Difference between revisions of "OpenPGP Zimlet"
(→Overview) |
(→OpenPGP Zimlet Setup Guide) |
||
(10 intermediate revisions by 2 users not shown) | |||
Line 7: | Line 7: | ||
*''What is a '''Zimlet'''?'' - Zimlets are add-on features to your Zimbra email found in your Zimbra's Preferences tab under "Zimlets" They enhance the functionality of your Zimbra client. | *''What is a '''Zimlet'''?'' - Zimlets are add-on features to your Zimbra email found in your Zimbra's Preferences tab under "Zimlets" They enhance the functionality of your Zimbra client. | ||
*''What is '''PGP/OpenPGP'''?'' - PGP stands for "'''P'''retty '''G'''ood '''P'''rivacy". It is an encryption method shared between two people that have exchanged public and private keys to one another. OpenPGP is a PGP standard using the PGP security software of version 5.x+ as a basis. | *''What is '''PGP/OpenPGP'''?'' - PGP stands for "'''P'''retty '''G'''ood '''P'''rivacy". It is an encryption method shared between two people that have exchanged public and private keys to one another. OpenPGP is a PGP standard using the PGP security software of version 5.x+ as a basis. | ||
− | *''What is a '''Public/Private Key | + | *''What is a '''Public/Private Key'''?'' - Both Public and Private keys are two unique cryptographic keys that work together to both encrypt and decrypt information, in this case, in plain text. |
<span style="color:red"> '''Note:''' </span> Your '''public''' key may be shared with ''others'', while your '''private''' key remains ''secret'' to yourself and your Zimbra OpenPGP Zimlet! | <span style="color:red"> '''Note:''' </span> Your '''public''' key may be shared with ''others'', while your '''private''' key remains ''secret'' to yourself and your Zimbra OpenPGP Zimlet! | ||
+ | *''What email applications support '''Encryption'''?'' Most modern email and webmail applications can support PGP key encryption technology including Zimbra webmail, Microsoft Outlook, Thunderbird, and more. | ||
− | |||
===How It All Works=== | ===How It All Works=== | ||
Line 16: | Line 16: | ||
By creating a message that is encrypted with the OpenPGP Zimlet, only recipients with a matching private key are able to decrypt and read your email. The OpenPGP Zimlet makes this process as simple as clicking a few buttons. After composing your email, you may click the "Encrypt Message" option. | By creating a message that is encrypted with the OpenPGP Zimlet, only recipients with a matching private key are able to decrypt and read your email. The OpenPGP Zimlet makes this process as simple as clicking a few buttons. After composing your email, you may click the "Encrypt Message" option. | ||
− | <span style="color:red"> '''Note:''' </span> | + | <span style="color:red"> '''Note:''' </span> Only '''Plain Text''' in the message body is encrypted. This Zimlet automatically converts messages to plain text when you click "Encrypt message." |
[[File:Email-encryption-graphic.png]] | [[File:Email-encryption-graphic.png]] | ||
Line 52: | Line 52: | ||
[[File:Sendsomeonekey.png]] | [[File:Sendsomeonekey.png]] | ||
− | 2. To receive a public key from someone, they will need to send you their key. You will receive an email with a message similar to the picture below: | + | 2. To receive a public key from someone, they will commonly need to send you their key. You will receive an email with a message similar to the picture below: |
[[File:Receivedkey.png|500px]] | [[File:Receivedkey.png|500px]] | ||
− | |||
===Auto Decrypt=== | ===Auto Decrypt=== | ||
Line 65: | Line 64: | ||
===How to Send Encrypted Messages with OpenPGP=== | ===How to Send Encrypted Messages with OpenPGP=== | ||
-------------------------- | -------------------------- | ||
− | 1. | + | 1. Compose the body of your message followed by clicking '''"Encrypt Message"'''. |
*<span style="color:red"> '''Note:''' </span> '''All messages must have the body formatted in plain text'''. | *<span style="color:red"> '''Note:''' </span> '''All messages must have the body formatted in plain text'''. | ||
Line 71: | Line 70: | ||
2. Once you have finished, and have clicked '''"Encrypt Message"''' you will receive a confirmation window. | 2. Once you have finished, and have clicked '''"Encrypt Message"''' you will receive a confirmation window. | ||
+ | * <span style="color:red"> '''Note:''' </span> If you are sending to multiple recipients, you will need to use CTRL+Left Click to select multiple addresses. Use CMD+click on Mac. | ||
[[File:Finishingmessage.png|500px]] | [[File:Finishingmessage.png|500px]] | ||
+ | * <span style="color:red"> '''Note:''' </span> It is important to add your attachments during this screen, or else they will not be encrypted. | ||
3. The body of your message will be encrypted and encoded as base64. You may now send the message to the desired recipients. | 3. The body of your message will be encrypted and encoded as base64. You may now send the message to the desired recipients. | ||
Line 117: | Line 118: | ||
With that said, please note that the OpenPGP Zimlet does NOT store your private key on our servers. If you choose to "store" your private key, it will be stored <em>in your browser, <b>not on our servers</b></em>. It is stored with AES-256 encryption. If you choose to store the passphrase to your key, that passphrase can be stored either on our servers or in your browser's local storage. If you store your passphrase, it is potentially possible for somebody with access to your computer to acquire your unencrypted private key. | With that said, please note that the OpenPGP Zimlet does NOT store your private key on our servers. If you choose to "store" your private key, it will be stored <em>in your browser, <b>not on our servers</b></em>. It is stored with AES-256 encryption. If you choose to store the passphrase to your key, that passphrase can be stored either on our servers or in your browser's local storage. If you store your passphrase, it is potentially possible for somebody with access to your computer to acquire your unencrypted private key. | ||
− | You can also choose to store nothing, providing your private key manually every time you need to sign or encrypt a message. | + | You can also choose to store nothing, providing your private key and passphrase manually every time you need to sign or encrypt a message. |
We recommend storing your key, but not your passphrase, in your browser. This provides a good balance between security and convenience. | We recommend storing your key, but not your passphrase, in your browser. This provides a good balance between security and convenience. | ||
Line 125: | Line 126: | ||
Those using the Zimbra Desktop application this Zimlet is not compatible for install. You will need to log in to your webmail to utilize this Zimlet. | Those using the Zimbra Desktop application this Zimlet is not compatible for install. You will need to log in to your webmail to utilize this Zimlet. | ||
+ | |||
+ | ===Special Thanks=== | ||
+ | ------------------------- | ||
+ | We want to thank Barry DeGraaff for creating the [https://www.zimbra.org/extend/items/view/zimbra-openpgp-zimlet OpenPGP zimlet] and the [https://www.zimbra.org/extend/users/view/zetalliance Zetalliance] for their on-going contributions to the Zimbra platform. | ||
+ | |||
+ | https://github.com/Zimbra-Community/pgp-zimlet/wiki | ||
[[Category:Zimbra]] | [[Category:Zimbra]] | ||
[[Category:Zimlet]] | [[Category:Zimlet]] |
Latest revision as of 16:57, 8 November 2016
Contents
- 1 Overview
- 1.1 How It All Works
- 1.2 OpenPGP Zimlet Setup Guide
- 1.3 How to Send and Receive Public Keys
- 1.4 Auto Decrypt
- 1.5 How to Send Encrypted Messages with OpenPGP
- 1.6 Managing your contacts Public Keys
- 1.7 Importing your own PGP Private Key to OpenPGP
- 1.8 Supported Formats of OpenPGP
- 1.9 About Private Key Security
- 1.10 Zimbra Desktop
- 1.11 Special Thanks
Overview
The OpenPGP Zimlet allows XMission's Zimbra webmail to encrypt and sign email messages.
OpenPGP encryption prevents your messages from being opened by anyone other than the intended recipient. It will prevents your message from being altered or changed by anyone other than yourself, maintaining the authenticity of your content.
- What is a Zimlet? - Zimlets are add-on features to your Zimbra email found in your Zimbra's Preferences tab under "Zimlets" They enhance the functionality of your Zimbra client.
- What is PGP/OpenPGP? - PGP stands for "Pretty Good Privacy". It is an encryption method shared between two people that have exchanged public and private keys to one another. OpenPGP is a PGP standard using the PGP security software of version 5.x+ as a basis.
- What is a Public/Private Key? - Both Public and Private keys are two unique cryptographic keys that work together to both encrypt and decrypt information, in this case, in plain text.
Note: Your public key may be shared with others, while your private key remains secret to yourself and your Zimbra OpenPGP Zimlet!
- What email applications support Encryption? Most modern email and webmail applications can support PGP key encryption technology including Zimbra webmail, Microsoft Outlook, Thunderbird, and more.
How It All Works
By creating a message that is encrypted with the OpenPGP Zimlet, only recipients with a matching private key are able to decrypt and read your email. The OpenPGP Zimlet makes this process as simple as clicking a few buttons. After composing your email, you may click the "Encrypt Message" option.
Note: Only Plain Text in the message body is encrypted. This Zimlet automatically converts messages to plain text when you click "Encrypt message."
OpenPGP Zimlet Setup Guide
1. Open your Preferences in Zimbra.
2. Navigate to "Zimlets".
3. Check the box for "OpenPGP".
4. Return to your "Mail" tab and expand the "Zimlets" options to find "OpenPGP".
5. Right click on OpenPGP and select "Generate Key Pair".
6. After generating your Key Pair, it will look similar to the message below:
How to Send and Receive Public Keys
1. To send a public key, simply right click the OpenPGP zimlet under the "Zimlets" windows and select "Send someone my public key".
2. To receive a public key from someone, they will commonly need to send you their key. You will receive an email with a message similar to the picture below:
Auto Decrypt
- You can enable/disable the "Auto decrypt" option, inside the "Manage Keys" menu.
How to Send Encrypted Messages with OpenPGP
1. Compose the body of your message followed by clicking "Encrypt Message".
- Note: All messages must have the body formatted in plain text.
2. Once you have finished, and have clicked "Encrypt Message" you will receive a confirmation window.
- Note: If you are sending to multiple recipients, you will need to use CTRL+Left Click to select multiple addresses. Use CMD+click on Mac.
- Note: It is important to add your attachments during this screen, or else they will not be encrypted.
3. The body of your message will be encrypted and encoded as base64. You may now send the message to the desired recipients.
Managing your contacts Public Keys
When you accept public keys, the OpenPGP Zimlet automatically adds them to your "Managed Keys" under the "Public Keys" section. This is unique to the user that sent them.
Importing your own PGP Private Key to OpenPGP
If you already have your own PGP Private Key, you can simply paste your key into the Private Key field inside the "Manage Keys" section of the OpenPGP zimlet.
Supported Formats of OpenPGP
Sending Messages
- Inline-PGP encrypted messages with full UTF-8 support in text/plain format
- Inline-PGP clear signed messages with full UTF-8 support in text/plain format
- Inline-PGP encrypted attachments
Receiving Messages
- Inline-PGP encrypted messages with full UTF-8 support in text/plain format
- Inline-PGP clear signed messages with full UTF-8 support in text/plain format
- Inline-PGP encrypted attachments
- PGP/MIME messages with body parts text/plain
- PGP/MIME messages with body parts text/html will be converted to text
- PGP/MIME messages with parts that use transfer encoding base64 and quoted-printable and charset UTF-8
- PGP/MIME encrypted attachments
About Private Key Security
It is important to keep your private key secure when using public key cryptography methods such as such as PGP. You should not share your private key with anyone under any circumstances.
With that said, please note that the OpenPGP Zimlet does NOT store your private key on our servers. If you choose to "store" your private key, it will be stored in your browser, not on our servers. It is stored with AES-256 encryption. If you choose to store the passphrase to your key, that passphrase can be stored either on our servers or in your browser's local storage. If you store your passphrase, it is potentially possible for somebody with access to your computer to acquire your unencrypted private key.
You can also choose to store nothing, providing your private key and passphrase manually every time you need to sign or encrypt a message.
We recommend storing your key, but not your passphrase, in your browser. This provides a good balance between security and convenience.
Zimbra Desktop
Those using the Zimbra Desktop application this Zimlet is not compatible for install. You will need to log in to your webmail to utilize this Zimlet.
Special Thanks
We want to thank Barry DeGraaff for creating the OpenPGP zimlet and the Zetalliance for their on-going contributions to the Zimbra platform.