In particular there is very similar functionality needed for bugs: 9046 - S/MIME Support, 6158 - PGP Support, and 13108-Domain Key Supports and finally 17147 - OpenID. These bugs all revolve around identification/verification (in other words, signing and validation) and encryption/decryption.
The basic idea is that we want to allow the user to securely send email without compromising keys, and without using outside binaries. The user experience should be as simple as a "encrypt/decrypt" button and a "sign/validate" button. No other binaries should need to be installed, and a simple install script should be the only thing that needs to run.
Administrators should be able to manage keys, and all of the usual "web of trust" functionality should be supported.
The key server functionality is done. The server can encrypt/decrypt/sign/validate OpenPGP messages. The first part of the S/MIME functionality is done. I also did a quick proof of concept test against the domain keys implementation.
What done so far?
- Key creation/deletion with passphrase and arbitrary key length.
- Key stores in armored ASCII and PKR/SKR work.
- Key's can be signed to validate identity
- RSA and El GAmel keys work.
- Message encryption/decryption in armored ASCII works.
- Binary encryption/decryption works.
- There is a pretty good JUNIT testing framework for all of this.
- Flatfile keystores work fine.
- Key's can be imported from other keyservers.
What still has to be done:
- A lot of peer testing. This is one place where release early and release often is probably a bad idea. Obviously this code is extremely sensitive (it's encryption, duh), so I won't release code until some other java programmers take a whack at it.
- The front ends are not done at all. The 5.0b1 release looks nigh, so I have been holding off for that.
- The OpenID stuff hasn't been implemented yet.
- It may make sense to hack together a quick altermime in java/zimbra aware. S/MIME support is very very primitive, and domainkeys will also need this.
- I need help on key revocation in PGP.
- Supporting get/post operations in the extensions would allow for easy encryption/decryption of other files.
- At some point, supporting LDAP for public keys so we can act as a public key server would be great.