Re: Encrypting incoming messages with GnuPG
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/09/09 19:08, James Richardson wrote:
> Harry Rickards wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 05/09/09 18:24, Harry Rickards wrote:
>>> On 05/09/09 18:05, Harry Rickards wrote:
>>>> On 05/09/09 17:42, Dave Patterson wrote:
>>>>> * Harry Rickards <hrickards@l33tmyst.com> [2009-05-09 11:14:14 +0100]:
>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>> Hash: SHA1
>>>>>>
>>>>>> I was wondering if anyone knew of a way, perhaps using /etc/aliases, so
>>>>>> that all incoming mail addressed to my username (hrickards) is encrypted
>>>>>> with *my* public key, so that when I read it only I can read it using
>>>>>> *my* private key. If the mail was signed or encrypted beforehand, it
>>>>>> could then be decrypted with my private key as usual.
>>>>>>
>>>>> Hmm. So, we're looking at encrypting mails as they come in, prior to
>>>>> disk write, in a format that you, and only you, can later decrypt them,
>>>>> preferably using gpg. I don't care why, it's an intereUting problem.
>>>>> Local storage remains secure. At least that's what I think is the
>>>>> intention.
>>>>> Outside of using some disk encryption system like this:
>>>>> <http://www.debianhelp.org/node/15244>
>>>>> I'd try to pipe the mail fetchmail, procmail (pipe to
>>>>> encryptionscrypt,write-encrypted-email-to-disk)
>>>>> Remembering procmail only functions as a gate, and does not write the
>>>>> mail to disk until told to, and neither does fetchmail
>>>>> (or getmail or retchmail).
>>>>> script should be very simple:
>>>>> gpg -e -r yourusergpgidhere themessage
>>>>> Build from that command.
>>>>> Trick is to not write to disk prior to encryption.
>>>> Uh, huh. Thanks for the tips, I'll try to come up with something from that.
>>>
>>> So far I've added the gpmail alias in /etc/aliases as a test using the
>>> following line:
>>>
>>> gpmail:|/usr/bin/gpmail
>>>
>>> I then created the /usr/bin/gpmail script, and ran newaliases. In
>>> /usr/bin/gpmail I've got:
>>>
>>> gpg --encrypt --sign --armor -r hrickards@l33tmyst.com|mail -s Test
>>> hrickards@l33tmyst.com
>>>
>>> When piping stuff to it from the command line it works fine, but when
>>> sending a test email to gpmail@l33tmyst.com I get a blank email in
>>> response. I think this is because /usr/bin/gpmail is being executed as
>>> the 'nobody' user (I setup a whoami script), and I've setup the GPG keys
>>> for the 'mail' user. nobody can't use GPG, as it doesn't have a home
>>> directory, so is there a way to change the user that Postfix pipes
>>> things to with (to mail or any other user with a home directory)? Thanks
>>> for all the help.
>>>
>> I've given nobody a home directory to nobody using usermod, and running
>> /usr/bin/gpmail from the command line logged in as nobody works fine,
>> but I still receive blank emails when sending mail to
>> gpmail@l33tmyst.com. I suppose it could be that I'm sending it to the
>> address it's meant to forward it to, could someone send an email to
>> gpmail@l33tmyst.com for me? Thanks.
>
> Here you go. I just found the thread, looks like an interesting idea....
>
> I use exim so I can't help you with postfix...
>
> I will send this mail unsigned and unencrypted...
Ok, thanks. The mail was blank from you as well, so I don't know what's
happening. Anyone else successfully piping something in Postfix with
/etc/aliases?
- --
Many thanks
Harry Rickards (a.k.a l33tmyst)
- -----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/GCM/GCS/GCC/GIT/GM d? s: a? C++++ UL++++ P- L+++ E--- W+++ N o K+
w--- O- M- V- PS+ PE Y+ PGP++ t 5 X R tv-- b+++ DI D---- G e* h! !r y?
- ------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkoFyJkACgkQ1kZz3mRu0GrFXACfaEoxyTF/aIr1NWjduPHwXveQ
i00An3uTAP3xNpFfcpmsInJHS1bzmKBc
=Wjdp
-----END PGP SIGNATURE-----
Reply to: