Valid HTML 4.01 Transitional

Signing My Mail

James F. Carter <>, 2016-11-12

In the USA presidential election of 2016, e-mail was stolen from the Democratic National Committee and the campaign organization of Hillary Clinton. I am sure that worst practices were followed in several areas, but in this essay I'm focusing on just one aspect, secure e-mail. I'm taking this opportunity to tighten up my own e-mail security.

Abstract: I continue to use RoundCube webmail on my private e-mail server. I am using RoundCube's Enigma plug-in to sign, verify and encrypt mail. I'm accepting the security imperfection of having my secret key on the webserver (itself encrypted), to get the benefit of message integrity through signed e-mail. Users for whom RoundCube is not feasible would use Mozilla Thunderbird (for Linux, Windows or OS-X, not handheld devices).

Nature of the Threat

Published reports of the hacks vary in their depth and usefulness for someone trying to improve security. If you are trying to improve, you should ask if you are vulnerable in these various ways, and fix if so.


The term message integrity means that the recipient or the general public can verify for themselves that the sender (and not a fraud person) did send the message and it was not altered afterward. When the sender signs a message, she appends a code, which is very hard to fake, using her secret key, that gives message integrity.

When the sender encrypts a message, she turns it into random-looking gibberish which only the intended recipient(s) can decrypt, i.e. can return it to readable form. An attacker has a very hard task to decrypt the message without knowing the recipient's secret key.

In modern cryptography each participant creates a private or secret key, never to be revealed, and then derives from it a public key, which is published so everyone who needs it can get it. The secret key is protected from theft by a physically removable container (smart card), biometric data, and/or a good password, all of which must be gotten past to wield the secret key. If even so the enemy manages to steal the secret key, all security assurances are void. Inverting a public key to steal the secret key is very hard.

The very hard tasks mentioned above require billions of dollars worth of computing equipment working together for months or years, to finish stealing that one secret. The hacking exploits are well known, and generally are published together with the encryption procedure, but are outrageously expensive.

My Goals and Issues

First my goals for this project:

There are a few issues with the basic design of mail readers and attached crypto packages.

Data flow in my mail system:

Mail Readers That Can Sign the Mail

Here is Wikipedia's list of mail clients. Clients are filtered by:

These readers and webmail programs survived the selection procedure. A lot more programs were rejected; they are listed in an appendix.


This is the currently market leading webmail program. A lot of mail services have RoundCube installed, some quite large, including jimc and UCLA-Mathnet. The users like it. Inception 2006, v1.0.0 2014-04-07, latest 2015-09-14; the Wikipedia article is not up to date; v1.2.2 was released on 2016-09-28. IMAP4, LDAP3, IPv6. Authentication: PLAIN; jimc has hacked for all web auth methods. PGP support (enigma plugin) is distributed with the core software.

Mozilla Thunderbird

GUI uses XUL, cross platform. For Linux, Windows, OS-X, none for Android. Inception 2003-07-28, v1.0 2004-12-07, most recent 2016-10-03, active development. IMAP4, IPv6, partial LDAP. CardDAV via the Lightning plugin. Authentication: PLAIN, X.509, find out about GSSAPI. S/MIME is supported intrinsically; OpenPGP by the Enigmail plugin. PIM features are available through Lightning, which is installed by default.

SeaMonkey Mail & Newsgroups

SeaMonkey is a continuation of the Mozilla Application Suite (discontinued); this is the mail client component. Much code is shared with Thunderbird. GUI uses XUL. Inception 2005-09-15, v1.0 2006-01-30, recent 2016-03-14, actively maintained. IMAP4, IPv6, partial LDAP3. Authentication: PLAIN, X.509, find out about GSSAPI. Has all PGP and S/MIME features, also all other "general" features. (Other suite components: web browser, HTML editor, and IRC client.)

Claws Mail

It was forked from Sylpheed. Inception 2001-05-xx, v1.00 on 2005-01-xx, latest 2016-11-06, i.e. active development. IMAP4, LDAP3, IPv6. Find out about CardDAV and CalDAV. Authentication: PLAIN, no X.509. PGP and S/MIME support: intrinsic GPG interface. Has 3 variant plugins to view HTML mail.


Claws Mail was its development version but eventually forked completely. Inception 2000-01, v1.0.0 2004-12-xx, recent 2016-07-29, actively maintained. IMAP4, LDAP3, IPv6. Authentication: PLAIN, no X.509. Has PGP support, no S/MIME. Does not display HTML messages.

Microsoft Outlook

Outlook is able to sign and encrypt e-mail. But it is proprietary (not open source), and so cannot be considered secure. It is available on Microsoft Windows, Apple iOS, and Android, but not desktop Linux.

Of the local clients, Thunderbird is the most promising, followed by Claws Mail. I'm not tempted to try SeaMonkey or Sylpheed in competition with their newer or more well-known siblings. No credible local client is found for Android. RoundCube is the currently market leading webmail. Its competitors are either obsolete or limited. I am currently using RoundCube webmail, and the way this selection process is going, I expect I will end up using its crypto support rather than switching to a local client.

Encryption Add-Ons


This is an add-on for Firefox, using OpenPGP (RFC 2440) wire format. It is intended to work with (almost) all webmail services, when they are viewed with Firefox. It implements PGP within the plugin, coded in Javascript, and it stores your secret and public key(s) in its own file. Jimc's experience is that it works great some of the time, but if the webmail service alters the message, e.g. converting emoticon text codes to pictures or using bars vs. '>' signs to quote message fragments, signature verification fails. Therefore I'm looking for a different crypto add-on.

Enigma for RoundCube

This plugin is distributed with the RoundCube core. It can use the OpenPGP (RFC 2440), PGP/MIME (RFC 3156) and S/MIME (RFC 3369 et seq) wire formats. It can be configured to sign and/or encrypt all messages; this is off by default. It uses gnupg and phpssl (for S/MIME) as backends. By default, users' keyrings are kept in .../roundcubemail/plugins/enigma/home, must be read/writable by the Apache user. See the discussion previously about the security implications of storing your secret key on the server.


It's a plugin for Thunderbird and SeaMonkey. Wire format is OpenPGP (and I think I saw that it can do S/MIME also, of course not in the same message). gpg-agent required.


For Android. Uses OpenPGP wire format.

APG -- Android Privacy Guard

It's an Android app and is sort of like GPG for desktop Linux. It has integration with the K-9 mail reader.

Setting up Enigma for RoundCube

So Enigma for RoundCube seems to be operational and reliable for e-mail security.

Key Management

There is one last detail in using PGP keys: anyone can create a secret and public key pair tagged with whatever name they choose, so how do you know that a public key is authentic?

What does it mean for a key to be authentic? In one class of applications, all you care about is that the same person returns in a sequence of visits. For example, someone registers at your online store by giving a public key. She places an order (and pays). Then when she returns to check order progress or do customer service things, you want to know authoritatively that it is the same person returning, and you know that from a digital signature which requires the customer to wield her secret key. But you don't need to know the customer's real-world identity.

On the other hand, the most important cases involve real identities, for example security notices (avoid phishing) or work instructions: is your boss telling you to do something or is it an enemy? PGP (and GPG) handles key authenticity by a Web of Trust. Here's an example. As a campaign worker you receive a public key from the hand of someone you trust, such as Hillary Clinton. She signs the public keys of senior campaign staff such as your boss. He/she will give you his public key with Hillary's signature, or someone you haven't met may send you a signed message with his public key attached. Because you have Hillary's key you can recognize that your boss' key was signed with hers, and you will then believe in your boss' key. GPG has this trust procedure automated according to configured security rules. But unfortunately the current version of Enigma is not able to use the Web of Trust, so you need to assess trust by hand (or by another GPG management program like Seahorse), and you need to put only keys that you trust into the keyring that Enigma has on the webserver. Then a message signed with a trusted key will be tagged as having a good signature. Whereas if the message were validly signed by someone not on your Web of Trust, it would be tagged as valid but untrusted, and you should treat it as phishing or a similar fraud.

Unfortunately the Web of Trust does not scale globally, and also, a compromised high-level key can be very dangerous. See this Wikipedia article about the DigiNotar debacle in which a national level X.509 certificate authority (not Web of Trust) was compromised with massive inimical consequences perpetrated by a repressive regime. So how is an ordinary user such as myself going to trust a signed message from outside, for example a notice, like the one John Podesta got, that my Google account had been compromised?

Web browser vendors work together to make a common list of approved X.509 root certificates (excluding DigiNotar's root certs, among others), and the various operating system distros include a package of these certs, signed by their own software signing keys, which are distributed to the end users as part of the distro. The X.509 trust anchor issue is different from the PGP Web of Trust, but issues there can illuminate how we could establish a Web of Trust when person-to-person trust relations are impossible.

Even so, the Web of Trust can be effective as-is within a smaller organization.

Meeting Goals

So with RoundCube's Enigma I have achieved my main goal, to be able to routinely sign my mail. But some other goals were not met.

Appendix: Rejected Mail Clients

These passed initial filtering but were rejected later.


No Windows. Intended for Gnome. It's been around for a long time but may be on the back burner: last stable release 2015-05-30. Intrinsic GPG, also GSSAPI and OpenLDAP. But it's not going to be useful on non-UNIX OS's.


No Linux. Strange licensing and support. Poor security fixes and customer support for UCLA-Mathnet; they switched to Thunderbird. Last known release about 2006-10-11 (10 years ago). Rejected.


Both GUI and text interface provided. Inception 1987, v2.0 1998-02-01, most recent 2015-09-18. Not promising. It is written in Gnu Lisp and runs under Gnu Emacs. Not going to fly.


Part of Horde, a PIM suite. Pure webmail. Inception and v1.0 1998. Most recent 2016-09-06, active development. Info missing (research not done?) about protocols served. Nor other info. Jimc had poor user/sysadmin experience with Horde and replaced it with RoundCube.


Part of KDE, but is listed as cross platform. Inception 1998-10-xx, v1.0.17 1999-02-xx, most recent 2014-11-11, 2 years ago for KDE-4, looks like it's been replaced by something else. Also Jimc doesn't use KDE and wants to avoid dragging in all the infrastructure just for this program. Rejected.


Webmail. No data on release dates or development. Jimc has never heard of it and already has two good webmail candidates. Forget this.

Mozilla Mail & Newsgroups

GUI uses XUL, cross platform. Part of the Mozilla Application Suite, which has been officially discontinued but carried forward as SeaMonkey, q.v.


Inception 1996-09-20, last release 2007-02-21, forget this one.


GUI uses XUL. No data on inception or releases. It was a fork of Thunderbird but has been discontinued.


Webmail. Jimc had moderately good experience with it. Inception 1999-12-xx, v1.0 2001-01-xx, last release 2001-07-12, seems to not be actively maintained. Too bad.

Appendix on Cryptography

It would be a good idea to explain some concepts from cryptography here.