OpenPGP

[dignifiedquire]

Maybe we could use https://github.com/openpgpjs/openpgpjs it works on the client in Chrome so it should be usable in node.

[ForbesLindesay]

Definitely a useful resource. I'm not sure where it belongs though. With PGP I think it's pretty much the client that has to do all the work?

I definitely would like to look at adapting that for node though if nobody else has already.

[dignifiedquire]

Wasn't sure myself where to put it. But from what I understand we would need this on the client as well as on the server.

There is some talk about using browserify openpgpjs/openpgpjs#60 and some misc talk about node stuff on the mailing list

[JeanSebTr]

I'm a bit skeptical about using encryption libraries that don't use native implementation of the algorithms in nodejs. Those are fine for client side encryption where only one user would be impacted be a slow and blocking code. This one may be of interest : https://github.com/eschulte/node-gpg

But, what should do an IMAP server with PGP ?

[ForbesLindesay]

I think it'll be more interesting when we look at IMAP clients (which should verify the PGP signatures) and SMTP servers (which I think should add the signatures).

I honestly think we should write our own PGP library (based on existing work). We can use all the built in node.js crypto stuff wherever it's useful but also extend browserify with any algorithms that might be missing so that it'll still run fine on the client.