Skip to content

Wayne State University

Aim Higher

Apr 26 / Mike Ward

Zimbra and Encryption

While it’s something I’ve kind of wished for since coming back to Wayne State, a recent conversation with a coworker (and a recent blog post by Geoff Nathan) reminded me of my slight annoyance at the lack of widespread support of email encryption and signing. A quick search for gpg support in Zimbra doesn’t really turn up much, and in fact it lead to me find that a Firefox plug-in I once experimented with using, FireGPG, is now discontinued, and that was my first idea for a somewhat hackish way to do it.

There is, of course always the option of just abandoning the Zimbra web interface and using Thunderbird, KMail, Evolution, or any number of other desktop clients with gpg, but that has the downside of giving up some of the nicer features of the interface, as well as parts of it that I use that aren’t going to be in those desktop clients. There’s also the downside that it would drastically impair my ability to read email on a mobile device, but that’s true even if Zimbra did have good support for encryption.

As it is now, the best way I can think of so far (and admittedly, I’m still thinking about it now, so I may come up with something else better) is to just use a desktop client for more “secure” correspondence, and whatever other clients for “everything else”, when I’m away from my desk. Realistically, while I’d love for as much of my email to be done in a secure way as possible, most people don’t have a public key out there that I could use anyway, so 99% of my email would be the same as it is now. The only time I’d have to start up a desktop client would be on the rare occasion a more enlightened coworker sent me something encrypted, or if I wanted to confirm their signature. Alternatively, I could just use the desktop client full-time, and start up the web interface for those few things that desktop clients can’t do. CPU cycles are cheap anyway.

I’ll have to dig around more, but I think this touches into a bigger problem of so many things being insecure. I shudder to think how many times my social security number has been emailed around in plaintext documents at old employers or the like, to sit around on someone’s email inbox protected by someone’s password that’s no stronger than their dog’s name.

9 Comments

Leave a comment
  1. Rico Jansen / Oct 8 2011

    I know I am a bit late on this iddy bitty post, but were you ever successful? I have been looking to prop up my own zimbra server

    • Mike Ward / Oct 10 2011

      No problem being “late”. I’m afraid I haven’t really done anything with this at all, though. The problem with cryptographically secure communication is that it takes both ends using it to be of any use, and I just don’t see that being very likely in the majority of cases. It’s unfortunate, but there it is.

  2. tim gorman / Apr 2 2012

    Seems that Zimbra 7.2 is planning to integrate smime encryption…
    Searching for zimbra does render little … this page is one of the top…:)

  3. Zydoon / Apr 4 2012

    Amen :)

    THunderbird + enigmail + gpg for secure emails
    and
    wemail for all other staff

    I’m living with this config

    regards,
    Zied.

    • Mike Ward / Apr 4 2012

      Yeah, that’s what I’ve been doing lately, too. It’s rare I get a signed or encrypted email anyway.

    • jorgemop / Dec 10 2013

      the problem with that config, i think is the storage, in webmail the storage its limitated to the resources of hardware (too much in my country) and the directives, senior or another manager name need secure and available mail. The staff mail is operative and prescindible.

      webmail + S/MIME : chief (security, mobility)
      desktop for staff

  4. Lee O. / May 15 2013

    What sort of clients did you use? Were they just add-ons?

    I’ve been playing around with a service called penango. They offer a 14-day free trial so i decided to do it. So far I’ve only sent a few test emails and it seems to be working great. It’s end-to-end encryptions, FIPS 140-2 certified, S/MIME and works on a bunch of platforms like gmail, google apps, vmware email, zimbra outlook…check it out penango.com

  5. Barry de Graaff / Feb 21 2014

    Hello Zimbra colleagues,

    The fact that there is no full OpenPGP support in Zimbra has been discussed before on this forum.

    I would like to bring to your attention that there is now a crowd funding effort to finally achieve a good quality gpg zimlet for zimbra.

    Please visit : http://www.indiegogo.com/projects/zimbra-openpgp-zimlet

    For details.

    Thanks

    Barry

  6. Barry de Graaff / May 31 2014

    There now is a Zimbra PGP Zimlet that adds pgp support to Zimbra:

    https://github.com/barrydegraaff/pgp-zimlet

Leave a comment