From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/enigma/README |   43 +++++++++++++++++++------------------------
 1 files changed, 19 insertions(+), 24 deletions(-)

diff --git a/plugins/enigma/README b/plugins/enigma/README
index 25a1607..ac20b79 100644
--- a/plugins/enigma/README
+++ b/plugins/enigma/README
@@ -1,51 +1,46 @@
-------------------------------------------------------------------
-THIS IS NOT EVEN AN "ALPHA" STATE. USE ONLY FOR DEVELOPMENT!!!!!!!
-------------------------------------------------------------------
+Enigma Plugin for Roundcube
 
-WARNING: Don't use with gnupg-2.x!
+This plugin adds support for viewing and sending of signed and encrypted
+messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format.
 
-Plugin Status:
+The plugin uses gpg binary on the server and stores all keys
+(including private keys of the users) on the server.
+Encryption/decryption is done server-side. So, this plugin
+is for users that trust the server.
 
+
+Implemented features:
+---------------------
 + PGP: signatures verification
 + PGP: messages decryption
 + PGP: Sending of encrypted/signed messages
-+ PGP: keys management UI (keys import and delete)
++ PGP: keys management UI (key import, export, delete)
++ PGP: key generation (client- or server-side)
 + Handling of PGP keys attached to incoming messages
++ User preferences to disable plugin features
 
-TODO (must have):
 
-- Fix issues with enabled messages_cache
-- Make working with gnupg-2.x
-- Keys export to file
-- Disable Reply/Forward options when viewing encrypted messages
-  until they are decrypted successfully
-- Handling of replying/forwarding of encrypted/signed messages
-- Add composer.json file
-- Performance improvements:
-   - cache decrypted message key id so we can skip decryption if we have no password in session
-   - cache (last or successful only?) sig verification status to not verify on every msg preview (optional)
-
-TODO (later):
-
+TODO:
+-------------
 - Handling of big messages with temp files
-- Server-side keys generation (warning: no-entropy issue, max_execution_time issue)
-- Client-side keys generation (with OpenPGP.js?)
 - Key info in contact details page (optional)
 - Extended key management:
    - disable,
    - revoke,
    - change expiration date, change passphrase, add photo,
    - manage user IDs
+   - export private keys
 - Generate revocation certs
 - Search filter to see invalid/expired keys
 - Key server(s) support (search, import, upload, refresh)
 - Attaching public keys to email
 - Mark keys as trusted/untrasted, display appropriate message in verify/decrypt status
-- User-preferences to disable signature verification, decrypting, encrypting or all enigma features
 - Change attachment icon on messages list for encrypted messages (like vcard_attachment plugin does)
 - Support for multi-server installations (store keys in sql database?)
 - Per-Identity settings (including keys/certs)
-
+- Performance improvements:
+   - cache decrypted message key id so we can skip decryption if we have no password in session
+   - cache (last or successful only?) sig verification status to not verify on every msg preview (optional)
 - S/MIME: Certs generation
 - S/MIME: Certs management
 - S/MIME: signed messages verification

--
Gitblit v1.9.1