Remove documentation and sample config for decryption
We no longer support decrypting emails, so: - Remove parameters from exmaple configuration file. - Remove relevant section from installation instructions (INSTALL.md).
This commit is contained in:
parent
7389dc8fde
commit
37335de329
25
INSTALL.md
25
INSTALL.md
|
|
@ -113,29 +113,6 @@ If your recipients have problems to decrypt mails encrypted by GPG-Mailgate they
|
|||
`User@example.com=inline`
|
||||
|
||||
|
||||
### Mail decryption
|
||||
|
||||
GPG-Mailgate does not only feature encryption of mails but also decryption of PGP encrypted mails.
|
||||
|
||||
#### Important notice
|
||||
|
||||
**Read carefully before setting up and using this functionality!**
|
||||
|
||||
With this functionality you could use GPG-Mailgate to decrypt incoming PGP encrypted mails (it is also capable of decrypting outgoing mails if the necessary key is present). To use this, you need to store your private keys on the server. This means that anyone who is able to obtain admin rights on the server is able to get the private keys stored on the server and is able to decrypt any mail encrypted with the corresponding public key. **If the server gets compromised in any kind and the attacker may have gained access to the server's file system, the keys have to be regarded as compromised as well!** If this happens you have to revoke your keys, notify everyone who has your public key (key servers as well) not to use this key any longer. You also need to create a new key pair for encrypted communication.
|
||||
|
||||
#### Limitations
|
||||
|
||||
There are two main types of PGP encryption: PGP/MIME and PGP/INLINE. PGP/MIME is standardized while PGP/INLINE isn't completely clear standardized (even though some people claim so). Decrypting PGP/MIME encrypted mails works in most cases while decrypting PGP/INLINE encrypted mails may fail more often. The reason is that most clients are implementing PGP/INLINE in their own way. GPG-Mailgate is able to decrypt mails which are encrypted PGP/INLINE by GPG-Mailgate on the sender's side. Furthermore it should be able to decrypt PGP/INLINE encrypted mails encrypted by Enigmail. For PGP/INLINE the mail's structure may not be preserved due to how PGP/INLINE is implemented on most clients. If you receive a PGP/INLINE encrypted mail that could not be decrypted by GPG-Mailgate you may ask the sender to use PGP/MIME instead. Furthermore file types might get lost when using PGP/INLINE. Due to this limitations decrypting PGP/INLINE encrypted mails is disabled by default. If you want to take the risk you can set `no_inline_dec` to `no` in the `[default]` section. You have been warned.
|
||||
|
||||
#### Setting up decryption
|
||||
|
||||
You need the recipient's private key for whom you want to decrypt mails. Only unprotected keys are supported. Keys protected by a passphrase could not be used. To add the private key, use the following command:
|
||||
`sudo -u nobody /usr/bin/gpg --homedir=/var/gpgmailgate/.gnupg --import /some/private.key`
|
||||
From now on PGP encrypted mails will be decrypted for the recipients for whom the keys are imported.
|
||||
|
||||
You also can remove a private key by using the following command. Replace `user@example.com` with the user's address for whom you want to remove the key:
|
||||
`sudo -u nobody /usr/bin/gpg --homedir=/var/gpgmailgate/.gnupg --delete-secret-keys user@example.com`
|
||||
|
||||
## Install GPG-Mailgate-Web
|
||||
|
||||
### Requirements
|
||||
|
|
@ -236,4 +213,4 @@ chmod a+x /usr/local/bin/register-handler.py
|
|||
|
||||
8. Restart postfix.
|
||||
|
||||
9. Test your installation.
|
||||
9. Test your installation.
|
||||
|
|
|
|||
|
|
@ -8,16 +8,6 @@ add_header = yes
|
|||
# This means gpg-mailgate won't automatically detect PGP recipients for encrypting
|
||||
enc_keymap_only = no
|
||||
|
||||
# Whether we should only decrypt emails if they are explicitly defined in
|
||||
# the key mappings below ([dec_keymap] section)
|
||||
# This means gpg-mailgate won't automatically detect PGP recipients for decrypting
|
||||
dec_keymap_only = no
|
||||
|
||||
# If dec_keymap_only is set to yes and recipients have private keys present for decrypting
|
||||
# but are not on in the keymap, this can cause that mails for them will be
|
||||
# encrypted. Set this to no if you want this behaviour.
|
||||
failsave_dec = yes
|
||||
|
||||
# Convert encrypted text/plain email to MIME-attached encrypt style.
|
||||
# (Default is to use older inline-style PGP encoding.)
|
||||
mime_conversion = yes
|
||||
|
|
@ -29,20 +19,6 @@ mime_conversion = yes
|
|||
# recipients all ignore the RFC you could this to yes.
|
||||
mail_case_insensitive = no
|
||||
|
||||
# This setting disables PGP/INLINE decryption completely. However,
|
||||
# PGP/MIME encrypted mails will still be decrypted if possible. PGP/INLINE
|
||||
# decryption has to be seen as experimental and could have some negative
|
||||
# side effects. So if you want to take the risk set this to no.
|
||||
no_inline_dec = yes
|
||||
|
||||
# Here you can define a regex for which the gateway should try to decrypt mails.
|
||||
# It could be used to define that decryption should be used for a wider range of
|
||||
# mail addresses e.g. a whole domain. No key is needed here. It is even active if
|
||||
# dec_keymap is set to yes. If this feature should be disabled, don't leave it blank.
|
||||
# Set it to None. For further regex information please have a look at
|
||||
# https://docs.python.org/2/library/re.html
|
||||
dec_regex = None
|
||||
|
||||
[gpg]
|
||||
# the directory where gpg-mailgate public keys are stored
|
||||
# (see INSTALL for details)
|
||||
|
|
|
|||
Loading…
Reference in New Issue