S/MIME sign everything



  • We are focusing on increasing the security of our e-mails and we want to focus on s/mime. To get our certificates out to people we would like to sign all e-mails we send out.
    Something that is very easy in for example Thunderbird. However currently not possible in the web app.
    The two issues that are stopping us are

    1. constantly having to enter the certificate password. Is there a way to disable this?
      While I don’t know I’m guessing most users have the same password for the certificate as for the web app login.
      Would it be easy to change this to something like the files plug in has “Use Kopano credentials” and then don’t annoy the user with the password pop up?

    2. Would it be possible to add an option to always sign outgoing mails?

    My knowledge of programming Kopano is very limited so I’m not sure if I could realise this. Maybe with some points on where to look I could tackle the second point and create a user option for that in the s/mime plug in.

    Christian



  • Hi Christian,

    If I understand correctly, are you looking for this?

    https://documentation.kopano.io/webapp_smime_manual/configuration.html#plugin-smime-passphrase-remember-browser

    http://blog.gestreift.net/2016/12/kopano-und-smime-sei-wer-du-bist/

    I do not use Smime yet but maybe this will help you.



  • Hi Sinux,

    My first thought was the plugin option looked correct. But not so. We already had this option in our config file.
    With this option the browser will save the password but each time you sign or encrypt an e-mail you get the pop up to select the password (you just don’t have to enter it again as the browser knows it).
    So users are still annoyed as they have to do something just to send a signed e-mail.

    The second link doesn’t really help me. I know how to sign outgoing e-mails by clicking the button. However we would like all users in the company to always sign them and that leads to things such as forgetting to click the button or not clicking it on purpose since it is an extra step…
    So we need a way to have this button selected all the time in all new e-mail windows if that makes sense.

    Christian



  • Then I have the solution for you. Swap your users;)
    Seriously, then I can not help you unfortunately.



  • @Sinux Thanks for your suggestion. Sadly that dosen’t work. And I can understand them if you send 100+ e-mails a day every click counts.

    We’ll investigate further if we manage to change the s/mime plugin, change to a desktop client such as Thunderbird or change servers.

    Again thanks for your suggestions,

    Christian


  • Kopano

    @christian

    Unfortunately security is not really user friendly.

    You can set it up in Thunderbird.

    We have tickets for such behavior but haven’t worked on them.
    https://jira.kopano.io/browse/KSP-133
    https://jira.kopano.io/browse/KSP-4



  • @marty i would also be interesting in this, if this helps to get it :-)



  • @christian

    question for you.

    When you are siging an email in webapp to a user and open the recieved email in Outlook. Is the signing then trusted?


Log in to reply