headers
santh12345 | 2 Nov 2011 07:01
Picon
Favicon

Dose G/pgp plugin perform clent to clent email encryption


sorry, if the question has been already answered....

i want to know whether openpgp plugin of squirrelmail perform clent to
client encryption (excluding the encryption done if ssl in used to connect
the client and server) like in hushmail..... or the encryption is performed
on the server on which squirrelmail is running.

i tried to find the answer through books and google but i failed... so i
have posted it here..

thanks in adv.

 
--

-- 
View this message in context: http://old.nabble.com/Dose-G-pgp-plugin-perform-clent-to-clent-email-encryption-tp32763632p32763632.html
Sent from the squirrelmail-plugins mailing list archive at Nabble.com.

------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
-----
squirrelmail-plugins mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-plugins <at> lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.plugins
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-plugins
(Continue reading)

Permalink | Reply |
headers
Tomas Kuliavas | 2 Nov 2011 18:17
Picon
Gravatar

Re: Dose G/pgp plugin perform clent to clent email encryption


santh12345 wrote:
> 
> 
> sorry, if the question has been already answered....
> 
> i want to know whether openpgp plugin of squirrelmail perform clent to
> client encryption (excluding the encryption done if ssl in used to connect
> the client and server) like in hushmail..... or the encryption is
> performed on the server on which squirrelmail is running.
> 
> i tried to find the answer through books and google but i failed... so i
> have posted it here..
> 
gpg plugin data is stored on webmail server and all actions are performed
there. It is not client side application, if your "client" is webmail user's
computer.

Quote from README.
-----
    The GPG Plugin for Squirrelmail is intended for most general-purpose
    'convenience' encryption needs.  If you are an average user of a
web-mail
    system, or if your system is maintained on a secured server that is not
    open to the public Internet, then the GPG Plugin can probably be of use
    to you in common encryption and decryption tasks. If you have truly
    stringent needs for encryption (like keeping governments or security
    experts out of your data), the GPG Plugin can still be useful, but it
    does not take the place of careful off-line key management.
-----
(Continue reading)

Permalink | Reply |
headers
Paul Lesniewski | 3 Nov 2011 03:05
Favicon

Re: Dose G/pgp plugin perform clent to clent email encryption

>> i want to know whether openpgp plugin of squirrelmail perform clent to
>> client encryption (excluding the encryption done if ssl in used to connect
>> the client and server) like in hushmail..... or the encryption is
>> performed on the server on which squirrelmail is running.

That depends what you mean by "client".  Remember that webmail client
software is executed primarily on the web server and the browser only
does a few menial tasks once the page is delivered to the user.  The
GPG plugin thus encrypts and decrypts data on the web server.  If
using SSL, the transmission of the plaintext to/from the user will be
encrypted of course.  Data in this scenario is reasonably protected
from casual prying eyes, but not anyone with administrative access to
the web server.

This is exactly the same as Hushmail's non-Java-based client as far as
I know.  I'm not sure you'll find an Open Source version of their
Java-based solution, but I wouldn't be surprised if there was
something out there that could be adapted.

However, you should note that Hushmail is seen as insecure because in
certain legal situations, they may be forced to turn over plaintext
data no matter if you're using the Java-based solution or not.  This
issue highlights the fact that privacy experts all along have stressed
that the ONLY way to ensure safe end-to-end encryption is to run GPG
on end user computers -- using something like Enigmail with
Thunderbird being one of the best examples of such.

So if you're looking for a "solution" that lets end users avoid the
hassles of managing their own encryption software, you need to
understand that there is no such solution that does not have certain
(Continue reading)

Permalink | Reply |

Gmane