Implement GPGME access for public key import and secret key operations
Categories
(MailNews Core :: Security: OpenPGP, enhancement)
Tracking
(thunderbird_esr78 unaffected)
Tracking | Status | |
---|---|---|
thunderbird_esr78 | --- | unaffected |
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
(Keywords: leave-open)
Attachments
(2 files)
760 bytes,
patch
|
KaiE
:
review+
wsmwk
:
approval-comm-beta+
|
Details | Diff | Splinter Review |
1.85 KB,
patch
|
KaiE
:
review+
wsmwk
:
approval-comm-beta+
|
Details | Diff | Splinter Review |
It would be good to implement access to GnuPG using GPGME.
Useful operations are:
- list available secret and public keys
- secret key operations (sign and decrypt)
- extract a public key (for importing it into TB)
A mechanism to directly use a secret key, managed by GnuPG, instead of exporting and importing it, would enable us to use smartcards that are supported by GnuPG.
Assignee | ||
Comment 1•4 years ago
|
||
Initial GPGME bindings were already added in bug 1633288.
A fallback attempt to GPGME is currently active.
We should add a pref, that allows the user to disable/enable the use of GPGME.
For now, I'd disable that pref by default, unless we have support for digital signing with GPGME.
We should also change the message that's shown on the debug console. We shouldn't talk about "required GPGME", but rather about "optional GPGME".
Assignee | ||
Comment 2•4 years ago
|
||
This probably doesn't block bug 1627736, moving to "see also".
Comment 3•4 years ago
|
||
I tried using gpgme on Windows. It doesn't work directly because both, the binary distribution of GnuPG 2.2 and gpg4win store the library as "libgpgme-11.dll". Attached is a patch that fixes this.
NOTE: Unfortunately gpg4win is only available for Win32. TB for x64 thus can't use the library.
Updated•4 years ago
|
Assignee | ||
Comment 4•4 years ago
|
||
(In reply to Patrick Brunschwig from comment #3)
NOTE: Unfortunately gpg4win is only available for Win32. TB for x64 thus can't use the library.
That's sad.
We might want to ask the developers why.
Assignee | ||
Comment 5•4 years ago
|
||
Patrick, do you know the filename on macOS ?
Assignee | ||
Comment 6•4 years ago
|
||
Comment on attachment 9153019 [details] [diff] [review] gpgme-winnt.patch [checked in] [beta 78 checked in] I'll check this in, probably together with bug 1642614
Assignee | ||
Updated•4 years ago
|
Pushed by kaie@kuix.de: https://hg.mozilla.org/comm-central/rev/7dd6c3ae55d4 Try common filename for GPGME dll on Windows. r=kaie DONTBUILD
Assignee | ||
Updated•4 years ago
|
Comment 8•4 years ago
|
||
I'm working on it. The filename is standard, but I fear we will need to manually search for the library (full path). I'll have a patch in a few days.
Assignee | ||
Comment 9•4 years ago
|
||
Comment on attachment 9153019 [details] [diff] [review] gpgme-winnt.patch [checked in] [beta 78 checked in] Need Beta uplift for OpenPGP feature work.
Comment 10•4 years ago
|
||
Here is a patch that makes GPGME work on macOS. Unfortunately, macOS doesn't simply search in /usr/local/lib
, such that we need to specify some paths explicitly.
I made the patch generic, i.e. it applies to any non-Windows system.
Specifically for macOS:
- if you use gpgOSX, then GPGME will be found in
/usr/local/bin
- if you use brew or fink the GPGME will be found in
/opt/local/bin
Assignee | ||
Updated•4 years ago
|
Comment 11•4 years ago
|
||
Pushed by kaie@kuix.de: https://hg.mozilla.org/comm-central/rev/f02863ab01e3 Try loading GPGME library from /usr/local/lib or /opt/local/lib. r=kaie
Assignee | ||
Comment 12•4 years ago
|
||
Comment on attachment 9154766 [details] [diff] [review] gpgme-macos.patch [checked in] [beta 78 checked in] Needed for OpenPGP
Comment 13•4 years ago
|
||
Comment on attachment 9153019 [details] [diff] [review] gpgme-winnt.patch [checked in] [beta 78 checked in] Approved for beta
Comment 14•4 years ago
|
||
Comment on attachment 9154766 [details] [diff] [review] gpgme-macos.patch [checked in] [beta 78 checked in] Approved for beta
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 15•4 years ago
|
||
Comment on attachment 9154766 [details] [diff] [review] gpgme-macos.patch [checked in] [beta 78 checked in] https://hg.mozilla.org/releases/comm-beta/rev/b06a7c1b08f72733d9c07b038842c91ec93aedcd https://hg.mozilla.org/releases/comm-beta/rev/a894f36fc41ae6e5c067ed699ebf71b612e2d46e
Comment 16•4 years ago
|
||
As mentioned in https://bugzilla.mozilla.org/show_bug.cgi?id=1642614#c22 already, the right library name to load is libgpgme.so.11
, not libgpgme.so
. The later is installed only as part of devel headers on major distros (at least Debian and Fedora) and are not expected to be present on user machines.
Assignee | ||
Comment 17•4 years ago
|
||
(In reply to Marek Marczykowski-Górecki from comment #16)
As mentioned in https://bugzilla.mozilla.org/show_bug.cgi?id=1642614#c22 already, the right library name to load is
libgpgme.so.11
, notlibgpgme.so
. The later is installed only as part of devel headers on major distros (at least Debian and Fedora) and are not expected to be present on user machines.
This was added in bug 1603782.
With all the work that was done in other bugs, we can close this one.
Updated•4 years ago
|
Description
•