Results 1 to 10 of 40

Thread: Zimbra Encryption Services

Hybrid View

  1. #1
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default Encryption Services for Zimbra

    One of the interesting pieces of functionality that I think Zimbra is missing is support for verified and secure communication.

    In particular there is very similar functionality needed for bugs: 9046 - S/MIME Support, 6158 - PGP Support, and 13108-Domain Key Supports and finally 17147 - OpenID. These bugs all revolve around identification/verification (in other words, signing and validation) and encryption/decryption.

    To solve all of these I have been working on "Encryption Services for Zimbra." In the best Zimbra fashion, the toolkit consists of a bit of open source magic (In particular the Bouncy Castle providers, the Cryptix libraries, and altermime) , some server glue (two server extensions to provide key server functionality) , and some javascript to allow users to encrypt/decrypt/sign/validate messages and files.

    The basic idea is that we want to allow the user to securely send email without compromising keys, and without using outside binaries. The user experience should be as simple as a "encrypt/decrypt" button and a "sign/validate" button. No other binaries should need to be installed, and a simple install script should be the only thing that needs to run.

    Administrators should be able to manage keys, and all of the usual "web of trust" functionality should be supported.

    The key server functionality is done. The server can encrypt/decrypt/sign/validate OpenPGP messages. The first part of the S/MIME functionality is done. I also did a quick proof of concept test against the domain keys implementation.


    What done so far?
    • Key creation/deletion with passphrase and arbitrary key length.
    • Key stores in armored ASCII and PKR/SKR work.
    • Key's can be signed to validate identity
    • RSA and El GAmel keys work.
    • Message encryption/decryption in armored ASCII works.
    • Binary encryption/decryption works.
    • There is a pretty good JUNIT testing framework for all of this.
    • Flatfile keystores work fine.
    • Key's can be imported from other keyservers.


    What still has to be done:
    • A lot of peer testing. This is one place where release early and release often is probably a bad idea. Obviously this code is extremely sensitive (it's encryption, duh), so I won't release code until some other java programmers take a whack at it.
    • The front ends are not done at all. The 5.0b1 release looks nigh, so I have been holding off for that.
    • The OpenID stuff hasn't been implemented yet.
    • It may make sense to hack together a quick altermime in java/zimbra aware. S/MIME support is very very primitive, and domainkeys will also need this.
    • I need help on key revocation in PGP.
    • Supporting get/post operations in the extensions would allow for easy encryption/decryption of other files.
    • At some point, supporting LDAP for public keys so we can act as a public key server would be great.


    My hope is that by the RC1 target of 5.0 this stuff will be bulletproof enough to do a 1.0 release. I can use all the help that is out there, in particular on the Javascript end of things (my JS sucks ;-) and on security review.
    Last edited by JoshuaPrismon; 06-08-2007 at 09:50 AM.

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Nice.

    Let us know if you need any help!

    -jh

  3. #3
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    Quote Originally Posted by jholder View Post
    Nice.

    Let us know if you need any help!

    -jh

    I could really use some experienced Java programmers to do a review of it. Outsidfe of that, I am working on a bug that seems to restrict the encrypted /decryption text to about 10mb.

  4. #4
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    You may just want to post it. I'm sure I can get someone on our end who understands what this "java" thing is, to look at it
    Last edited by jholder; 05-31-2007 at 09:21 PM.

  5. #5
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    Quote Originally Posted by jholder View Post
    You may just want to post it. I'm sure I can get someone on our end who understands what this "java" thing is, to look at it
    Sounds good. I am working on the MimeListeners right now to try and get as much of it auto encrypting/decrypting as possible (PGP works very well without it, but S/MIME really doesn't). As soon as I have that hurdle done (I hope today) I will release it publically, but with the proviso that it really isn't for production use right now.

  6. #6
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    I got a interesting question query today about GPG, and I wanted to mention some of the design trade offs that are in ZES versus FireGPG. Both will work with Zimbra. (or at least ZES will when I release it ;-)

    I actually started work looking at the FireGPG and GPG approach. I ended up ditching it (after writing most of it) for a few different reasons:

    • FireGPG actually requires PGP installed on the Windows/Linux client to work.I was hoping it was Javascript native, but no such luck. That being said, I am really skeptical of any approach that involves exposing the keys to the Browser. Fundamentally Browsers were meant to integrate information. Encryption is designed to hide it. Bad mix ;-)
    • FireGPG only supports OpenPGP. S/MIME is actually a more wide spread platform (Thunderbird and Outlook support it even though GPG has more users.
    • FireGPG doesn't encourage good key practices. And if your laptop goes, so goes your keys, unless you expose them over the network to copy them to a different machine, or leave them laying around.
    • The average PC can be hacked much more easily then a server. I'm decently sure it would be possible to hack a firefox extension that could snoop for your keys. Even worse, if the programmer didn't really know what he/she was doing (and I am not omniscient by any stretch of the imagination) it might even be possible to remotely expose keys over the Internet. That's a real scary situation.
    • You can't do real key management with this tool. If a employee leaves, and leaves large amount of encrypted data, a company should have a way ideally to recover the key. (That's a controversial statement, but more and more companies require/depend on encryption to do business). I am interested in how the community feels about this one.
    • At best it would only work with Firefox.
    • With a client side only implementation, you loose all of the Zimbra goodness like searching etc. I am a bit conflicted on this one, since Zimbra doesn't like the idea of mutable email messages once the message has been written to the store / sent via smtp. That means to be searchable, you have to grab it when it first comes in, and do the encryption/decryption there. Right now I have cacheable passphrases that let me do that, but a "decrypt always" policy will need to be enabled to make that preferment. Not to mention the headache of managing keys. I am sure there is a better way to do this.


    My original server side version used the PGP binaries, but it was rather brittle as well. Screen Scraping isn't a lot of fun ;-)


    All that being said, FirePGP is actually a pretty cool tool and it's one of the programs I am using for compatibility testing. I am using Thunderbird and Outlook as well to test S/MIME support.

    For you S/MIME experts out there. I understand that the Certs have to be provided on a user by user basis from a cert authority. What is the possibility of a domain running their own cert authority? Is there something like a SSL certificate that bridges between the CA and the end user so you don't have to go to the CA every time?

  7. #7
    Join Date
    Dec 2010
    Posts
    1
    Rep Power
    4

    Default Willing to be a tester

    I have many clients using Zimbra that would be certainly interested in being able to send secure email. I would be happy to assist with product testing.

Similar Threads

  1. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  2. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 02:30 PM
  3. Replies: 7
    Last Post: 01-24-2007, 10:03 PM
  4. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM
  5. Replies: 1
    Last Post: 11-23-2005, 12:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •