PGPback

Allows user to backup/restore their PGP private keys from the browser
storage to the server using https://github.com/chtixof/pgpback_ynh

README.md

@@ -16,6 +16,8 @@ Each user can add a remote carddav server from their own parameters interface.
 - If you use baikal, the CardDav address is: https://DOMAIN.TLD/baikal/card.php/addressbooks/USER/default/
 - If you use NextCloud, the CardDav address is: https://DOMAIN.TLD/nextcloud/remote.php/carddav/addressbooks/USER/contacts
  
+Rainloop saves your PGP private keys in the browser storage. This means that you will loose your private keys if you clear your browser storage (e.g., private browsing, different computer...). This packages integrates [PGPback by chtixof](https://github.com/chtixof/pgpback_ynh) so you can store your PGP private keys on the server securely. Go to **http://DOMAIN.TLD/rainloop/pgpback** to backup your PGP keys on the server or restore them.
+
 To upgrade the app once a new rainloop version is available, simply run in a local shell via ssh or otherwise :
 ``sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/rainloop_ynh rainloop``
 
@@ -34,6 +36,7 @@ Chaque utilisateur peut ajouter un carnet d'adresse distant CardDav via leur pro
 - Si vous utilisez Baikal, l'adresse à renseigner est du type : https://DOMAIN.TLD/baikal/card.php/addressbooks/UTILISATEUR/default/ 
 - Si vous utilisez NextCloud, l'adresse à renseigner est du type : https://DOMAIN.TLD/nextcloud/remote.php/carddav/addressbooks/USER/contacts
 
+Rainloop stocke les clés PGP privées dans le stockage de navigateur. Cela implique que vos clés seront perdues quand vous videz le stockage de navigateur (navigation incognito, changement d'ordinateur, ...). Ce paquet intègre [PGPback de chtixof](https://github.com/chtixof/pgpback_ynh) pour que vous puissiez stocker vos clés privées PGP de manière sécurisée sur le serveur. Rendez-vous **http://DOMAIN.TLD/rainloop/pgpback** pour stocker vos clés privées PGP sur le serveur ou les restaurer dans un nouveau navigateur.
 
 Pour mettre à jour rainloop lorsqu'une nouvelle version est disponible, lancez en console locale (ssh ou autre) :
 ``sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/rainloop_ynh rainloop``

conf/nginx.conf

@@ -8,9 +8,13 @@ location PATHTOCHANGE {
 	location ^~ PATHTOCHANGE/app/data {
 	  deny all;
 	}
+
+	location ^~ PATHTOCHANGE/pgpback/keys {
+	  deny all;
+	}
 	
 	client_max_body_size 10G;
-	index index.php;
+	index index.php index.html;
 	try_files $uri $uri/ index.php;
 	location ~ [^/]\.php(/|$) {
 		fastcgi_split_path_info ^(.+?\.php)(/.*)$;

scripts/install

@@ -109,10 +109,13 @@
 	sudo cp ../conf/data/domains/default.ini $rainloop_path/data/_data_/_default_/domains/default.ini
 
 # install SSO - at the moment the index is the SSO and rainloop is installed in /app
-	sudo cp ../sources/sso/sso.php                  $final_path/index.php
+	sudo cp ../sources/sso/sso.php        $final_path/index.php
 	sudo sed -i "s@domain.tld@$domain@g"  $final_path/index.php
 	sudo sed -i "s@PATHTOCHANGE@$path@g"  $final_path/index.php
 
+# Install PGPback by chtixof to allow users to backup/restore their PGP private keys on the server
+	sudo cp -rf ../sources/pgpback        	  $final_path/.
+
 # Set permissions to rainloop directory
 	sudo find $final_path/. -type d -exec chmod 755 {} \;
 	sudo find $final_path/. -type f -exec chmod 644 {} \;

sources/pgpback/fav.php

@@ -0,0 +1,23 @@
+<?php
+$text=file_get_contents('php://input');
+$user=$_SERVER["PHP_AUTH_USER"];
+$file='keys/pk_'.$user.'.json';
+if ($user=="") {
+  $out='{"rc":-2,"pk":[]}';  
+
+} else if ($text=="") {
+  $fread=file_get_contents($file);
+  if ($fread==""){
+    $out='{"rc":-3,"pk":[]}';  
+  } else {
+    $out='{"rc":-1,"pk":'.file_get_contents($file).'}';  
+  }  
+} else {
+  $fstatus=file_put_contents($file,$text) ;
+  $out='{"rc":'.$fstatus.',"pk":[]}';  
+}
+header("Cache-Control: no-cache, must-revalidate");
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Content-Type: application/json; charset=utf-8");
+echo json_encode($out);   
+?>

sources/pgpback/index.html

@@ -0,0 +1,90 @@
+<!DOCTYPE html>
+<head>           
+  <meta charset="utf-8">           
+  <title>PGPBack   
+  </title>           
+<style>
+body {
+background: #41444f;
+color: #bbb;
+}
+a {
+color: #fff;
+text-decoration:none;
+}
+a:hover {
+color: #fff;
+text-decoration:underline;
+}
+</style>
+</head>   
+<body>
+<h1>PGPBack : OpenPGP keys backup for Rainloop</h1>
+PGPBack has been tested with Chrome. It enables the following:<br><br>
+<a id="arestorels"  href="javascript:void(0)">Set the local OpenPGP keys from the server</a><br/><br/>
+<a id="asavels"  href="javascript:void(0)">Backup the local OpenPGP keys onto the server</a><br/><br/>
+<a id="aclearls"  href="javascript:void(0)">Clear the local OpenPGP keys (for security reasons)</a><br/><br/> 
+<script src="lib/jquery-1.11.2.min.js"></script>
+<script>
+$(document).ready(function() {
+  $('#asavels').click(function() {
+    if (confirm('The local OpenPGP keys will be loaded onto the server')) {
+      $.ajax("fav.php", {
+        data : JSON.stringify([localStorage["openpgp-private-keys"],localStorage["openpgp-public-keys"]]),
+        contentType : 'application/json',
+        type : 'POST',
+        dataType: 'json',
+        success: function (data) {
+          parseddata=JSON.parse(data);
+          switch (parseddata.rc){
+          case -2:
+            alert("User not logged in Yunohost. Keys not saved.");        
+            break;
+          case -1:
+          case -3:
+            alert("No keys to save.");        
+            break;
+          case 0:
+            alert("Problem when writing the data. Keys not saved.");        
+            break;
+          default:
+            alert("Keys saved ("+parseddata.rc+" bytes)."); 
+          }
+        }
+      });
+    }
+  });
+  $('#aclearls').click(function() {
+    if (confirm('The local OpenPGP keys will be deleted')) {
+      delete localStorage["openpgp-private-keys"];
+      delete localStorage["openpgp-public-keys"];
+    }
+  });
+  $('#arestorels').click(function() {
+    if (confirm('The local OpenPGP keys will be replaced by those from the server')) {
+      $.ajax("fav.php", {
+        contentType : 'application/json',
+        type : 'POST',
+        dataType: 'json',   
+        success: function (data) {
+          parseddata=JSON.parse(data);
+          switch (parseddata.rc){
+          case -2:
+            alert("User not logged in Yunohost. Keys not set.");        
+            break;
+          case -3:
+            alert("No data found. Keys not set.");        
+            break;
+          default:
+            localStorage["openpgp-private-keys"]=parseddata.pk[0];
+            localStorage["openpgp-public-keys"]=parseddata.pk[1];
+            alert("Keys set from the server."); 
+          }
+        }
+      });
+    }
+  });
+})
+</script>     
+</body>
+</html>