Re: Encrypting incoming messages with GnuPG

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/09/09 19:08, James Richardson wrote:
Harry Rickards wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/09/09 18:24, Harry Rickards wrote:
On 05/09/09 18:05, Harry Rickards wrote:
On 05/09/09 17:42, Dave Patterson wrote:
* Harry Rickards <hrickards@xxxxxxxxxxxx> [2009-05-09 11:14:14 +0100]:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was wondering if anyone knew of a way, perhaps using /etc/aliases, so
that all incoming mail addressed to my username (hrickards) is encrypted
with *my* public key, so that when I read it only I can read it using
*my* private key. If the mail was signed or encrypted beforehand, it
could then be decrypted with my private key as usual.

Hmm. So, we're looking at encrypting mails as they come in, prior to
disk write, in a format that you, and only you, can later decrypt them,
preferably using gpg. I don't care why, it's an intereUting problem.
Local storage remains secure. At least that's what I think is the
intention.
Outside of using some disk encryption system like this:
<http://www.debianhelp.org/node/15244>
I'd try to pipe the mail fetchmail, procmail (pipe to
encryptionscrypt,write-encrypted-email-to-disk)
Remembering procmail only functions as a gate, and does not write the
mail to disk until told to, and neither does fetchmail
(or getmail or retchmail).
script should be very simple:
gpg -e -r yourusergpgidhere themessage
Build from that command.
Trick is to not write to disk prior to encryption.
Uh, huh. Thanks for the tips, I'll try to come up with something from that.

So far I've added the gpmail alias in /etc/aliases as a test using the
following line:

gpmail:|/usr/bin/gpmail

I then created the /usr/bin/gpmail script, and ran newaliases. In
/usr/bin/gpmail I've got:

gpg --encrypt --sign --armor -r hrickards@xxxxxxxxxxxx|mail -s Test
hrickards@xxxxxxxxxxxx

When piping stuff to it from the command line it works fine, but when
sending a test email to gpmail@xxxxxxxxxxxx I get a blank email in
response. I think this is because /usr/bin/gpmail is being executed as
the 'nobody' user (I setup a whoami script), and I've setup the GPG keys
for the 'mail' user. nobody can't use GPG, as it doesn't have a home
directory, so is there a way to change the user that Postfix pipes
things to with (to mail or any other user with a home directory)? Thanks
for all the help.

I've given nobody a home directory to nobody using usermod, and running
/usr/bin/gpmail from the command line logged in as nobody works fine,
but I still receive blank emails when sending mail to
gpmail@xxxxxxxxxxxxx I suppose it could be that I'm sending it to the
address it's meant to forward it to, could someone send an email to
gpmail@xxxxxxxxxxxx for me? Thanks.

Here you go. I just found the thread, looks like an interesting idea....

I use exim so I can't help you with postfix...

I will send this mail unsigned and unencrypted...

Ok, thanks. The mail was blank from you as well, so I don't know what's
happening. Anyone else successfully piping something in Postfix with
/etc/aliases?

- --
Many thanks
Harry Rickards (a.k.a l33tmyst)

- -----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/GCM/GCS/GCC/GIT/GM d? s: a? C++++ UL++++ P- L+++ E--- W+++ N o K+
w--- O- M- V- PS+ PE Y+ PGP++ t 5 X R tv-- b+++ DI D---- G e* h! !r y?
- ------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkoFyJkACgkQ1kZz3mRu0GrFXACfaEoxyTF/aIr1NWjduPHwXveQ
i00An3uTAP3xNpFfcpmsInJHS1bzmKBc
=Wjdp
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • Re: Ping Crawdad
    ... Hash: SHA1 ... setup wireless networking for his two laptops, ... the beauty is that the Slim Devices machine does WPA encryption. ...
    (alt.2600)
  • Re: MSN Sniffed but what password encryption?
    ... Hash: SHA1 ... Am not sure what encryption they use, but it known for sure, as can be checked ... with Ettercap "ettercap.sourceforge.net". ...
    (Security-Basics)
  • Re: Encrypting incoming messages with GnuPG
    ... Hash: SHA1 ... Outside of using some disk encryption system like this: ... Trick is to not write to disk prior to encryption. ...
    (Debian-User)
  • Re: SHA1 encryption
    ... > of attention, it doesn't mean SHA1 is "cracked," it just means ... > finding different messages with the same SHA1 hash is easier ... and unless someone finds an algorithm for finding ... > intended for, not for encryption!) ...
    (microsoft.public.sqlserver.programming)
  • Re: [Full-Disclosure] Severe exploit found, all UNIX are affected!
    ... Hash: SHA1 ... On Fri, 17 Sep 2004, nobody wrote: ... > improve your sense of humor... ...
    (Full-Disclosure)
Loading