Add native mail encryption out of the box through the integration of pEp

[4jNsY6fCVqZv]

Background I think this (pEp) approach is the most comprehensive one to face the huge problem that online communication — for the most users out there — is visible like a postcard & that this world has mass surveillance. The solution would be mass encryption and mass anonymization for all users out there. But this has not been accomplished through PGP/OpenPGP/GPG for the past 30 years now. And this is where pEp approach steps in. It's neither just plain GPG/OpenPGP, nor does it use/is build upon Autocrypt. It handles OpenPGP and S/MIME without hassle for the user (pEp automatizes all the steps a user would need to carry out for a secure communication -> key management, key discovery, private key handling, next step here is key syncing), what has not been solved by integrating plain GPG in Clients functionality so far.

For developers it's very easy as you can just plug'n'play the engine, which means that you don't have to maintain any crypto. It's developed and financed by a swiss foundation, cooperative and company, has external code audits.

Feature summary what it says on the tin!

I don't want to feel the need to install & use Thunderbird (cause pEp is provided there by Enigmail's default) just to make my communication on elementary OS more secure and sustainable. This could be solved by adding privacy by design support for pEp in Mail. Guess the pEp developement team would love to support your implementation if you just ask them!

How would you like it to work? I would love to see it as an privacy by design and default enabled, build in plugin, that secures my future communication out of the box, after (installing &) running Mail as my primary Mail client.

Relevant links, screenshots, etc

Definitely a good place to start — for the code — is https://pep.foundation/pep-software/

Further I would recommend Sva's talk from last years FROSCON https://media.ccc.de/v/froscon2018-2181-let_s_roll_out_mass_encryption It contains everything you should know, about the concept, the technical side and provides links to all of their code & communication channels as well. There is a part about the difference to Autocrypt as well.

What are your thoughts on this?

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/68522583-add-native-mail-encryption-out-of-the-box-through-the-integration-of-pep?utm_campaign=plugin&utm_content=tracker%2F59850425&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F59850425&utm_medium=issues&utm_source=github).

[eljefuri]

There's a $1000 bounty offered on PGP support generally here. https://github.com/elementary/mail/issues/82

[4jNsY6fCVqZv]

Hello, thanks for your comment! Maybe the title is a bit misleading - I'll change it directly.The goal of my issue is to add native mail encryption out of the box through the integration of pEp Engine. I find the bounty exciting! But at the moment shows only $50 and not $1,000.

[4jNsY6fCVqZv]

@cassidyjames @danrabbit
Hello, short question, is there currently the wish of the elementary team that such an integration of pEp takes place and will be developed for a rewritten Mail?

And if so, what conditions do you wish for such an integration?

[cassidyjames]

@4jNsY6fCVqZv I do think pEp would be accepted, but we'd want to work closely on the design. Also, since the rewritten mail is a simpler front-end to the Evolution Data Server, I believe the work would need to be done in EDS so we could hook into it from the front-end.

[4jNsY6fCVqZv]

@cassidyjames Hello Cassidy, thank you very much for your message! How exactly do you mean that the work should be done in EDS? As far as I understand it, pEp is already a frontend solution.

[cassidyjames]

@4jNsY6fCVqZv EDS is the client-side library that handles email in GNOME's Evolution app as well as the new elementary Mail app. I'm not familiar with the intimate details of EDS or pEp, but I believe pEp bindings would be added to EDS so we could more easily use them in elementary Mail without having to carry all of the code to handle it in the Mail app ourselves. The advantage would also be that any EDS-using app could work with pEp without manual integration work.

@tintou would likely have a more precise explanation of this than I can provide, though.

[fdik]

If I'm not mistaken then a pEp adapter could go to libedataserver or live nearby. Reading in now. To implement pEp functions for sending and receiving mail have to be hooked.

[4jNsY6fCVqZv]

@fdik What can pEp offer to provide a solution for apps based on EDS?

[fdik]

On Mon, Nov 11, 2019 at 01:50:18AM -0800, 4jNsY6fCVqZv wrote:

@fdik What can pEp offer to provide a solution for apps based on EDS? @tintou Do you want to contribute your thoughts to bring a good and sustainable solution to this issue?

Hi,

because Geary decided for p≡p we're developing the p≡p Freedesktop.org adapter already. This could be used by Elementary, too.

p≡p is a pure client concept.

If a free MUA is deciding for implementing the complete p≡p concept with Privacy by Default p≡p foundation is helping with financing, consulting and development as far as this is required. In case you want to do this please tell us this decision and your needs.

Yours, VB. -- Volker Birk, p≡p project mailto:vb@pep-project.org https://pep.software

[cassidyjames]

@fdik the current master version of elementary Mail is not based on Geary, but is a lighter-weight front-end to Evolution Data Server. So a solution that works with Evolution Data Server would be ideal, and as a bonus it would work with any app (like Evolution itself) that talks to EDS. The question of course is how to integrate it into the UI, and if it's possible to use this new adapter with EDS already, then all the better.

[fdik]

So a solution that works with Evolution Data Server would be ideal

Hi,

as I said pEp is purely client based. I'm not aware of a possibility to implement it in a data server.

Yours, VB.

[cassidyjames]

@fdik ah, I didn't know in this case if EDS (which is a data server on the desktop) would be considered a client (since it is a client to the mail server). Multiple layers of servers and clients. :)

[fdik]

OK. Sorry, then I'm probably the wrong person to ask. Who could explain what EDS is and does? Is there any architecturaly diagram where we can see this?

[cassidyjames]

@fdik There is a reference manual here. I'm not sure about an archetecture diagram, but its source is on the GNOME GitLab, and according to the Evolution page on the GNOME wiki, you can get in touch with devs in #evolution on irc.gimp.org.

[4jNsY6fCVqZv]

@fdik Does this information help you? How can an integration and thus Privacy by Design in Mail be realized together with pEp in the near future?

[alcinnz]

Here's a specification which might be worth looking into regarding end-to-end encryption: https://autocrypt.org

Came up in a more general discussion I had regarding email.

[4jNsY6fCVqZv]

@alcinnz This issue is about integrating pEp. Autocrypt has its own issue ;) https://github.com/elementary/mail/issues/180

[alcinnz]

Sorry, my searches didn't turn it up. Must have been writing them too general!