today we have released the final version Z-Push 2.0.7 (build 1690).
In this version we have implemented new features like the support for S/Mime signing and en/decryption of messages on the mobile. Also Reply/Forward flags sync from the server to the mobile was implemented.
We have also merged several fixes from 2.1 into this release. Heartbeat connections should work as expected now and not cause sync on every folder.
The following refers to Zarafa backend only.In order to use S/MIME for email signing and/or encryption on your mobile device there are some requirements.First of all you will need an email certificate. Acquiring it is beyond of the scope of this document. Configuring certifications in AD/LDAP is also not covered here but there are various sites covering it. Later the will be a more extensive configuration manual available.
The private key must be imported to the mobile device. It can be achieved either sending yourself an email with the key or uploading it onto the storage card. The key must be in PKCS-format (.p12). It can be exported e.g. using windows mmc console. It is also possible to retrieve the key using Firefox certificates’ backup (if you have installed the certificate using Firefox). Once you’ve imported it, in your active sync account settings there’s security options where you can select the key.
It might be possible that PHP functions require CA information in order to validate certs. Therefore the CAINFO parameter in the line 101 of config.php must be configured propertly.
The public keys for encryption are retrieved either from the global address book or the contacts.
In Active Directory the public key for contacts from GAB is saved in PR_EMS_AB_TAGGED_X509_CERT (0x8C6A1102) property and if you save a key in a contact it’s PR_USER_X509_CERTIFICATE (0x3A701102).
In LDAP public key for contacts from GAB is saved in userCertificate property. It should be mapped to 0x3A220102 in ldap.propmap.cfg (0x3A220102 = userCertificate). Make sure it looks like this in LDAP: userCertificate;binary:: MIIFGjCCBAKgAwIBAgIQbRnqpxlPa…
Currently only Android 4.X and higher and iOS 5 and higher devices are known to support encryption/signing of emails.
Changes since 2.0.6
[ZP-396] – Merge into 2.0.x: Reply/Forward flags are not synced from the server to the mobile
[ZP-401] – Merge into 2.0.x: Implement S/MIME
Full change log is available here.
Your feedback is highly appreciated.
Z-Push dev team