Zimbra OpenPGP Zimlet

By: zetalliance

Zimbra OpenPGP Zimlet

This Zimlet is deprecated and will not be supported on Zimbra versions beyond 9.0

User manual: https://zetalliance.org/pgp-zimlet/

Feature list: https://github.com/Zimbra-Community/pgp-zimlet/wiki

Adding PGP support to Zimbra Collaboration Suite, currently tested on: - Windows: Google Chrome, Chromium, Firefox - Linux: Google Chrome, Chromium, Firefox - MacOS OSX: Google Chrome, Safari

This Zimlet ONLY WORKS with Zimbra version 8.8.15 and 9.0.

This Zimlet is not available for use in Zimbra Desktop.

Bugs and feedback: https://github.com/Zimbra-Community/pgp-zimlet/issues

========================================================================

Install Zimbra OpenPGP Zimlet

[root@myzimbra ~]# rm -Rf /opt/zimbra/zimlets-deployed/_dev/tk_barrydegraaff_zimbra_openpgp/
[root@myzimbra ~]# su zimbra       
[zimbra@myzimbra ~] wget https://github.com/Zimbra-Community/pgp-zimlet/releases/download/2.7.7/tk_barrydegraaff_zimbra_openpgp.zip -O /tmp/tk_barrydegraaff_zimbra_openpgp.zip
[zimbra@myzimbra ~] zmzimletctl deploy /tmp/tk_barrydegraaff_zimbra_openpgp.zip
[zimbra@myzimbra ~] zmmailboxdctl restart

With translations support:

• https://github.com/Zimbra-Community/pgp-zimlet/wiki/Install-via-zmzimletctl

Without translations support:

• https://github.com/Zimbra-Community/pgp-zimlet/wiki/Install-from-git

========================================================================

***UNCHECKED*** gets added to the subject of encrypted mail

As root su to the root.
nano /opt/zimbra/common/sbin/amavisd
or if you are on 8.6 and before: 
nano /opt/zimbra/amavisd/sbin/amavisd

change the line:
$undecipherable_subject_tag = '***UNCHECKED*** ';
to:
$undecipherable_subject_tag = '';

As zimbra:
zmamavisdctl restart

========================================================================

About private key security

When you generate a private key with this zimlet or copy-paste it when signing or decrypting, it is NOT being sent to the server and it is NOT stored on the server.

As of version 1.2.4 you can optionally store your private key in your browsers local storage. If you do not store your private key the server will ask you to provide it for each session. Also you can optionally store your passphrase to the Zimbra server. If you do not store your passphrase the server will ask you to provide it every time it is needed.

As of version 1.5.8 your private key is automatically encrypted with AES-256 when stored in your browsers local storage.

========================================================================

An unknown error (account.INVALID_ATTR_VALUE) has occurred.

When storing public keys > 5120 in ZCS 8.6:

As root:

nano /opt/zimbra/conf/attrs/zimbra-attrs.xml
Find the line: name="zimbraZimletUserProperties" type="cstring" max="5120"
and change it to: name="zimbraZimletUserProperties" type="cstring" max="51200"
then as user zimbra: zmcontrol restart

"zimbraZimletUserProperties" will be increased by default in ZCS 8.7 (to 51200)

Keyserver lookup

As of version 2.2.6 keyserver lookup is supported, the admin can set the keyserver to be queried in:

nano /opt/zimbra/zimlets-deployed/_dev/tk_barrydegraaff_zimbra_openpgp/config_template.xml
https://sks-keyservers.net

If you can use your keyserver from a browser, but not from the Zimlet (0 undefined response), you may need to enable CORS. See: http://enable-cors.org/server.html and https://github.com/Zimbra-Community/pgp-zimlet/issues/205

X-Mailer header for Thunderbird/Enigmail support

Thunderbird/Enigmail has some built in hacks to support email servers that do not support pgp/mime. Unfortunately that means that Zimbra OpenPGP Zimlet is identified wrongly as being Exchange server. This is fixed in Enigmail version 1.9.2. For compatibilty the X-Mailer header X-Mailer: ... ZimbraWebClient ... should be present in outgoing email. The sending of X-Mailer is enabled by default. If you changed the default you have to re-enable it using zmprov mcf zimbraSmtpSendAddMailer "TRUE";.

See: https://sourceforge.net/p/enigmail/bugs/600/

This zimlet does not work when composing in a new window

See: https://bugzilla.zimbra.com/show_bug.cgi?id=97496

License

Copyright (C) 2014-2021 Barry de Graaff

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Helpful Links

• https://zetalliance.org/pgp-zimlet/
• https://github.com/Zimbra-Community/pgp-zimlet/issues
• https://raw.githubusercontent.com/Zimbra-Community/pgp-zimlet/stable/README.md

Download

Rating	( 7 ratings )
Downloads	11118
Latest Version	2.7.6
Categories	Mail , Security and Privacy
Compatibility	ZCS 9.0.x
License	GNU GPL v2
Created	on 2/27/15
Updated	on 11/4/23

Reviews

• It worked! 

  By: dmafaldo on on 12/17/20 for version 2.7.6

  8.8.15_ga_3980

• Thanks Barry! 

  By: ajcody on on 12/23/16 for version 2.6.8

• Compose Winddow has no Encrypt or Sign Button 

  By: masterbob2 on on 3/29/16 for version from Git 2.0.7

  Zimlet looks good so far , but is missing Encrypt & Sign bottons on Compose
  Zimlet does not show on Admin Console

  Zimbra 8.6 OpenSrc, Umb 12.04,Chrome Version 49.0.2623.110 m

  Please Advise

   

  • Please report issues via Github: https://github.com/Zimbra-Community/pgp-zimlet/issues Thanks! 

    Replied on 4/21/16

• Best addon EVER 

  By: chrissi5120 on on 9/5/15 for version 1.7.7

  Despite I think Barry is an awesome Guy and Developer, the zimlet is great !

  You really should try 1.7.7 and everything that is coming next if you like to see a streamlined PGP performance in your web browser

  - I can send and recieve PGP Mail's more comfortable with Zimbra then using Thunderbird/enigmail
  - If I get a PGP encrypted Mail from somebody, it shows the fingerprint to check the identity of this Person and offers me to import the key
  - I can send my public key to every Person with a few clicks ( no hassle copying it from somewhere)

  Do it like me and use this zimlet, have fun using it AND donate if you appreciate it !

• Awesome addon 

  By: maxxer on on 7/1/15 for version 1.5.5

  One of the most useful Zimlet, a must for Zimbra itself. Thanks Barry for your continuous work.

• Great zimlet and responsive developer 

  By: bdalley on on 3/2/15 for version 1.5.5

  I have been using this zimlet for awhile now, I am pleased with the zimlet and its progress. The dev is quick to respond and is constantly improving the zimlet and adding new features.We use this for financial and client info and the dev has made it easy for non techies to use PGP. The biggest issue we have had in the past is that PGP/encryption was to hard for some users and the security would break down if they couldn't figure out how to easily encrypt/decrypt messages. This Zimlet has helped that greatly.

• Really useful for the whole community 

  By: tuanta on on 3/2/15 for version 1.5.5

  This is one of the most useful zimlets. I have used OpenPGP for years and I could not use Zimbra Webmail anytime (I had to switch to Thunderbird for all encryption/signing messages).It is more useful for Zimbra community because of its open source license. It keeps Zimbra as the best open source messaging ever.Thanks Barry for your efforts.

Older Versions: