10.0: Adding a custom PGP encryption action to the reply editor toolbar

[jstanden]

A few users have asked for a way to encrypt and paste ASCII-armored PGP messages from the compose and reply editors, entirely within Cerb. This can be done with browser plugins like Mailvelope, but doing it in Cerb allows all workers to share the same repository of public keys without having to install any extra software.

In these environments, inline PGP is more desirable than encrypting the entire MIME message. In one particular case, this requirement is driven by an issue with Postmark (as an outgoing mail transport) rejecting encrypted email when messages sent through its SMTP interface are converted to their API format. They only accept basic MIME types like text/plain or text/html.

Inline PGP is also useful because you can keep the sensitive parts of a message encrypted at all times (e.g. login credentials, financial information). That content will be encrypted in your database and for all workers who view the message. When using full-message encryption, those messages are only encrypted in-transit and not at-rest in the database.

Adding new options to the compose and reply editor popups is currently possible in 9.x using conversational bot behaviors. However, these are unwieldy to implement and are consequently deprecated by new improvements.

The upcoming 10.0 release makes it easy to add your own custom actions to toolbars throughout Cerb.

For this example, first we'd create an interaction.worker automation.

Automations are written in KATA -- our simplified YAML-like text format.

The automation immediately enters the await: state. This displays a web-based form to gather more details from the worker who started the workflow.

We want a textarea form element for the message to encrypt, and a sheet element to select one or more PGP public keys.

Here's what the full automation looks like:

wgm.example.reply.pgp:

start:
  await:
    form:
      title: Encrypt message
      elements:
        textarea/prompt_message:
          label: Message:
          required@bool: yes
          
        sheet/prompt_recipient_keys:
          label: Recipient public keys:
          required@bool: yes
          data:
            automation:
              uri: cerb:automation:cerb.data.records
              inputs:
                record_type: gpg_public_key
          limit: 10
          schema:
            layout:
              headings@bool: no
              paging@bool: yes
              filtering@bool: yes
            columns:
              selection/id:
                params:
                  mode: multiple
              card/_label:
                params:
                  bold@bool: yes
  
  encrypt.pgp:
    output: encrypted_message
    inputs:
      message@key: prompt_message
      public_keys:
        ids@key: prompt_recipient_keys
  
  return:
    snippet@key: encrypted_message 

If you've done anything with bot behaviors, you'll realize how much functionality is packed into those few lines.

Don't worry if none of it makes sense yet -- the automation editor can generate working examples for you (using built-in interactions).

The most involved part is the sheet that prompts for recipient public keys; and that's just because sheets are highly configurable.

Rather than hardcoding a fixed list of possible public keys in the sheet data:, we're pulling the records dynamically from a data query. That is handled by another built-in automation. We show 10 records at a time, and the component automatically takes care of filtering and paging for us.

In the sheet, our records are displayed as rows. We add a selection column for multiple selection (checkboxes) and a card column for displaying the label of each record (the name/email of the public key's contact). In the card column, clicking on the label opens up a card popup so we can review the record.

The interaction also takes care of form validation for us. The automation won't continue until the worker provides valid inputs.

We use the worker's responses to generate the PGP message encrypted for one or more recipients, and then we return the encrypted text as a snippet: to be pasted into the editor at the cursor.

In the automation policy, which controls what the automation is permitted to do, we just need to allow the encrypt.pgp: command:

commands:
  encrypt.pgp:
    allow: yes

Each step of the automation can be tested in the built-in simulator and debugger:

Now we're ready to add our new interaction to a toolbar.

In 10.0+, toolbars are a new record type that you can access from the search menu. They are composed of buttons and menus. We can edit the mail.reply toolbar to add our encryption interaction as a button:

This is using toolbar KATA, but you can generate the entire script using the (+) button, which opens another built-in interaction to guide you (notice the trend?).

After we've added our custom button to the toolbar, suppose we receive a new message like:

When replying to Claire, we can now use our new button in the toolbar:

This starts our interaction automation, which displays the form to the current worker:

When the interaction completes, the encrypted message is automatically pasted into the reply editor:

Claire can decrypt the message however she prefers (e.g. Keybase, GPG, Mailvelope, OpenPGP for Outlook, etc).

We can reuse the same interaction in the compose editor, on comments, etc.

This same process can be used to add countless automated shortcuts to your email workflow. For instance, the interaction could fetch order information from another system, generate invoices, insert smarter canned responses, use a machine-learning model to generate replies from a prompt, etc.

Interactions also receive the currently selected text as input, so you could add another interaction to decrypt the encrypted PGP messages you receive. The automation could determine which workers are allowed to use which decryption keys.