S/MIME 2.2.0 beta 1
The S/MIME add-on for WebApp is an easy to use tool that helps you secure your email with minimal effort. This new beta release introduces new features and improvements primarily aimed at how certificates are handled and verified. This S/MIME release also introduces a dependency on a new PHP module which is also available in the S/MIME package repository. You will need to restart your webserver or php-fpm after installation.
S/MIME Enable cross-organization data sharing, and fight against data leakage. It is about exchanging email with an extra layer of trust by using a so-called ‘public key infrastructure’ (PKI). In practice this means that the user ensures the authenticity of the message by adding a digital signature. In addition, encryption can be used to avoid data leakage in case you were to be hit by a ‘man-in-the-middle’ attack. If you want more details about the Kopano S/MIME plugin, have a look at the page about Email Security.
What is new in this version?
The primary goal of this release was to improve the handling of certificates and keys for the user. In addition we improved the user interface and resolved some bugs.
Improved certificate handling
We improved the way certificate validity is verified with different types of (intermediate) certificates, by traversing the complete chain on verification. This was not supported in PHP and required the addition multiple function calls. This means that for existing PHP versions, you need to install a new module that is provided in the Kopano S/MIME repository.
The required change has been submitted to the PHP development team (https://github.com/php/php-src/commit/787a18a50a4863874dcf805974ba609efdd9950f) for inclusion in future PHP versions.
Reading your encrypted sent items
Any outgoing encrypted message sent by you will also be encrypted with your own public key. New messages sent after installing this version can be read from your sent items folder after entering your passphrase.
A total of 29 tickets have been fixed in this release. The complete list can be found in the changelog.
Where do I get the packages?
The packages to this release are available. You can download them through the repositories, the portal or directly from the download server (all require authentication). The latest development build of the S/MIME plugin is also available through the community download server! Technical details can be found in the documentation. If you have any feedback on this new release, leave your comments in the forum or send an email to email@example.com!
I tried the plugin and have the following issue:
Sending signed Emails from and to KopanoWebapp user work fine
Sending signed Emails from KopanoWebapp user to Outlook 2016 users work fine
Sending signed Emails from Outlook 2016 user to Webapp user makes problem:
Here the certificate is shown as revoked, although in Webapp and Outlook same Commondo certificate is used.
Thanks for giving it a try
- What OS are you using?
- Could you paste all your WebApp + php related versions (including php-kopano-smime just to be sure)
- In WebApp could your remove your public part of the user and check the case that gives issue again?
I am using Gentoo with self compiled kopano packages taken directly from the repsotories.
Everithing is on the latest “master” branch - S/MIME Addons should be v2.2.0-beta.1
I also added the extra PHP Module (self compiled) - taken from https://download.kopano.io/community/smime:/sourcecode/php-kopano-smime_1.0.00.orig.tar.gz
PHP version is 7.0.21.
But the problem doesn’t seem to occure ever time.
I just opened a Mail, sent by my iPhone - certificate was shown as valid.
After logging in again, the certificate is shown as revoked again. And there is no real pattern to see. Also deleting the public certifcate didn’t change anything. But as it was readded, the certificate must have been valid in some tryings before…
when changing a folder the signature seems to be checked again.
About 1 out of 5 tries a certificate is seen as valid - indepent from the used MUA (iPhone or Outlook Mails)
Could this be a timing issue?