iCal Link Sync

aka

Project management tool automatically generates iCal link and continuously exports/syncs events with due dates.

When I checked cryptpad, right now, it can only do one time import from iCal file, but not continuously importing/syncing events from iCal link, so please add this feature.

adigitoleo

Automatic calendar updates would be great to have: I'm looking to replace my use of google/outlook calendars but it will not be very convenient if I need to remember to manually upload a new iCal/ICS file. I guess this can be achieved with something like a timer/cron job on the server side, is it feasible?

Mathilde

Hello,

It's an interesting feature request indeed. Sadly, it completely break the privacy model of CryptPad, where everything is end-to-end encrypted.

As far as we know, neither the iCalendar, nor the CaldDav standards supports encryption. It would mean that your data is made readable by everyone who has access to the link and you'll loose complete control over who can access it.

We understand the need for people to connect CryptPad to other tools and are investigating API models that would allow integrations. However, I don't think it's something that will be doable in a short time-frame. We have yet no funding, nor time to work on this with our current roadmap.

Hope that helps clear some things up. Please don't hesitate to react and share ideas about the privacy side of the feature request!

dottrash

Mathilde

Hi,
While it is not possible to implement e2e encryption with iCal or CalDav, I think it might be possible to do a workaround with RSS. In the collective I am in, we have a shared cryptpad account with a calendar. We do not log into the cryptpad super regularly and often it is only one person accessing the documents for a meeting. Still it would be nice if for example meeting reminders of meetings that are scheduled in the calendar get to people without them having to open the drive.
One way I was thinking about is generating .atom items from the instead of .ics items. Individuals can then subscribe add the calendar items to their RSS feed or have them as emails in their inbox. Some quick googling yielded that secure syndication can be used to read encrypted RSS feeds in your browser, and I think something similar should work for email as well.
Do you think providing encrypted RSS is realistic in this situation?

kaktux

i dont know if this is a possible solution: but what about the option of just embeding external pages?
Like nextcloud does with a plugin

So basically this could just be the option to add a link with a name you can shoose to the menu - and the linked page is embeded - but not interacting with cryptpad - but still viewable from there.

David

@dottrash @kaktux Hi and thanks for this feedback, as someone who constantly juggles calendars in CryptPad and other tools I would really love to have this feature. However there are some really important limitations to doing this, which is why we are saying that it is unlikely to happen any time soon.

End-to-end encryption means that the CryptPad server does not have ANY readable data. Everything is decrypted on the user's device, and encrypted before it is sent back. This is the one key constraint that we have to work with to preserve privacy. When you say that you don't log in to CryptPad very often, you are implying that the server would have to provide the readable RSS or calendar feed, which it cannot do because it does not even know which file is your calendar, let alone the contents of it.

I hope this makes things clearer. A lot of this type of functionality in other services takes for granted that the "always on" server has access to readable data.

da5nsy

David
Hi David!
There's something I'm not understanding which perhaps you can help me understand.
If I can share a public link to a calendar, which anyone can access at any time, how is this end-to-end encrypted? Surely there must be a CryptPad server which is serving this content along with any neccessary keys to decrypt it?

When I generate the link I get the warning "This link contains the keys to your document. Recipients will gain non-revokable access to your content." - does this mean access to that specific calendar or all content on the drive?

Mathilde

Hello,

da5nsy Surely there must be a CryptPad server which is serving this content along with any neccessary keys to decrypt it?

No, the private key that will allow you to decrypt the content is stored on your device only. It's how end-to-end encryption works. The server only shares, on your behalf, your public key. Which, by itself, cannot allow to decrypt anything.

Third-party Calendar applications doesn't support encryption. There is no standard for this to follow, no specifications. Hence the impossibility to share or access your calendar content outside of CryptPad.

Hope it help clarify!

da5nsy

Sorry, I'm still struggling to follow - if I can share a link which anyone at any time can use, then surely that link must include, or point to, everything needed to decrypt the information?

See, for example, this test calendar I just created: https://cryptpad.fr/calendar/#/2/calendar/view/1juhBtaqc2Tw7Vs4r-3kuSlgbvJMl7VqpPbPRRYTl-0/

Mathilde

da5nsy sorry for the confusion.

When you publicly share a CryptPad document, the key to decrypt it are part of the URL. So anybody, even without a CryptPad account, being one of your contact, can open it on your CryptPad instance.

However, that doesn't solve the second part of my previous message: third-party software can't know how to handle encrypted Calendars. Both the iCalendar and CalDAV standards are two decades old, and none support encryption.

da5nsy

Thanks @Mathilde, I understand now.

jh72de

That's actually easy, all it needs are bridges. Check EteSync on how it's done. For Android they just altered DAVx5. On desktops, there's the EteSync-DAV bridge.

Mathilde

jh72de thanks for sharing, but this isn't relevant to our use case.

CryptPad is end-to-end encrypted for a good reason, with a specific threat model in mind. Proposing a "workaround" which would allow to decrypt a Calendar and all its events to make it available from a CalDAV endpoint isn't gonna happen.