Re: Encrypting incoming messages with GnuPG

To: debian-user@lists.debian.org
Subject: Re: Encrypting incoming messages with GnuPG
From: Harry Rickards <hrickards@l33tmyst.com>
Date: Sat, 09 May 2009 18:24:37 +0100
Message-id: <[🔎] 4A05BC55.90605@l33tmyst.com>
In-reply-to: <[🔎] 4A05B7DB.8090005@l33tmyst.com>
References: <[🔎] 4A055776.8010405@l33tmyst.com> <[🔎] 20090509164205.GC4754@gecko.davescrunch.net> <[🔎] 4A05B7DB.8090005@l33tmyst.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/09/09 18:05, Harry Rickards wrote:
> On 05/09/09 17:42, Dave Patterson wrote:
>> * Harry Rickards <hrickards@l33tmyst.com> [2009-05-09 11:14:14 +0100]:
> 
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> I was wondering if anyone knew of a way, perhaps using /etc/aliases, so
>>> that all incoming mail addressed to my username (hrickards) is encrypted
>>> with *my* public key, so that when I read it only I can read it using
>>> *my* private key. If the mail was signed or encrypted beforehand, it
>>> could then be decrypted with my private key as usual.
>>>
>> Hmm.  So, we're looking at encrypting mails as they come in, prior to
>> disk write, in a format that you, and only you, can later decrypt them,
>> preferably using gpg.  I don't care why, it's an intereUting problem.
> 
>> Local storage remains secure.  At least that's what I think is the
>> intention.
> 
>> Outside of using some disk encryption system like this:
> 
>> <http://www.debianhelp.org/node/15244>
> 
>> I'd try to pipe the mail fetchmail, procmail (pipe to
>> encryptionscrypt,write-encrypted-email-to-disk)
> 
>> Remembering procmail only functions as a gate, and does not write the
>> mail to disk until told to, and neither does fetchmail 
>> (or getmail or retchmail).
> 
>> script should be very simple:
> 
>> gpg -e -r yourusergpgidhere themessage
> 
>> Build from that command. 
> 
>> Trick is to not write to disk prior to encryption.
> 
> Uh, huh. Thanks for the tips, I'll try to come up with something from that.
> 

So far I've added the gpmail alias in /etc/aliases as a test using the
following line:

gpmail:|/usr/bin/gpmail

I then created the /usr/bin/gpmail script, and ran newaliases. In
/usr/bin/gpmail I've got:

gpg --encrypt --sign --armor -r hrickards@l33tmyst.com|mail -s Test
hrickards@l33tmyst.com

When piping stuff to it from the command line it works fine, but when
sending a test email to gpmail@l33tmyst.com I get a blank email in
response. I think this is because /usr/bin/gpmail is being executed as
the 'nobody' user (I setup a whoami script), and I've setup the GPG keys
for the 'mail' user. nobody can't use GPG, as it doesn't have a home
directory, so is there a way to change the user that Postfix pipes
things to with (to mail or any other user with a home directory)? Thanks
for all the help.

- -- 
Many thanks
Harry Rickards (a.k.a l33tmyst)

- -----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/GCM/GCS/GCC/GIT/GM d? s: a? C++++ UL++++ P- L+++ E--- W+++ N o K+
w--- O- M- V- PS+  PE Y+ PGP++ t 5 X R tv-- b+++ DI D---- G e* h! !r y?
- ------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkoFvFUACgkQ1kZz3mRu0GoPzACeOuScRxmp5Tfl8hly62v6TlRN
CT8AoOymR+pom0IkUJ8Hu5DUMw7oHEzQ
=yZhK
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Encrypting incoming messages with GnuPG
  - From: Harry Rickards <hrickards@l33tmyst.com>
- Re: Encrypting incoming messages with GnuPG
  - From: Dave Patterson <sdpatt2@gmail.com>

References:
- Encrypting incoming messages with GnuPG
  - From: Harry Rickards <hrickards@l33tmyst.com>
- Re: Encrypting incoming messages with GnuPG
  - From: Dave Patterson <sdpatt2@gmail.com>
- Re: Encrypting incoming messages with GnuPG
  - From: Harry Rickards <hrickards@l33tmyst.com>

Prev by Date: Re: Debian testing
Next by Date: [SOLVED] lenny upgrade -> lost CPU temp monitor
Previous by thread: Re: Encrypting incoming messages with GnuPG
Next by thread: Re: Encrypting incoming messages with GnuPG
Index(es):
- Date
- Thread