Sen:te - GPGMail

	GPGMail

PGP for Mail.app/MailViewer.app

GPGMail is a plug-in for Mail.app (on MacOS X) and MailViewer.app (on MacOS X Server 1.x), providing a front-end to gpg for some operations.

GPGMail extends Apple's Mail/MailViewer application and allows you to read and send PGP authenticated and/or encrypted messages. You can use GPGMail for plain and MIME messages, following RFC 3156.

GPGMail does not contain any encryption code: it is a client to gpg executable.

GPGMail is a complete hack, relying on Mail/MailViewer private internal API. Use it at your own risks!

NEW! (Nov 22nd, 2001) GPGMail Release 0.5.2 (v13) is currently available.

Information on this page includes:

Features
Requirements
License
Feedback
Release Notes
Download
Installation
References

Features

Once started, Mail.app/MailViewer.app has a new submenu, PGP, in its Message menu, containing 4 items:

Decrypt
Authenticate
Encrypt New Message
Sign New Message

Mail.app/MailViewer.app also has a new Preferences panel in which you can set:

your PGP Identity (aka userID)
some other options like auto-decryption, auto-authentication, passphrase caching, etc.

In the Compose window, you can also add two toolbar items (by customizing the toolbar, on MacOS X), or display two popup buttons (on MacOS X Server 1.x), to set the encryption (on/off) and add or not your PGP signature; you can also use menu items PGP/Encrypt New Message and PGP/Sign New Message. When you compose a new message, you can sign it (you will be asked for your identity passphrase), and/or you can encrypt it.

When you browse through message, GPGMail can operate automatically, or on-demand. In automatic mode, it tries to authenticate or decrypt the currently selected message; in manuel mode, you click on a button/menu to decrypt or authenticate the currently selected message.

Encryption/decryption of plain text and MIME messages works. Note that there is a hidden userDefault, GPGEncryptsToSelf, which allows you to not encrypt messages with your key: by default it is set to YES, allowing you to re-read encrypted sent messages.

If you allow passphrase caching, passphrase is stored in cache during a small amount of time: if it has not been used during this time, cache is cleared.

On MacOS X Server 1.x, GPGMail also automatically launches egd.pl, the Entropy Gathering Daemon needed by gpg. On MacOS X 10.1.x, gpg doesn't need this; it uses /dev/random.

Current limitations

GPGMail accepts only one personal PGP key.
GPGMail always uses your default identity and all message receivers addresses as recipients for encryption (To and CC. For security considerations, BCC recipients are not taken in account).
GPGMail does not support PGP keys distribution (following RFC 3156)
GPGMail does not support S/MIME
GPGMail encrypts/signs the whole message, and can decrypt/verify only the whole message. You can not choose which part you want to encrypt.
GPGMail does not support for RFC 1847 encapsulation
Encryption operation cannot be interrupted
You cannot send encrypted messages with BCC recipients.
You cannot forward encrypted messages: encrypted message is used. You need to copy decrypted message into new message.
If Mail cannot deliver the message immediately, it postpones delivery but doesn't prevents you from modifying the message; do NOT modify a signed or encrypted message!!!

Requirements

You need either MacOS X 10.1.x or MacOS X Server 1.x; GPGMail will not work as-is on other OS versions, because the internals of Mail.app changes on every revision...

You need a gpg version >= 1.0.6.

For MacOS X, You can use MacGPG distribution, available at http://ftp1.sourceforge.net/macgpg/ezgpg1.0.6r3.tar.gz

For MacOS X Server 1.x, you will need to compile and install gnupg 1.0.6 (the version I tested) with egd.pl 0.8, modified by some patches. See GPGInstall.txt file (also coming with distribution).

gpg and egd.pl executables are expected to be located in /usr/local/bin/ and entropy in ~/.gnupg/entropy. The locations can be modified using user defaults; see GPGMailBundle.defaults file.

License

Stéphane Corthésy makes this software available for anyone to use, under the terms of this Open Source License.

GPGMail is ©copyright 2000-2001 Stéphane Corthésy. I reserve all rights to this piece of software. I take no responsibility for any damage this software, through omission or error, might cause. This software is provided as is and with no warranty.

Feedback

As usual, I welcome feedback on this piece of code. If you have bug reports, suggestions or, even better, patches for GPGMail, please send an e-mail to gpgmail@sente.ch

If you like it, tell it to me, and to Apple, this way they will (perhaps...) help me to port it to future MacOS X releases.

Release Notes

NEW! (Nov 22nd, 2001) GPGMail Release 0.5.2 (v??) is currently available.

Ported to MacOS X 10.1.x
Corrected problems with character sets
Added keyboard shortcuts
Now needs gpg version >= 1.0.6
No version for MacOS X Server 1.x (will be back in the next release!)

(Sep 8th, 2001) GPGMail Release 0.5.1 (v8):

Ported to MacOS X 10.0.4
Corrected bugs in the application of RFC 3156
Corrected lots of other bugs

(Feb 7th, 2001) GPGMail Release 0.5 (v4): initial release, for MacOS X Server 1.x and MacOS X Public Beta.

Known bugs

Decryption fails if message was also signed and signer key is not available.
Toolbar buttons are sometimes duplicated, when you have multiple viewers.
Toolbar buttons are sometimes lost or moved.
When customizing Compose toolbar, toolbar button states are not up-to-date.
(MacOS X Server 1.x only) GPGMail fails to decrypt twice in-a-row the same MIME message.
It may happen that Mail.app/MailViewer.app displays PGP signatures using non-ASCII characters, but GPGMail never creates non-ASCII signatures/encrypted messages; this is a display problem.
In some circumstances, GPGMail is unable to decrypt MIME messages if your secret keyring contains more than one key.
Appearance of encrypted mail attachments changes over time.
Annoying logs in console about toolbar items

Future developments

Add contextual menu
Use a sheet when asking for passphrase
Add full compliance with RFC 3156
Better filtering of gpg error messages by using GPGME
Add support for multiple PGP identities
Allow recipients choice
Use KeyChain Manager (MacOS X only)
Customize display of signed/encrypted message
Add support for BCC recipients
Add support for partial encryption/signature (not the whole message)
Full multithreading of encryption/decryption
Add support for S/MIME
Localize it in different languages (any volunteer?)
Allow decrypted message forwarding
[ADD YOUR REQUIREMENTS HERE]

Download

The source code for GPGMail can be downloaded from our FTP site, either in .DMG format or in GZIP compressed TAR files that can be decoded with the command gnutar xf filename or using Scott Anguish's excellent OpenUp.app; don't use StuffIt, as some versions may fail to open correctly the archive. You need Apple's Cocoa/YellowBox development environment, on MacOS X or MacOS X Server 1.x to compile the sources.


Source code	(.tgz) or (.dmg)	GPGMail-s.tgz or GPGMail-s.dmg
MacOS X plug-in		GPGMail-MOX-b.dmg
MacOS X Server 1.x plug-in (0.5.1v8)		GPGMail-MOXS-b.tgz
MacOS X Server 1.x patch for `gnupg`		gpg-1.0.6-MOXS-patch.tgz
MacOS X Server 1.x patch for `egd.pl`		egd-0.8-MOXS-patch.tgz