Porting Enigmail to Firefox to enable GPG signing/encryption in webmail

This project will entail porting Enigmail to be used in Firefox for webmail applications.

Enigmail

Enigmail is an extension to the mail client of Mozilla/Netscape and Mozilla Thunderbird which allows users to access the authentication and encryption features provided by GnuPG. Some of it's features include:

  • Encrypt/sign mail when sending, decrypt/authenticate received mail
  • Support for inline-PGP (RFC 2440) and PGP/MIME (RFC 3156)
  • Per-Account based encryption and signing defaults
  • Per-Recipient rules for automated key selection, and enabling/disabling encryption and signing
  • OpenPGP key management interface

The current implementation of Enigmail is intended to be used only in stand-alone mail programs, which download their mail using POP or IMAP from a mail server. This project will expand on this functionality to make Enigmail into a Firefox extension, which will allow for the same functionality to be used with popular webmail clients such as Gmail, Hotmail and Yahoo! Mail.

Why? and Why Enigmail?

This functionality is needed or desired by many users. Many people use webmail sites to facilitate communication while traveling and store all messages centrally for all points of access. Some people have been unable to use webmail for reasons of security. Some are members of groups or organizations that rely on GPG signing to authenticate members to each other through email. Others are unwilling or unable to expose their communication to the possibility of intercept by third parties such as prying or oppressive institutions or governments. For whatever reason, security is needed, and until now that has denied users the ability to use webmail.

Some have suggested that a webmail provider should implement this service in their webmail client, therefore removing the need for the proposed Firefox extension. This solution is not viable however, as it would only work for verification of signed email. Sending of signed email and encrypting/decrypting email would not be possible without supplying the webmail provider with the user's private key and the private message, therefore defeating the purpose of the security. No user concerned with security will ever give their private key to a third party, no matter how seemingly trustworthy they are. This problem requires a client-based solution, in which the user's private key and all email processing are done locally, with only the results being submitted to the webmail provider.

Porting Enigmail to Firefox is an ideal solution to this situation. The code has already been developed, and is well-tested, for interoperating with the GnuPG program on the client's machine. The Firefox extension can integrate seamlessly with it, simply needing to read the email presented by the webmail application, verify/decrypt it using already existing Enigmail code, and present the result to the user.

Brief Biography

You can get a lot more information from my Resume (I will summarize some relevant parts below).

I am currently working on my Master's in Computing Science at Simon Fraser University. My work is focussed mostly on peer-to-peer networking, and especially on BitTorrent and BitTorrent-like applications. My current research involves running many copies of a modified BitTorrent client on the PlanetLab research testbed. My education has exposed me to many programming languages and a lot of programming experience in many diverse scenarios.

I am also a volunteer developer with the Debian project, which is how I came to need GPG. I have been a user since 2000, and have been a developer for more than a year now. I am currently the maintainer of 2 packages, TorrentFlux and libphp-adodb, and I also co-maintain the BitTornado bittorrent client. I am currently (and have been for 11 months) in the New Maintainer queue to become an official Debian Developer. This work requires me to collaborate with others, co-ordinating only over the Internet, to develop and package open source software.

In terms of the skills required to complete this project, I believe I am well-suited for it. I have a lot of programming experience, both through my education and my open source work. I have already looked at the code for the Enigmail extension, and I believe the work will mainly focus on Javascript programming (the GnuPG interactions are already complete, and the XUL looks to be fairly simple). Though not my strongest language, I have had some experience with Javascript, including two modifications I have submitted to the TorrentFlux community (one adds Ajax functionality, the other is a simple countdown timer). Also, having had a lot of experience with a large number of programming languages, I find that I can pick up new languages very quickly when i need to, so I don't anticiapte any problems with this project. In my preliminary evaluation of the code, I have already been able to modify the extension to install in Firefox, and gotten some of the menus and preferences to work.

Related Work

This has been attempted before. In fact, I was able to find a Google Summer of Code project application for GPGreasemonkey (link is to the google cache as the page no longer exists) in 2006 by Kerry McKay and mentored by The Schmoo Group. That proposal was quite different, as it involved using the Greasemonkey extension, and creating a script to encrypt/decrypt email messages. This implementation would be harder to realize, as the code would have to be created from scratch rather than relying on a well-developed code base. There is also no mention of how the script will interoperate with GnuPG, and where sensitive data will be stored. The functionality would also be limited by the features made available from the Greasemonkey, as opposed to creating a standalone extension that can access the full functionality of the Firefox extension system. I don't believe the proposal was accepted, but in any case there's no trace of it being available for use today.

Hushmail provides a similar service to customers, including the use of PGP for encryption and signing through webmail. However, they don't allow a customer to retrieve or secure their private key from Hushmail. They also require all users to use their key server, and to upload any non-Hushmail public keys to their server (including a confirmation email to the recipient) in order to encrypt emails to them. These changes break with the PGP model in which private keys are kept private, while public keys are freely exchanged by public keyservers to allow for seamless integration with users of any email client or service.

There are other ways around the problem, but none provides a comprehensive solution. For example, some webmail service providers (such as Gmail) include the ability to use POP to download/send messages. The POP service can then be used to send and receive signed/encrypted mail, while the webmail service can be used for unsigned/unencrypted communication. This solution is not ideal though, as it leads to a fracturing of the users email, with the signed/encrypted mail being unverifiable/unreadable in webmail, thus defeating the purpose of using the webmail service.

The Plan

A mentor has already been found for this project. The lead developer of the Enigmail extension, Patrick Brunschwig, has graciously agreed to mentor the project. He has maintained Enigmail for 5 years, is active in the Mozilla community, and presented a talk at this year's FOSDEM on behalf of Mozilla.

Most of the code needed to communicate with the GnuPG application already exists in the Enigmail extension for Thunderbird. This code will all be reused, thus allowing any future updates to be easy and instantly available in both extension types.

A goal-oriented development plan for the porting to Firefox (the numbers in brackets show the anticipated number of weeks each should take to finish):

  1. (0) Modify the extension to install in Firefox (already complete)
  2. (2) Become very familiar with a standard webmail application (probably Gmail)
  3. (1) Verify signed messages using a toolbar button
  4. (1) Decrypt messages using a toolbar button
  5. (1) Automate the identification, verification and decryption of messages
  6. (1) Sign outgoing messages
  7. (2) Encrypt outgoing messages (complicated as the server can't be allowed to see the unencrypted version)
  8. (2) Modify all functionality to work in other webmail clients
  9. (1) Add per-recipient rules
  10. (?) Add support for PGP/MIME style messages (may not be possible)

I believe (and Patrick agrees) that all but the last of these goals can be accomplished within the timeframe of the Google Summer of Code. A rough schedule for each goal is shown, leading to a total completion time of approximately 11 weeks. This schedule is agressive, and therefore allows for some slippage to occur due to unanticipated difficulties or unforeseen circumstances, or additional time to be spent on the last goal or other features.