Wether I leave the passphrase field empty or not, nothing happens when I click the import-button on the import screen. No error-messages or anything else of the sort.

Autistici.org is a community run privacy respecting mail service recommended by prism-break.org I use this as my primary email, many of my privacy concious friends use it too. They use their own certification authority and their authenticity can be validated by dane protocol. In the short term please add their ca certificate to your server and in the long term please support dane in addition to known CA bundle. This is currently the only app available for me in firefox os and I can't use gpg because of this issue.

I had to install grunt-cli globally to run:

grunt && grunt test

because the above assumes that 'grunt' is in the path. It's better to use the grunt installed in node_modules, in case I have a different version of grunt installed.

I'm hosting my own web application at https://mail.openhosting.com . I added my private key to the application and received the confirmation email from Whiteout Support. The message is decrypted properly and the public key verification link appeared. The domain is not mail.openhosting.com but rather keys.whiteout.io.

Why isn't the public key verified on my own server? Also, where is the private key stored? I didn't configure a database since there isn't a step for that in the installation instructions. I also deleted the ASCII armored private key file but message decryption continues to work.

I'm finding the encrypt-on-the-fly seems to be slowing the editor. Is there a way to improve speed on my end? Sometimes I can type ahead a whole sentence before it starts to appear.

Otherwise the ease of use and interface is very nice.

RB

Is it possible to change the default key size. Maybe to 4096 bit RSA?

I get this error when generating a PGP key.

Cause it's encrypted.

It WhiteoutMail when scrolling through thousands of emails the client can get lagged as the DOM is being overloaded. A possible solution to this may be to remove messages from top while scrolling down and add them again while scrolling up. Also it would be really great to have a feature allowing the user to choose the amount of emails wanted synced with whiteoutMail. Syncing every email from every folder can take up a lot of space and slow down the client so possibly a preset of a few thousand emails and ability for user to change sync limit.
Thanks!

I still use Gmail for primary mail, and would be more likely to leave whiteout installed If it only notified me when I needed to use it. Hopefully the proportion of unencrypted go down over time!

currently I cannot use whiteout.io on my firefox os device (2G/Edge connection), there is no other gpg app for firefox os either. when a socket timeout error occurs, give an option to try a longer timeout.

btw is there a schedule for firefox os app release?

Hi,

I'm having issues importing keypair.

I was unable to import my old keypair once a while and generated new one with whiteout. After this I've deleted extension, since I was not able to replace new keys with old ones.

Then I re-installed extension hoping I will be able to imprt my old keypair. But everything become even more complicated. Option to generate new keys disappeared completely and now, no matter which file I'm setting as input (private key only, public key only, or both keys in one file one after another) I get the same error Key IDs dont match.

I cannot be wrong in typing my password!

My best guess, that keys previously generated by whiteout is still somewhere in the system. How I can check this and delete them?

Have you guys considered using https://github.com/rogerwang/node-webkit to package the desktop versions of this application?

It would eliminate the need for your end users to have chrome installed.

I love the idea there is a lack of email clients with PGP support.

Would prefer a single notification with a list of subjects.

In the android app you promise not to upload the (private) key, but then a notification pops up that the public key was uploaded successfully.

Firstly you should absolutely not upload anything if you promise not to. This is mainly a phrasing issue: specifying that no private key will be uploaded will help.

But an advanced option to not upload the public key either would be much appreciated also!

There are mail providers which allow you to upload a public key with which all incoming mail will be encrypted.
For security reasons it's not a good idea to use the main key for this, because every client (including mobile ones) need the matching private key.

But this key is not supposed to be used by any contact, ONLY the mail provider. Uploading this public key is not intended and should not happen without confirmation ever.

I'm using Whiteout on a brand new Macbook Pro (2.8 GHz Intel Core i7, 16 GB 1600 MHz DDR3).

Initial meta-data like from and subject loads very quickly, but then my machine slows to a crawl and it fails to load actual message content.

for unknown reasons, it seems to be possible to send a mail with no recipients

[DEBUG][2014-11-10T23:55:23.221Z][SMTP Client] SERVER: 220 ESMTP [server]

[DEBUG][2014-11-10T23:55:23.221Z][SMTP Client] Sending EHLO ip-172-31-18-41
[DEBUG][2014-11-10T23:55:23.439Z][SMTP Client] SERVER: 250-[server]
250-PIPELINING
250-SIZE 157286400
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME

[DEBUG][2014-11-10T23:55:23.440Z][SMTP Client] Server supports AUTH PLAIN
[DEBUG][2014-11-10T23:55:23.440Z][SMTP Client] Server supports AUTH LOGIN
[DEBUG][2014-11-10T23:55:23.440Z][SMTP Client] Maximum allowd message size: 157286400
[DEBUG][2014-11-10T23:55:23.440Z][SMTP Client] Authentication via AUTH PLAIN
[DEBUG][2014-11-10T23:55:23.652Z][SMTP Client] SERVER: 235 2.7.0 Authentication successful

[DEBUG][2014-11-10T23:55:23.652Z][SMTP Client] Authentication successful.
[DEBUG][2014-11-10T23:55:23.652Z][SMTP Client] Sending MAIL FROM...
[DEBUG][2014-11-10T23:55:23.856Z][SMTP Client] SERVER: 250 2.1.0 Ok

[ERROR][2014-11-10T23:55:23.856Z][SMTP Client] Error: Can't send mail - no recipients defined . Stack: Error: Can't send mail - no recipients defined
at SmtpClient._actionMAIL (https://mail.whiteout.io/js/app.min.js:18:15619)
at SmtpClient._onCommand (https://mail.whiteout.io/js/app.min.js:18:9330)
at SmtpResponseParser._processLine (https://mail.whiteout.io/js/app.min.js:18:3330)
at SmtpResponseParser.send (https://mail.whiteout.io/js/app.min.js:18:2330)
at SmtpClient._onData (https://mail.whiteout.io/js/app.min.js:18:8634)
at TCPSocket._emit (https://mail.whiteout.io/js/app.min.js:18:1109)
at TCPSocket.tlsinbound (https://mail.whiteout.io/js/app.min.js:17:31278)
at Worker.self._tlsWorker.onmessage (https://mail.whiteout.io/js/app.min.js:18:468)

Your guys' libraries have helped me so much, trying to give back! Heres the source for a threading algorithm I've been working on hopefully it is useful for Whiteout! https://github.com/marcus433/Dropmail-Threading-Experimental/

Hi,

I followed the instructions in the readme file for building and installed the required components. I'm getting a build error that I've been unable to resolve the past few days and I have a feeling it is something I've done incorrectly in my install. I'm running Win8.1. Here's the output from the cmd shell:

Any idea what I've done wrong?

Thanks,
Zach

Is there a way (via dev console, etc) to enable non-Gmail hosts? Why are they currently disabled?

Removing and reinstalling the chrome app removed my contacts. It would be nice if the public keys are backed up in google contacts when they are imported to avoid this and it would sync automatically to other devices.

Sometimes the composed message waiting in the outbox until I restart the app to sync with the mail server.

Currently the CloudUrl setting is https://keys.whiteout.io. Do we or Can we have support for other keyservers? e.g. https://pgp.mit.edu/pks/lookup?op=get&[email protected]

Startup fails on Firefox with the following error: TypeError: getIDBDatabaseException(...) is undefined app.min.js:10

This is a known bug in lawnchair: brianleroux/lawnchair#68

Please add multiple account support so I can get rid of thunderbird / geary :)

Thank you for your hard work.

I didn't initially realise that /src/css was generated and thus untracked by git. It might be clearer if generated source was kept to /dist?

I see that /dist is only the minified source - perhaps a /build folder would be better?

I would like to do a port to the BlackBerry Passport. Any pointers how to get started?

Running a self-hosted server on Ubuntu 14.04 LTS. All software installed is from distro packages. I get the following error when starting the server with grunt

root@mail:/usr/local/src/mail-html5# grunt --trace
Running "clean:dist" (clean) task

Running "shell:target" (shell) task

Running "sass:dist" (sass) task
Error: Invalid US-ASCII character "\xE2"
        on line 46 of src/sass/blocks/basics/_mail-addresses.scss
        from line 30 of src/sass/all.scss
  Use --trace for backtrace.
Warning: Exited with error code 65 Use --force to continue.

Aborted due to warnings.


Execution Time (2014-12-08 08:08:51 UTC)
loading tasks   1.3s  ??????????????????????????????????????????????? 62%
shell:target   446ms  ????????????????? 22%
sass:dist      316ms  ???????????? 15%
Total 2s

conversation view is a real time saver when you have big threads. People familiar with gmail interface would expect such a feature in any email app.

I just tried out the whiteout.io Android app against my own server and
it turns out that it can't connect. The error message is "Connection
failed. Check your credentials!". It highlights the password field, but
the password is fine.

I checked the "TLS" connection for both, is it possible that STARTTLS is
not supported? I did not try with plain text, since I don't allow that
on my host.

Thank you!

Hi

I need to do changes in white out code. if i change any thing and run using server.js. its not effecting anything. can i able to run the code without dist folder. If i run grunt file it is asking visual studio. is there any alternative for that or visual studio is compulsory.
i need to run this code for mobile app. it is logging in on desktop but in mobile its running but not logged in. am running the code using ionic framework and cordova using eclipse. so tell me the way to do modifications and run on mobile devises.

i hope u understand. i'll wait for your reply.

Thanks a lot.....

Hi

I need to add a custom server to Whiteout email.
i need to modify and run the code again according to my requirement.
but its not showing any changes while editing the code.
how to build the another mobile email app using the whiteout source code.

Please give me reply

Thank you

Hi

Am working on Whiteout-io code. i need to run that app in Mobile device, Android and IOS. The thing is it's running on localhost and device. It is everything is ok in Browser but in android device it not able to log in. i had run "grunt" and copied the dist folder to the www folder in cordova app. But its not logged in. I want to do some changes with your code and i need to built again for the custom Email client. in your custom login is not working, i dont know why...

Please help me for this Issue. i'll wait for your reply..

Thanks

When you start to enter the key and it moves you to the next input element, it automatically appends/pastes characters (looks like it appends the current content), breaking input.

Having trouble connecting to Postfix/Dovecot. I'm certain that my settings are correct, but I am using a self-signed cert, which may be the problem. How can I get more detail? Where are the logs? Do I need to set a log server somewhere?

I ([email protected]) tried to generate a keypair without a passphrase before 0.15.1, so I did a pre-emptive account reset (per the recommendation in #99) and got "An error occurred, we could not successfully reset your account."

The keyboard shortcuts (e.g. ctrl + n) are not working after I clicked within the email text.

Meta-Ticket:

• [Chrome App] OAuth token for Gmail can expire while the app is running. Refresh the token after a while.
• [Webapp] Add 3-legged-OAuth, especially for Gmail and Outlook.com who aggressively deprecate password-based logins

I'm having trouble understanding the difference between production mode and development mode for a self-hosted backend. I've installed nginx in the front of the node.js application with a commercial SSL CA certificate. When I launch the application in development mode using node server.js --dev the proxy functions as expected. When I use the production mode startup with npm start and go to the same URL it appears that the node.js application redirects to the value I set in the proxy_pass line. For example:

upstream whiteout {
        server 127.0.0.1:8889;
}

server {
        listen 443;
        server_name mail.openhosting.com;

        #root html;
        #index index.html index.htm;

        ssl on;
        ssl_certificate /etc/ssl/certs/star.openhosting.com.pem;
        ssl_certificate_key /etc/ssl/private/star.openhosting.com.key;

        ssl_session_timeout 5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
        ssl_prefer_server_ciphers on;

        location / {
                proxy_pass http://whiteout;
                #try_files $uri $uri/ =404;
        }
}

The redirect URL ends up as https://whiteout

Why?

For example, multiple people signing in to the same Whiteout instance hosted on a trusted server.

It could just be me, but playing around and unable to find the options/section where I can manually import a friends public key, and don't particularly want to spam them to signup for this.

If public key with which user authenticated to whiteout.io server first time don't match with new key he wants to import during extension re-install, the system gives too implicit error message with typo:

Key IDs dont match.

While more correct will be Key IDs don't match.

I also suggest to consider to turn this error message into something more self-explaining, like "Could not import given key. It doesn't match with the key used to register whiteout.io account", or something like that...

Hey folks, I was a bit confused by your frontpage where you say that Whiteout is:

Standards-based and Open Source

Yes, you clarify on the following pages and the license file in the repository also states the code is not openly licensed. But arguably what it says on the main page is what people will remember.

It would be good to not call it »Open Source« when it isn’t truly what people know as open source – licensed to lift copyright so people are allowed to modify and redistribute. Especially because this is about crypto and hence trust in the software it’s strange to have this misleading element.

I do think it’s great that you work on usable email crypto and contribute to open source projects. Would be really cool if you decide to openly license Whiteout as well.

(In any case we could go for lunch some time – I saw you’re at Werk1 Munich where I sometimes work from too.)

When attempting to connect to my dovecot IMAP server the following error is returned:

Underlying Cause: Invalid greeting: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

Technically not forbidden by PGP specs, but should be highly discouraged with a warning.

Not sure how tied it is to mail-html5, but https://mail.whiteout.io is giving me a blank document with one <pre> tag inside the body. I'm running Firefox on Win8. I assume this is something to do with browser support, as my settings are pretty standard.

https://github.com/whiteout-io/mail-html5/wiki/FAQ#email-account-login

Could you provide the link to the landing page where I can choose to OAuth Login into a mail provider?
For the life of me, I can't find a way to connect that way on WebApp and it keeps timing out when I go the way of Imap at: https://mail.whiteout.io/#/login-set-credentials

Steps to reproduce:

1. Open app in clean state (no accounts associated)
2. Pick gmail
3. click "import an exesting PGP key"
4. click "Choose File"
5. Pick an .asc file that doesn't have a public and private key in it, let's call it "key.asc"
6. "key.asc" is still selected
7. You can't edit the file with another program and the select it again because it doesn't trigger a change and re-check the file

Expected behaviour: If I edit the file and select it again it should be re-checked

Workaround: rename the file or restart the app