Re: Encrypting incoming messages with GnuPG

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/09/09 18:05, Harry Rickards wrote:
On 05/09/09 17:42, Dave Patterson wrote:
* Harry Rickards <hrickards@xxxxxxxxxxxx> [2009-05-09 11:14:14 +0100]:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was wondering if anyone knew of a way, perhaps using /etc/aliases, so
that all incoming mail addressed to my username (hrickards) is encrypted
with *my* public key, so that when I read it only I can read it using
*my* private key. If the mail was signed or encrypted beforehand, it
could then be decrypted with my private key as usual.

Hmm. So, we're looking at encrypting mails as they come in, prior to
disk write, in a format that you, and only you, can later decrypt them,
preferably using gpg. I don't care why, it's an intereUting problem.

Local storage remains secure. At least that's what I think is the
intention.

Outside of using some disk encryption system like this:

<http://www.debianhelp.org/node/15244>

I'd try to pipe the mail fetchmail, procmail (pipe to
encryptionscrypt,write-encrypted-email-to-disk)

Remembering procmail only functions as a gate, and does not write the
mail to disk until told to, and neither does fetchmail
(or getmail or retchmail).

script should be very simple:

gpg -e -r yourusergpgidhere themessage

Build from that command.

Trick is to not write to disk prior to encryption.

Uh, huh. Thanks for the tips, I'll try to come up with something from that.


So far I've added the gpmail alias in /etc/aliases as a test using the
following line:

gpmail:|/usr/bin/gpmail

I then created the /usr/bin/gpmail script, and ran newaliases. In
/usr/bin/gpmail I've got:

gpg --encrypt --sign --armor -r hrickards@xxxxxxxxxxxx|mail -s Test
hrickards@xxxxxxxxxxxx

When piping stuff to it from the command line it works fine, but when
sending a test email to gpmail@xxxxxxxxxxxx I get a blank email in
response. I think this is because /usr/bin/gpmail is being executed as
the 'nobody' user (I setup a whoami script), and I've setup the GPG keys
for the 'mail' user. nobody can't use GPG, as it doesn't have a home
directory, so is there a way to change the user that Postfix pipes
things to with (to mail or any other user with a home directory)? Thanks
for all the help.

- --
Many thanks
Harry Rickards (a.k.a l33tmyst)

- -----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/GCM/GCS/GCC/GIT/GM d? s: a? C++++ UL++++ P- L+++ E--- W+++ N o K+
w--- O- M- V- PS+ PE Y+ PGP++ t 5 X R tv-- b+++ DI D---- G e* h! !r y?
- ------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkoFvFUACgkQ1kZz3mRu0GoPzACeOuScRxmp5Tfl8hly62v6TlRN
CT8AoOymR+pom0IkUJ8Hu5DUMw7oHEzQ
=yZhK
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • Re: PGP How To: Email Use
    ... Hash: SHA1 ... You'll need to sign and not encrypt your message. ... verify that this message is signed by your private key. ...
    (Security-Basics)
  • Re: Encryption software integrity test
    ... > Hash: SHA1 ... >> Tom McCune ... gpg: invalid dash escaped line: -.-.YOU CAN ENCRYPT YOUR EMAIL TO ...
    (sci.crypt)
  • Re: MS EFS Question
    ... Hash: SHA1 ... but the file isn't recoverable without the private key. ... > can also use the backup utility to create a backup archive and move ...
    (Security-Basics)
  • Re: GPG issues
    ... Hash: SHA1 ... I have much more experience with PGP than GPG, ...
    (RedHat)
  • Re: private key encryption - doubts
    ... > Alice creates a one-way hash and encrypt it with her private key ... So Bob now knows the private key of Alice. ... > I need to know what exactly is a digital signature. ... same symmetric key for both encryption and decryption). ...
    (comp.security.ssh)