api/1.0

Dup was closed: https://github.com/nylas/N1/issues/19

If it were to remain open then FOSS developers would know it's a thing they can work on.

There are many javascript libraries that can be used to implement such functionality using Nodejs like, OpenPGPjs and gpg.

Cool! Now let's a PR going :)

Did anyone start creating a plugin?
And did everyone here vote for the implementation? :wink:

Hey folks! Excited that there's a lot of community interest in GnuPG. We've been moving feature requests and plugin ideas to our product roadmap Trello board and there are almost 30 votes for it there! I'm happy to leave this issue open so we can keep the conversation going.

If anyone wants to pick up development of this, the team and I are happy to help out on the community Slack channel, but may not have time to work on it internally for a few months.

Also, the n1-plugins repo might be a good place to get some code and start working on this

+1 Essential!

:+1:

+1 for this.

I am working on this. I have a decryption implementation working, but I am working on passphrase input and not stalling the UI with the decryption process with a 4096-bit key. String operations can be slow (>1000 ms delay).

Also, I will sanitize my project and post it later on Github (in school at the moment).

@mbilker Thank you for your work!

@mbilker woah! Awesome, looking forward to your source! :+1:

Currently working on it. Building a node worker to do decryption.

Cooolll! Thank you. DC

On Mon, Nov 9, 2015 at 9:58 PM, mbilker [email protected] wrote:

Currently working on it. Building a node worker to do decryption.

—
Reply to this email directly or view it on GitHub
https://github.com/nylas/N1/issues/96#issuecomment-155211636.

It's live. https://github.com/mbilker/email-pgp

"[PGP] Decrypted message, 4579.6309710000005ms", source: /home/mbilker/.nylas/dev/packages/email-pgp/lib/message-loader.cjsx (267)
"[PGP] HTML found in decrypted, 0.085856ms", source: /home/mbilker/.nylas/dev/packages/email-pgp/lib/message-loader.cjsx (272)

Bottleneck is the decryption, which includes the decryption of secret key and decryption of actual message. Using a 2048-bit key will dramatically lower the time. I use a 4096-bit key.

I am so glad to hear that people are working on this, I would love to switch away from my default Mac Mail app. I use GPGTools.org right now with Mac Mail and it works just fine, but I like the UI /UX of N1 much better. Please keep us posted on this progress.

I will look into their UI/UX and think of better integration

On Nov 14 2015, at 10:31 pm, Zlatko Bijelic <[email protected]>
wrote:

I am so glad to hear that people are working on this, I would love to switch
away from my default Mac Mail app. I use GPGTools.org right now with Mac
Mail and it works just fine, but I like the UI /UX of N1 much better. Please
keep us posted on this progress.

—
Reply to this email directly or view it on GitHub.

I am currently working on Keybase encryption. I am working on logging in through an external window and then saving the login (CSRF) token to the NylasEnv config, which is the same place the N1 account information is stored.

Bottleneck is the decryption, which includes the decryption of secret key and decryption of actual message. Using a 2048-bit key will dramatically lower the time. I use a 4096-bit key.

Do you guys plan on using ServiceWorker to do that task in the background?
https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API

Hmm. I need to review the documentation. Currently I do it the Node way with a background process, but there is the expense of spawning the new process.

+1 this is the only missing feature that would have me switch to N1 full time.

@deiu hahaa same here. I am now 80% N1 and 20% Mac Mail app (just because of PGP). Looking forward to this in the very near future.

@zlatkobijelic thats cool. I am looking into GPGTools' source code to see how they parse messages.

@mbilker maybe reaching out to https://github.com/lukele wouldn't be a bad idea. Seems to be the main contributor for GPGTools. They are also very responsive through twitter and their forums.

Good luck @mbilker hope to see this working in the near future. I believe that many people will switch from Mac Mail to N1 once PGP is supported.

Cheers!

@zlatkobijelic Would something like the security message in this screenshot be useful. I have a way to display this through a custom Message Header, and state is shared from the PGP Store I use and message bodies subscribe to listen to events.

Hmm. I will continue to use #19 as the primary issue to address any concerns regarding PGP in N1. Please do not ask any more questions here.

Is it possible to integrate with gpg-agent? I use a smartcard for my private keys.

Hmm. I might have to integrate gpg-wrapper from keybase then.
On Tue, Dec 8, 2015 at 1:36 AM Martijn van Dijk [email protected]
wrote:

Is it possible to integrate with gpg-agent? I use a smartcard for my
private keys.

—
Reply to this email directly or view it on GitHub
https://github.com/nylas/N1/issues/96#issuecomment-162789078.

+1 need GPG

@mbilker I use keybase too. If you need an invite to keybase I have a few spare.

I'll consider switching to N1, but only if / when it supports GPG. It's an absolute requirement of mine.

Ahh. Okay. I am working on the encryption aspect of my plugin. I have pass-phrase input working, but I am thinking of using a GPG extension to decrypt as well.

I'm willing to test integration with gpg-agent. Just mention me here if you need anything!

+1 N1 looks very promising but this feature is a hard prerequisite and the only thing keeping me on Thunderbird.

@martijnvandijk The current iteration has an option to use GPG. I have it working with gpg-agent.

@mbilker Hi there, I see you are moving forward in your development of the plugin. I downloaded it, put the folder to my packages and can see the plugin being enabled in settings. However, how can I actually use it? There is no option to decrypt, nor a way/settings to leave my key anywhere. Possibly not working on Windows in the latest build?
And yes, people are right. PGP is highly needed, so I am quite glad you are working on it :heart: !

@enoversum Currently does not work on Windows. What do you normally use on Windows for PGP? I may target kbpgp as a fallback from GPG, but GPG is much faster than kbpgp.

@mbilker I actually only used PGP in conjunction with Gmail and a js extension to support encryption/decription right within Chrome, and this dates back a few years. My main client (Mailbird) until I started to use Nylas didn’t and will not have that option anytime soon, so I basically did not use PGP since quite a while…
Do I get it right that I would have to install something third-party in order to enable PGP in Nylas?

@enoversum No no. I need to reconfigure my plugin to accept storing keys for use with kbpgp.

@mbilker Okay, good to know. If you need help with any testing and the likes just let me know :wink: .

:+1: Looking forward to this feature. Then I'll be using Nylas 100%

Hey everyone-- thanks for your patience! Just wanted to give you a heads up that we are actively working on this. Coming very, very soon. 😄 🚀 🔒 🔑

@grinich Great to see this finally coming true! … Is it a new plugin or based on @mbilker 's work?

ho yes ! it's cool !

Release that and I will be paying for the pro version! :)

@grinich are you guys working with @mbilker and his GPG plugin? I'm sure he has some input.

@grinich That. Is. Awesome!
Any branch or plugin repo where we could see progress etc?

@alexanderadam Yes it was inspired by my work, but it is not based on mine, except for some of the Keybase stuff. It is available from https://github.com/nylas/N1/tree/wip/keybase/internal_packages/keybase.

Great to see this coming to fruition.

Very excited for this, Nylas has a lot of potential. I can see a day where it's got as much plugin support as Thunderbird. Another area worth exploring is plugins for the sync server itself.

Is this only PGP or also S/MIME?

@Info-Screen The official implementation is only PGP.

Hey folks! If you're interested in helping us user test the PGP + Keybase plugin we've been working on and live in the bay area, we'd love to hear from you:

https://docs.google.com/a/nylas.com/forms/d/1U7sZS2yLdSLlV-J__a97YqFFbCcO4nOVtf5JFFrzYO0

Hi everyone-- I'm delighted to announce that we shipped PGP support today in version 0.4.45! It even comes with a free Keybase invite. 😄 💯 🚀

Read more here: https://nylas.com/blog/pgp

We're actively working on signing messages as well as encrypting attachments. Please open new issues for those (and other) specific enhancements you'd like to see.

Thanks for your patience and support!

@grinich not support gpg-agent ? Hope you can add smart card support, adding private key to keybase is not safe at all

@grinich Congrats on the release, a huge selling point for me. Is there a reason why the released implementation is not compatible with GPGTools in Mac? It's a hassle to import every single contact. Is this in the near future?

It uses kbpgp. Does not interact with GPG.
On Wed, Jun 15, 2016 at 2:21 AM Miguel [email protected] wrote:

@grinich https://github.com/grinich Congrats on the release, a huge
selling point for me. Is there a reason why the released implementation is
not compatible with GPGTools in Mac? It's a hassle to import every single
contact. Is this in the near future?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/nylas/N1/issues/96#issuecomment-226098314, or mute
the thread
https://github.com/notifications/unsubscribe/ABNTbVhZ8sCuvnRi60yuOlTx9e8bph_Wks5qL5nvgaJpZM4GQuyR
.

That seems like an odd choice.. What's the motivation behind bypassing gpg-agent?

@morachimo @joostrijneveld Smarter key discovery and importing, including importing entire GPG keyrings, is definitely something we intend to add in the future.

We didn't build this plugin to be tightly coupled with GPG for a handful of reasons. First, it adds a layer of complexity for users, and this plugin's overriding design principle was simplicity. To be frank, I think that a lot of the user-interface difficulties mentioned in our PGP blog post that scare people away from encryption can be blamed on the GPG command line tools. Second, we didn't want to require users to install GPG or GPG4WIN or anything like that to use this plugin. Third, Keybase's kbpgp (the library we used, because we wanted its close coupling with Keybase) doesn't (as far as I know) integrate with GPG, probably because they have their own CLI.

@logandavis sure, kbpgp library does not integrate with gpg, but that shouldn't be the only choice, keybase client does support gpg, and since they are still alpha stage, how could kbpgp guarantee security ? I kind understand your choice to keep it simple, however the idea we using PGP are not for convenient. It's good to see Nylas bring a friendly pgp solution to everyone, hope you could also kindly concern add alternative way for decryption.