Results 21 to 30 of 40

Thread: Zimbra Encryption Services

Threaded View

  1. #1
    Join Date
    Nov 2005
    Rep Power

    Default Encryption Services for Zimbra

    One of the interesting pieces of functionality that I think Zimbra is missing is support for verified and secure communication.

    In particular there is very similar functionality needed for bugs: 9046 - S/MIME Support, 6158 - PGP Support, and 13108-Domain Key Supports and finally 17147 - OpenID. These bugs all revolve around identification/verification (in other words, signing and validation) and encryption/decryption.

    To solve all of these I have been working on "Encryption Services for Zimbra." In the best Zimbra fashion, the toolkit consists of a bit of open source magic (In particular the Bouncy Castle providers, the Cryptix libraries, and altermime) , some server glue (two server extensions to provide key server functionality) , and some javascript to allow users to encrypt/decrypt/sign/validate messages and files.

    The basic idea is that we want to allow the user to securely send email without compromising keys, and without using outside binaries. The user experience should be as simple as a "encrypt/decrypt" button and a "sign/validate" button. No other binaries should need to be installed, and a simple install script should be the only thing that needs to run.

    Administrators should be able to manage keys, and all of the usual "web of trust" functionality should be supported.

    The key server functionality is done. The server can encrypt/decrypt/sign/validate OpenPGP messages. The first part of the S/MIME functionality is done. I also did a quick proof of concept test against the domain keys implementation.

    What done so far?
    • Key creation/deletion with passphrase and arbitrary key length.
    • Key stores in armored ASCII and PKR/SKR work.
    • Key's can be signed to validate identity
    • RSA and El GAmel keys work.
    • Message encryption/decryption in armored ASCII works.
    • Binary encryption/decryption works.
    • There is a pretty good JUNIT testing framework for all of this.
    • Flatfile keystores work fine.
    • Key's can be imported from other keyservers.

    What still has to be done:
    • A lot of peer testing. This is one place where release early and release often is probably a bad idea. Obviously this code is extremely sensitive (it's encryption, duh), so I won't release code until some other java programmers take a whack at it.
    • The front ends are not done at all. The 5.0b1 release looks nigh, so I have been holding off for that.
    • The OpenID stuff hasn't been implemented yet.
    • It may make sense to hack together a quick altermime in java/zimbra aware. S/MIME support is very very primitive, and domainkeys will also need this.
    • I need help on key revocation in PGP.
    • Supporting get/post operations in the extensions would allow for easy encryption/decryption of other files.
    • At some point, supporting LDAP for public keys so we can act as a public key server would be great.

    My hope is that by the RC1 target of 5.0 this stuff will be bulletproof enough to do a 1.0 release. I can use all the help that is out there, in particular on the Javascript end of things (my JS sucks ;-) and on security review.
    Last edited by JoshuaPrismon; 06-08-2007 at 09:50 AM.

Similar Threads

  1. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  2. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 02:30 PM
  3. Replies: 7
    Last Post: 01-24-2007, 10:03 PM
  4. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM
  5. Replies: 1
    Last Post: 11-23-2005, 12:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts