Please don't use this plugin for anything real yet, it has never been reviewed. Unless you're experimenting you should use something that works and has been reviewed. Also read What’s wrong with in-browser cryptography? and Javascript Cryptography Considered Harmful.
Roundcube OpenPGP is an open source (GPLv2) extension adding OpenPGP support to the Roundcube webmail project. Roundcube OpenPGP is written with the intention to be as user friendly as possible for everyday PGP use. See Why do you need PGP?, Encrypted email, OpenPGP.js and Roundcube for more info.
- e-mail OpenPGP signing and verification
- e-mail OpenPGP encryption and decryption
- key storage (HTML5 local storage)
- key pair generation
- key lookups against PGP Secure Key Servers
- Copy plugin to 'plugins' folder
- Add 'roundcube_openpgp' to the $config['plugins'] array in your Roundcube config (config/config.inc.php)
- Copy 'config.inc.php.dist' to 'config.inc.php' and configure the plugin or keep the defaults
Note that in order to use this plugin your browsers needs to support window.crypto.getRandomValues.
First import your public and private key (if you do not have a key pair, generate one first)
When sending emails you can choose if you want to sign and / or encrypt the message. To encrypt a message you have to have the public keys of the receipients of the message in the key mamager. If this is not the case import them into the key manager or use the key search to import them. For signing the email your private key is needed, if you have multiple private keys you will be prompted to choose one before sending.
For receiving messages it is the other way around, to decrypt an encrypted message you need your private key. For verifying the signature of the message you need the public key of the sender.
The keys are stored client side using HTML5 local storage. Private keys are never transferred from the user's local storage. Private and public keys can be exported from the web storage and be used outside of Roundcube and equally externally generated keys can be imported and used inside Roundcube.
Public keys can be imported from PGP Secure Key Servers, i.e. pool.sks-keyservers.net and any other Public Key Server which follows the OpenPGP HTTP Keyserver Protocol (HKP), i.e pgp.mit.edu.
For any bug reports or feature requests please refer to the tracking system.