symmetric_OpenPGP_vs_recent_Iceweasel.mdwn

[[!toc levels=2]]

Rationale
=========

A great bunch of Tails users currently use symmetric OpenPGP
encryption in Iceweasel, thanks to FireGPG. We want to support this
usecase on the long run.

Also, we've been wanting to ship [[todo/Iceweasel_5.x]] as soon as
possible, but FireGPG [is discontinued
upstream](http://blog.getfiregpg.org/2010/06/07/firegpg-discontinued/)
is known [not to work with
FF4+](http://blog.getfiregpg.org/2011/04/01/firegpg-and-firefox-4/)
"because of the missing IPC library", and generally is
[[a security
mess|doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks]].

We need to find a way to support symmetric OpenPGP encryption in
Tails.

Work in progress
================

The Seahorse applet already knows how to *decrypt* symmetrically
encrypted text. But it does not support symmetric encryption, seems
dead upstream, was never released for GNOME3 and therefore is not part
of Debian testing.

Therefore, we have written another OpenPGP panel applet; the
`bugfix/remove_firegpg` branch does not run the Seahorse applet
anymore. It does not install FireGPG either. Our own panel applet
features:

- symmetrically *encrypt* clipboard content
- *decrypt* clipboard content (regardless of the kind of OpenPGP
  encryption)
- status icon and action menu change depending on the content of the
  clipboard(s), the same way as the Seahorse applet does

Missing features wrt. the Seahorse + FireGPG combo, we can live with:

- asymmetric (i.e. public key) encryption
- import key (covered by other parts of the Seahorse UI, though)
- symmetric encryption of files

Also, we prepared a "fake" FireGPG plugin that explains why it's not
here anymore and points to the alternative.

> [[!taglink todo/done]] in Tails 0.10.

## Long term

On the long run, we hope Seahorse gets support for symmetric
encryption, and seahorse-plugins to be relived upstream.
See details below.

Archive: implementation ideas
=============================

Port FireGPG to recent Firefox/Iceweasel releases
-------------------------------------------------

**Dismissed**: the webbrowser is too much of a scary place to run
GnuPG operations in.

As of June 2011, the most active FireGPG fork is [darkpixel's
one](https://github.com/firegpg/firegpg). It recently merged
[bit's branch](https://github.com/bit/firegpg) in, that adds
support for Firefox 4. It's build system depends on:

* [ipccode](http://hg.mozilla.org/ipccode/): see `ipc/get.sh` in
  darkpixel's repository
* a local clone of the mozilla source code ([canonical
  repository](https://hg.mozilla.org/mozilla-central/),
  [releases](https://hg.mozilla.org/releases/mozilla-release/)).

Mike Cardwell's [easy installation
recipe](https://grepular.com/FireGPG_on_Firefox_5) works, but it uses
a binary IPC extension shipped in the Git repository.

We therefore need to build the IPC extension against the Iceweasel 5
source code and test the result. Note that a "simple" clone of the
Mercurial mozilla-release repository seems not enough as it lacks the
`obj-ff-release` directory. Is this directory generated when compiling
Firefox itself?

The [Html Validator compilation
instructions](http://www.htmlpedia.org/wiki/FirefoxCompilation) have
stuff related to the mysterious `obj-ff-release`.


Find another user-interface that provides the missing feature
-------------------------------------------------------------

This could be a nice middle-term workaround.

### Local GUI

Writing a simplistic GUI able to symmetrically encrypt/decrypt text
should be quite quick.

Hints:

* May be needed to show *all* of GPG's output to the user: one can be
  burnt by GPG-wrapper GUIs misleading about what GPG thinks.
* A message may be signed and encrypted using
  `gpg --symmetric --sign`

### Local webapp

* Herbert Hanewinkel's OpenPGP Message Encryption in JavaScript:
 - [homepage](http://www.hanewin.net/encrypt/)
 - only supports encryption
* gooxdoo JavaScript classes for OpenPGP encryption
 - [homepage](http://qooxdoo.org/contrib/project/crypto)
 - only supports encryption

Add symmetric encryption support to GNOME
-----------------------------------------

The Seahorse applet already knows how to *decrypt* symmetrically
encrypted text. So the missing bit is symmetric *encryption*.

This would be the perfect long-term solution, but we probably lack the
time and energy needed to implement it.

We asked the Seahorse authors to include this feature a while ago:

* [email asking it](http://mail.gnome.org/archives/seahorse-list/2008-February/msg00005.html)
* [bug report tracking it](https://bugzilla.gnome.org/show_bug.cgi?id=325803)

### seahorse-plugins vs. GNOME3

Another problem is that seahorse-plugins (which the panel applet is
part of) is not very well maintained upstream.

Stef Walters [wants to get the Nautilus plugin ready for GNOME
3.4](https://mail.gnome.org/archives/seahorse-list/2011-November/msg00000.html),
we've asked about their plans for the panel applet.