[wellylug] GPG Webmail

[JP]

 --- John C Barstow wrote: 
> For one of my projects I am looking to set up a
> secure webmail system
> (Debian testing/unstable if it matters).
> 
> My understanding so far is that I can generate GPG
> keys for new users
> and use the public keyring to encrypt mails.  My
> question is around
> decrypting; if it's webmail you typically don't want
> the private key on
> client computer, that implies server-side storage of
> some kind, with the
> web server somehow obtaining the private key and
> using it to decrypt.
> 
Sam's comments are good ones.

But ... if you have control over the webmail server or
can convince the owner (whom you trust) to install it,
the Squirrelmail webmail app supports GPG using a
plugin:

<http://www.squirrelmail.org/plugin_view.php?id=153>

Docs are in the downloadable tar.gz.  Seems your keys
are stored on the server, and you import them using
some secure http setup.

imp webmail apparently also supports GPG in its latest
incarnation, but I can't find documentation for it.

All said and done though, I can't help feeling this is
a little bit too risky.  Best option for security, but
worst for cost: laptop/PDA you carry round with you
for sending mail.

Cheers
Tony

________________________________________________________________________
Yahoo! India Matrimony: Find your partner online. http://yahoo.shaadi.com/india-matrimony/