[mike-cardwell]

I can't find any mention of PGP anywhere on the site. That it is supported, or in-development, or planned. Which is a shame, because there are good Webmail implementations out there with PGP support. Roundcube via plugins, Rainloop built in.

[jasonmunro]

We have an open issue at github for PGP support, and it's something I definitely want to pursue. The big concern is private key security and how to balance that with usability.

[fak3r]

Is there a way to hook into keybase? https://keybase.io/ This project looks great, I use Fastmail but would like to have an IMAP web front end I host (I used to host my own stack), so I may give this a go. Thanks for sharing it!

[scandox]

I would love this. Appreciate it isn't simple. Keep up the good work.

[stephenr]

Any chance that/another issue would cover s/mime?

Many mainstream (read: Apple/Microsoft) mail clients need plugins (which eg on iOS aren't an option) for PGP Mail, but S/MIME is handled out of the box.

[therealidiot]

Don't these typically require access to the private key though?

I'm not comfortable uploading my private key to a webmail server, even when its my own server

[mike-cardwell]

> Don't these typically require access to the private key though?

Yes, but not on the server. The key is typically stored encrypted in the browser storage. Never hits the server.

But there is still the problem where the server could send "bad" javascript which copies the key and uploads to the server.

However, if it's my server and I'm running the webmail, I might be ok with that. And if the server is being run by somebody I trust, I might still be ok with making that decision.

And even if I don't want to add my own private key, it would still be nice if the webmail could verify messages signed by other people. There's nothing risky about that.