Updated README, cleaned some cruft out
This commit is contained in:
parent
06ccf85b9e
commit
ccfa3194ff
25
README
25
README
|
@ -1,25 +0,0 @@
|
|||
See https://grepular.com/Automatically_Encrypting_all_Incoming_Email
|
||||
|
||||
This application takes one argument on the command line. The email address to
|
||||
look up the public key that the message will be encrypted with. An email
|
||||
message is piped through the application, and the resulting email is sent to
|
||||
STDOUT encrypted with the relevant public key. If you provide multiple email
|
||||
addresses, then the message will be encrypted with multiple keys. There are
|
||||
several options to do with the type of encryption used, ie PGP/MIME or inline
|
||||
and these can be discovered by running the script without any arguments to
|
||||
read the usage information.
|
||||
|
||||
If the message is already encrypted, it doesn't get encrypted a second time.
|
||||
|
||||
Exim users can use the transport_filter directive in a transport in order to
|
||||
call this application, like so:
|
||||
|
||||
transport_filter = /bin/gpgit.pl my.email.address@example.com
|
||||
|
||||
Procmail users can add a procmail recipe as follows
|
||||
|
||||
:0 f
|
||||
| /bin/gpgit.pl my.email.address@example.com
|
||||
|
||||
If you call gpgit.pl from a different application, I'd love to hear from you so
|
||||
I can update this README file.
|
|
@ -0,0 +1,55 @@
|
|||
gpgit
|
||||
=====
|
||||
|
||||
What
|
||||
----
|
||||
`gpgit` is a mail filter that encrypts an email with a public key in the user's [GnuPG] keyring.
|
||||
|
||||
Why
|
||||
---
|
||||
It partially solves the problem that no one wants to use [PGP] encryption. The email is still in the clear while in transit, but it gets encrypted before it touches your mail server's hard drive. That means mail is still vulnerable to network capture (unless [TLS] is used) and to logging on the intermediate [SMTP] servers, but not vulnerable to [authorities randomly seizing your server][Riseup server seizure], [National Security Letters] [on your email provider][Jacob Appelbaum email seizure], or other crazy stuff like that.
|
||||
|
||||
How
|
||||
---
|
||||
`gpgit` simply reads an email from stdin, encrypts it with the key given as first argument (unless the email is already encrypted), and writes out the result to stdout. That's almost all there is to it; some other arguments are available. Run `gpgit` without arguments for details.
|
||||
|
||||
You need some Perl modules for this to work:
|
||||
|
||||
* [MIME:Tools]
|
||||
* [Mail::GnuPG]
|
||||
|
||||
There are multiple ways to use this in your email system:
|
||||
* With [Exim]: [Automatically Encrypting all Incoming Email with Exim]
|
||||
* With [Dovecot]: [Encrypt specific incoming emails using Dovecot and Sieve]
|
||||
|
||||
encmaildir.sh
|
||||
-------------
|
||||
`encmaildir.sh` is a little bonus script to encrypt an existing email directory, taking care of file permissions and ownership and Dovecot indexes and everything.
|
||||
|
||||
Only unencrypted emails will be modified. Run `encmaildir.sh` without arguments for usage information.
|
||||
|
||||
Who
|
||||
---
|
||||
* [Mike Cardwell] for the original script ([`gpgit.pl`][gpgit.pl])
|
||||
* [PunchiePets on DSLReports] and [Olivier Berger] for the [original version of `encmaildir.sh`][original version of encmaildir.sh]
|
||||
* [Etienne Perot] for modifications to `encmaildir.sh`
|
||||
|
||||
[GnuPG]: http://www.gnupg.org/
|
||||
[PGP]: https://en.wikipedia.org/wiki/Pretty_Good_Privacy
|
||||
[TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security
|
||||
[SMTP]: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
|
||||
[Riseup server seizure]: https://www.eff.org/deeplinks/2012/04/may-firstriseup-server-seizure-fbi-overreaches-yet-again
|
||||
[National security letters]: https://en.wikipedia.org/wiki/National_security_letter
|
||||
[Jacob Appelbaum email seizure]: http://online.wsj.com/article/SB10001424052970203476804576613284007315072.html
|
||||
[MIME:Tools]: http://search.cpan.org/perldoc?MIME%3A%3ATools
|
||||
[Mail::GnuPG]: http://search.cpan.org/perldoc?Mail%3A%3AGnuPG
|
||||
[Exim]: http://www.exim.org/
|
||||
[Automatically Encrypting all Incoming Email with Exim]: https://grepular.com/Automatically_Encrypting_all_Incoming_Email
|
||||
[Dovecot]: http://www.dovecot.org/
|
||||
[Encrypt specific incoming emails using Dovecot and Sieve]: https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve
|
||||
[Mike Cardwell]: https://grepular.com/
|
||||
[gpgit.pl]: https://github.com/mikecardwell/gpgit/blob/master/gpgit.pl
|
||||
[PunchiePets on DSLReports]: https://secure.dslreports.com/forum/r26276347-
|
||||
[Olivier Berger]: https://github.com/olberger
|
||||
[Etienne Perot]: https://perot.me/
|
||||
[original version of encmaildir.sh]: https://github.com/olberger/gpgit/blob/master/encmaildir.sh
|
30
TODO
30
TODO
|
@ -1,30 +0,0 @@
|
|||
There are a number of options that can be added to this application to make it
|
||||
more flexible. Here are some ideas that I will implement when I get around to
|
||||
it. Patches welcome.
|
||||
|
||||
1.) Use Key IDs interchangeably with email addresses
|
||||
|
||||
2.) Optionally support signing as well as encrypting.
|
||||
|
||||
--sign-key "The email address or key id to sign with"
|
||||
--sign-pass "The password for the secret signing key"
|
||||
--sign-pass-file "Path to file containing password for the secret signing key"
|
||||
|
||||
3.) If there are no recipients, should we just output the original message and
|
||||
exit, or die?
|
||||
|
||||
--on-missing-recipients output-plain / die
|
||||
|
||||
4.) Perhaps have an optional default recipient option which is used if no other
|
||||
recipients are provided.
|
||||
|
||||
--default-recipient key-id or email-address
|
||||
|
||||
5.) If one or more of the recipients doesn't have a public key in the local gpg
|
||||
ring how do we behave?
|
||||
|
||||
--on-missing-key output-plain / discard-recipient / die
|
||||
|
||||
6.) Optionally specify path to the gpg "homedir" on the command line
|
||||
|
||||
--gpg-home path-to-gnupg-directory
|
|
@ -32,7 +32,7 @@
|
|||
# Slightly modified by olivier.berger@it-sudparis.eu (https://github.com/olberger/gpgit/commit/2c32d4ec201e8a3f17a9f4eff83d2514f93433e3)
|
||||
# Modified by Etienne Perot
|
||||
|
||||
gpgit="`dirname "$0"`/gpgit.pl"
|
||||
gpgit="`dirname "$0"`/gpgit"
|
||||
|
||||
if [[ -z "$1" || -z "$2" ]]; then
|
||||
echo "Usage is ./encmaildir.sh /path/to/Maildir certificate_user@domain.com [optional arguments passed to 'find' for messages such as '-mtime 0']"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/perl
|
||||
#!/usr/bin/env perl
|
||||
|
||||
##############################################################################
|
||||
# #
|
Loading…
Reference in New Issue