disable storing private GnuPG keys on the server

[brutus]

I want to prevent users from storing private GnuGP keys on the server. I wonder if setting openpgp = Off is all that it takes?

I have a lot of secring.gpg files on my server (most of them empty though). After setting openpgp = Off, I noted some changes in the security tab of the settings:

• there is no longer the option to generate new keys
• there is still the option to import keys though
  • doing so shows me no error (or any message/log at all - as far as I noticed)
  • but it seems like no files where changed/added on the server
• the OpenPGP.js Option is gone
• the automatically save draft option is also still there (not sure what it exactly means in this context)

I would find info on this really helpful, especially what kind of data is stored where for the different options. Sorry in advance if I just missed it in the docs/wiki.

[the-djmaze]

SnappyMail supports 3 key stores:

1. OpenPGP.js (browser local storage)
2. Mailvelope (only PGP/Inline support)
3. GnuPG on server in _data_

Info in wiki https://github.com/the-djmaze/snappymail/wiki/OpenPGP

To disable GnuPG you just remove the PHP extension and the library from your server.

But, there are important differences as reported in the wiki.
When you disable GnuPG you can't encrypt (inline) attachments.

That's why SnappyMail tries to require a passphrase on private keys.

[brutus]

Thank you for the reply and sorry for the delay on my part. I was aware of (most) of the differences regarding the key stores. I was/am looking for a way, to prevent users from storing GnupPG keys on the server (with or without passphrase protection). And I am still wondering if using openpgp = Off is all it takes.

I just updated to 2.26.4 and my observations from the initial post seem to hold:

After setting openpgp = Off, I noted some changes in the security tab of the settings:

• there is no longer the option to generate new keys
• there is still the option to import key though
  • If I import a key, it shows me no error (or any message/log at all - as far as I noticed)
  • but it seems like no files were changed/added on the server - is this true?
• the OpenPGP.js Option is gone
• the automatically save draft option is also still there (not sure what it exactly means in this context)

Can you clarify these points? Especially where do the imported keys go?

Disabling the gnupg.so module does not prevent the (possibly broken) import key button and I can not remove gnupg entirely, since yum depends on it.