thunderbird / thunderbird-android

Thunderbird for Android – Open Source Email App for Android (fka K-9 Mail)
https://thunderbird.net/mobile
Apache License 2.0
11.08k stars 2.51k forks source link

S/MIME support #1003

Open helmo opened 8 years ago

helmo commented 8 years ago

There is an existing discussion on an old tracker ... https://code.google.com/p/k9mail/issues/detail?id=2538

A lot of work seems to be done on PGP support in the https://github.com/k9mail/k-9/milestones/PGP/MIME milestone. Hope this issue helps to track S/MIME support. I would like to easily verify both PGP and S/MIME signatures.

A few related issues:

sedrubal commented 8 years ago

There was a mobile application development project at our university and one project tried to implement this: https://github.com/FAU-Inf2/SMile

For me this looks like a big chaos but maybe you can use some parts... ;)

philipwhiuk commented 8 years ago

We can take some lessons from it, but:

Similarly to the first OpenPGP implementation, we can probably learn lessons but direct code re-use is going to be problematic.

philipwhiuk commented 8 years ago

I've begun a branch in my local repository which assumes it will receive similar intents to that which OpenKeychain provides: https://github.com/philipwhiuk/k-9/commits/smime I will keep re-basing this on-top of master maintaining parity with any new relevant features that the PGP/MIME development adds.

I need to write a SMIME certificates storage app now to implement the other side so I can test decrypting a SMIME message (and test composition). It's possible I can fork https://github.com/FAU-Inf2/SMileCE for that. Otherwise it will take a while...

cketti commented 8 years ago

Right now the OpenKeychain project kind of owns the crypto provider interface and drives the development. Which is fine, because nobody else showed interest in integrating with K-9 Mail.

But really I want to have a crypto provider interface that is generic enough to be able to support both PGP/MIME and S/MIME. That is also part of the reason why I suggested using the openintents namespace back when this all started. My hope was this interface will be implemented by more than one app, and one day supports more than one crypto system. The use of "openpgp" all over the place is a bit unfortunate. But I suspect the API needs some tweaking to be able to support S/MIME anyway. So transitioning to a more generic name shouldn't be a huge problem either.

/cc @Valodim @dschuermann

adeorato commented 8 years ago

I can recommend the library https://en.wikipedia.org/wiki/Bouncy_Castle_(cryptography) for this. At work we use this API for Java and S/Mime and it was simple to integrate. It also supports PGP, but I never tried the PGP part.

szepeviktor commented 8 years ago

While you implement this a temporary word-around is X509Tools

errhammr commented 5 years ago

Hello everyone! I'm curious, what's the current status of the S/MIME integration? Are there still plans to ship this feature, do you need help with something specific, or is it just not going to happen?

szepeviktor commented 5 years ago

In 3 years you grow a long 🧔

dhdurgee commented 3 years ago

I need an Android email app with S/MIME support. I see this issue is still open, but that a milestone for it was removed last month. Is there a version with S/MIME under development at this point? If so, can I test it for you? I am running a Motorola Moto E with Android 10 on it that would be my test environment.

ShogunWeb commented 2 years ago

Also interested in having an open source Android mail client that supports S/MIME. It seems this protocol is well integrated in most desktop clients, unlike PGP, which makes it the preferred choice for companies. As I need a mobile client mail for my pro email (having a S/MIME certificate), I would like to know if I can wait for a solution using my favorite K-9 client, or should I switch to another open source alternative ?

In case S/MIME will not be supported in the short terme in K-9, would you recommend an open source alternative ? (FairMail looks like a very good option)

witchent commented 2 years ago

Also interested in having an open source Android mail client that supports S/MIME. It seems this protocol is well integrated in most desktop clients, unlike PGP, which makes it the preferred choice for companies. As I need a mobile client mail for my pro email (having a S/MIME certificate), I would like to know if I can wait for a solution using my favorite K-9 client, or should I switch to another open source alternative ?

In case S/MIME will not be supported in the short terme in K-9, would you recommend an open source alternative ? (FairMail looks like a very good option)

I also had to switch because I needed S/MIME support, and FairMail works fine, though I'd still prefer K-9 very much if only for S/MIME..

rezazarchi commented 2 years ago

I researched this feature in some K-9 forks like SMile and K-2. But they didn't actually implement this feature completely. For example, in Smile sign process, they didn't pass the email body to SMileCE service, and it returns error with null pointer exception. In the SMileCE project, MimeBodyPart object is from javax mail library, which is different from our MimeBodyPart in K-9

ShogunWeb commented 2 years ago

Thanks @rezazarchi for the info. I did not know these forks, but anyway, from what I read, S/MIME is not fully implemented so it won't save me :-)

nuest commented 2 years ago

I would also really like to see this feature integrated in my favourite mail client.

Is there a way to direct my donation to support this particular feature request?

rezazarchi commented 2 years ago

I'm working on S/mime in the K-9 project. but I have some challenges with converting K9 MimeMessage to Javax MimeMessage objects and converting Javax to K9. The bouncy castle needs that to sign messages. I created a signed message successfully, but for reading and validating signator, I had challenge with converting saved local message to Javax mail. I don't know how to convert K9 LocalMessage to Javax MimeMessage properly. Could you please help me with that? @cketti

Part of my codes for converting is here. I will push my whole code when It is completed. https://gist.github.com/rezazarchi/8923ef38433677b77943195624cb6f71

cketti commented 2 years ago

@rezazarchi: I assume JavaMail (or I guess Jakarta Mail now) can read and write raw messages. Probably easiest to go that route.

If you want to get this merged into K-9 Mail, please find another way. I don't want to include another (rather large) mail library like Jakarta Mail. I'm sure BouncyCastle has more low level functionality to encrypt/decrypt and sign/verify S/MIME data.

rezazarchi commented 1 year ago

@cketti So how can I read raw message from LocalMessage?

cketti commented 1 year ago

Use Body.writeTo(OutputStream). See e.g. MessageCryptoHelper.getDataSourceForEncryptedOrInlineData().

schokotets commented 1 year ago

Fellow developers, I've got a few questions regarding S/MIME support:

cketti commented 1 year ago

We develop features in the open and usually reference the issue number of a feature request in pull requests. If you look closely, you can see this is not a feature we're currently working on.

We don't do targeted donations and we currently don't offer the option to pay for feature work.

There's quite a few feature requests that are more popular than S/MIME support. So I think it's unlikely that we'll start work on this feature anytime soon.

AlexanderKaschta commented 8 months ago

The comments in this thread about the code design are eight years old and I've wanted to check, if they are still valid:

user4andre commented 1 month ago

I would be pleased if the support of S/MINE was not postponed again and again.

The Fairmail app (https://github.com/M66B/FairEmail) supports S/MINE. There is no additional APP for the S/MINE certificates, but according to the FAQ, Android internal storage is used.

from the FAQ page:

S/MIME Encrypting a message requires the public key(s) of the recipient(s). Signing a message requires your private key.

Private keys are stored by Android and can be imported via the Android advanced security settings (Encryption & credentials, Install a certificate, VPN & app user certificate). There is a shortcut (button) for this in the encryption settings for Android version 10 and before. Android will ask you to set a PIN, pattern, or password if you didn't before.

(...) shortened!