About  |  Documentation  |  Downloads  |  Plugins  |  Contribs  |  Project Site

NaSMail GPG plugin

This plugin is based on SquirrelMail GPG plugin. It was ported to NaSMail in order to clean the code and improve integration with NaSMail scripts.

Plugin allows to encrypt, sign, and decrypt messages in accordance with the OpenPGP standard for email security and authentication.

Please note that SquirrelMail GPG plugin developers don't maintain this plugin version and plugin can have issues specific only to this package. Don't report errors on SquirrelMail GPG bugzilla unless you can reproduce same error in standard SquirrelMail packages and standard SquirrelMail GPG plugin.

Requirements

• NaSMail v.1.4 or later. NaSMail 1.3 can be used, if compatibility 1.6 plugin is installed.
• PHP v.4.3 or later
• Program execution rights in PHP
• GnuPG v.1.2 or later.
• PHPUnit library is used in tests

2.1 version (2007-12-09)

WARNING: Plugin differs from standard SquirrelMail GPG plugin and does not manipulate error_reporting level. If something breaks and you have display_errors turned on, it might cause fatal script errors. If you see PHP notices in your error logs, report them on NaSMail bug tracker.

KNOWN ISSUE: If you have bigger keyrings, it is strongly recommended to increase PHP memory_limit or use some PHP cache/optimizer. Key listing is not optimized and can silently fail, if scripts hit memory limits. You can use NaSMail test plugin to check your peak memory usage.

Changelog:

• Removed $GPG_VERSION and gpg_options_header.mod.
• Fixed issues with unsigned 2^31+ integers in message ids.
• Removed NaSMail sort argument from requests.
• Adjusted gpg_import_link() formating to match standard read_body_header hook output format.

Download nasmail_plugin_gpg-2.1.nsm-1.4.tar.gz (md5sum: 678ecd891e9a94adb68cdd3d56afca43)

2.1.rc2 version (2007-11-04)

WARNING: This plugin version is outdated. If you have issues with this plugin version, make sure that you can reproduce them in newer plugin versions.

Security Issues

This plugin release fixes multiple GPG plugin security issues. We don't have information about remote execution issues disclosed by Stefan Esser in CVE-2007-3636, but we suspect that these issues should be fixed in this plugin release. Release also fixes some remote XSS issues.

Changelog:

• Fixed display of OpenPGP options (broken in rc1).
• Combined some translations.
• Reduced overhead of file deletion operations.
• Removed duplicate temp files handling functions from GPG class.
• Fixed format of OTP values used in password caching functions.
• Personal preferences moved to widgets.
• Plugin strings use PGP term instead of GPG and does not indicate that PGP options are provided by plugin.
• Reduced memory footprint in message parsing. Attachment signature tests are limited to 4KB. Thanks to Ramiro Mora for report.
• Fixed deprecated use of implode() function.
• Combined gpg_section_header() and gpg_page_title() functions.
• Two download_entity() function declarations moved to single gpg_download_entity() function.
• Fixed display of key information (broken in rc1).
• Fixed verification of PGP/MIME signatures.
• Boolean configuration options are parsed as booleans and not as 'false'/'true' strings.
• Use '--display-charset utf-8 --utf8-strings' in order to force utf-8 output and indicate utf-8 inputs.
• Filter unknown signatures in key listing. Reduces memory footprint in larger cross-signed keyrings.
• Keys are emailed as application/pgp-keys attachments.
• Reduced number of GPG --homedir calculations.
• Centralized sanitizing of system keyring arguments.
• Removed gpg_recv_key() function. Use GnuPG::importKey_server.
• Added GnuPG::searchKey_server method.
• Removed unused keyring.php functions.
• Disabled debug calls in GnuPG class.
• Allow to import public PGP keys from application/pgp-keys attachments.
• Restored no_signing_passwd functions. Not enabled by default in system configuration.
• Rewrote action controls in key management page. Removed unused actions.
• Added no_mdc_warning option.
• Removed systemsign_on_send, systemencrypt_on_send, systemparse_openpgp_header and systemgenerate_openpgp_header options.

Download nasmail_plugin_gpg-2.1.nsm-rc2-1.3.tar.gz (md5sum: 4151ac4a4716d6ec82b735d0fc160899)

2.1.rc1 version

WARNING: This plugin version is outdated. If you have issues with this plugin version, make sure that you can reproduce them in newer plugin versions.

Changelog:

• Plugin ported to NaSMail.
• Changed script layout in order to reduce SM_PATH tests.
• Code cleanup.
• Delay in GnuPG::readStatus reduced from 10 seconds to 10 miliseconds.
• GnuPG::writeData reads status only when all chunks are written.
• Removed debugging calls from all code except gpg classes. Removed debug configuration option.
• Removed PHP error_reporting manipulations.
• Centralized configuration loading.
• Fixed detection of unknown keys. Added search link for unknown keys.
• Allow search of OpenPGP ID without 0x prefix.
• Listing uses NaSMail show_num setting instead of hardcoded $chunkSize.
• Added alternating row colors support.
• Boolean user preferences modified to use SMPREF_ON/SMPREF_OFF instead of 'true'/'false' strings.
• Use gpg/ subdirectory in $attachment_dir for attachment encoding.

Download nasmail_plugin_gpg-2.1.rc1-1.3.tar.gz (md5sum: dfa7560d25fce4d20f630a9f09d3a4f0)