diff --git a/README b/README deleted file mode 100644 index 2080dc6..0000000 --- a/README +++ /dev/null @@ -1,25 +0,0 @@ -See https://grepular.com/Automatically_Encrypting_all_Incoming_Email - -This application takes one argument on the command line. The email address to -look up the public key that the message will be encrypted with. An email -message is piped through the application, and the resulting email is sent to -STDOUT encrypted with the relevant public key. If you provide multiple email -addresses, then the message will be encrypted with multiple keys. There are -several options to do with the type of encryption used, ie PGP/MIME or inline -and these can be discovered by running the script without any arguments to -read the usage information. - -If the message is already encrypted, it doesn't get encrypted a second time. - -Exim users can use the transport_filter directive in a transport in order to -call this application, like so: - - transport_filter = /bin/gpgit.pl my.email.address@example.com - -Procmail users can add a procmail recipe as follows - - :0 f - | /bin/gpgit.pl my.email.address@example.com - -If you call gpgit.pl from a different application, I'd love to hear from you so -I can update this README file. diff --git a/README.md b/README.md new file mode 100644 index 0000000..beae330 --- /dev/null +++ b/README.md @@ -0,0 +1,55 @@ +gpgit +===== + +What +---- +`gpgit` is a mail filter that encrypts an email with a public key in the user's [GnuPG] keyring. + +Why +--- +It partially solves the problem that no one wants to use [PGP] encryption. The email is still in the clear while in transit, but it gets encrypted before it touches your mail server's hard drive. That means mail is still vulnerable to network capture (unless [TLS] is used) and to logging on the intermediate [SMTP] servers, but not vulnerable to [authorities randomly seizing your server][Riseup server seizure], [National Security Letters] [on your email provider][Jacob Appelbaum email seizure], or other crazy stuff like that. + +How +--- +`gpgit` simply reads an email from stdin, encrypts it with the key given as first argument (unless the email is already encrypted), and writes out the result to stdout. That's almost all there is to it; some other arguments are available. Run `gpgit` without arguments for details. + +You need some Perl modules for this to work: + +* [MIME:Tools] +* [Mail::GnuPG] + +There are multiple ways to use this in your email system: +* With [Exim]: [Automatically Encrypting all Incoming Email with Exim] +* With [Dovecot]: [Encrypt specific incoming emails using Dovecot and Sieve] + +encmaildir.sh +------------- +`encmaildir.sh` is a little bonus script to encrypt an existing email directory, taking care of file permissions and ownership and Dovecot indexes and everything. + +Only unencrypted emails will be modified. Run `encmaildir.sh` without arguments for usage information. + +Who +--- +* [Mike Cardwell] for the original script ([`gpgit.pl`][gpgit.pl]) +* [PunchiePets on DSLReports] and [Olivier Berger] for the [original version of `encmaildir.sh`][original version of encmaildir.sh] +* [Etienne Perot] for modifications to `encmaildir.sh` + +[GnuPG]: http://www.gnupg.org/ +[PGP]: https://en.wikipedia.org/wiki/Pretty_Good_Privacy +[TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security +[SMTP]: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol +[Riseup server seizure]: https://www.eff.org/deeplinks/2012/04/may-firstriseup-server-seizure-fbi-overreaches-yet-again +[National security letters]: https://en.wikipedia.org/wiki/National_security_letter +[Jacob Appelbaum email seizure]: http://online.wsj.com/article/SB10001424052970203476804576613284007315072.html +[MIME:Tools]: http://search.cpan.org/perldoc?MIME%3A%3ATools +[Mail::GnuPG]: http://search.cpan.org/perldoc?Mail%3A%3AGnuPG +[Exim]: http://www.exim.org/ +[Automatically Encrypting all Incoming Email with Exim]: https://grepular.com/Automatically_Encrypting_all_Incoming_Email +[Dovecot]: http://www.dovecot.org/ +[Encrypt specific incoming emails using Dovecot and Sieve]: https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve +[Mike Cardwell]: https://grepular.com/ +[gpgit.pl]: https://github.com/mikecardwell/gpgit/blob/master/gpgit.pl +[PunchiePets on DSLReports]: https://secure.dslreports.com/forum/r26276347- +[Olivier Berger]: https://github.com/olberger +[Etienne Perot]: https://perot.me/ +[original version of encmaildir.sh]: https://github.com/olberger/gpgit/blob/master/encmaildir.sh \ No newline at end of file diff --git a/TODO b/TODO deleted file mode 100644 index 73cb3a9..0000000 --- a/TODO +++ /dev/null @@ -1,30 +0,0 @@ -There are a number of options that can be added to this application to make it -more flexible. Here are some ideas that I will implement when I get around to -it. Patches welcome. - -1.) Use Key IDs interchangeably with email addresses - -2.) Optionally support signing as well as encrypting. - - --sign-key "The email address or key id to sign with" - --sign-pass "The password for the secret signing key" - --sign-pass-file "Path to file containing password for the secret signing key" - -3.) If there are no recipients, should we just output the original message and - exit, or die? - - --on-missing-recipients output-plain / die - -4.) Perhaps have an optional default recipient option which is used if no other - recipients are provided. - - --default-recipient key-id or email-address - -5.) If one or more of the recipients doesn't have a public key in the local gpg - ring how do we behave? - - --on-missing-key output-plain / discard-recipient / die - -6.) Optionally specify path to the gpg "homedir" on the command line - - --gpg-home path-to-gnupg-directory diff --git a/encmaildir.sh b/encmaildir.sh index 2fd1b6a..ca49eaa 100755 --- a/encmaildir.sh +++ b/encmaildir.sh @@ -32,7 +32,7 @@ # Slightly modified by olivier.berger@it-sudparis.eu (https://github.com/olberger/gpgit/commit/2c32d4ec201e8a3f17a9f4eff83d2514f93433e3) # Modified by Etienne Perot -gpgit="`dirname "$0"`/gpgit.pl" +gpgit="`dirname "$0"`/gpgit" if [[ -z "$1" || -z "$2" ]]; then echo "Usage is ./encmaildir.sh /path/to/Maildir certificate_user@domain.com [optional arguments passed to 'find' for messages such as '-mtime 0']" diff --git a/gpgit.pl b/gpgit similarity index 99% rename from gpgit.pl rename to gpgit index 33512ff..4adcdc6 100755 --- a/gpgit.pl +++ b/gpgit @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl ############################################################################## # #