A mailgate for Postfix to encrypt incoming and outgoing email with S/MIME and/or OpenPGP and decrypting OpenPGP encrypted emails https://lacre.io
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Piotr F. Mieszkowski 92f3cedc51 Remove leftover .read() call 5 months ago
public_html compatibility update for php7/8 (#61) 6 months ago
README Update README 9 years ago
cron.py Remove leftover .read() call 5 months ago
schema.sql Initial commit for gpg-mailgate-web addition. 9 years ago



gpg-mailgate-web is a web interface designed to allow any web user
to upload their PGP public key and then have all mail sent via
your mail server be encrypted. (Note: this is not meant for email
authentication, only encryption.)

After submitting their key to a web form, the user will be required
to confirm their email address. A cron script will register the
public key with gpg-mailgate (keyhome_only must be set to no
currently, which is the default) after email confirmation. From
then on, email to the specified address will be encrypted with
the public key.

gpg-mailgate-web is useful for two purposes: for a transparent
PGP encryption layer in front of any web application, or simple as
a web interface for gpg-mailgate so that users on your mail server
can easily upload and change their PGP keys.

Note that all processing relating to the mail server is done via the
cron script. This means that gpg-mailgate and the gpgmw cron can
be installed on a different server from the web server. The MySQL
database must be shared between the two applications though.

1. Installation instructions:

1) Install gpg-mailgate.
2) Create a MySQL database for gpg-mailgate.
a) Schema file is located in schema.sql
b) Database name and account goes in /etc/gpg-mailgate.conf (and set enabled = yes)
3) Copy the contents of public_html to your web directory.
4) Move config.sample.php to config.php and edit the configuration file.
5) Copy cron.py to /usr/local/bin/gpgmw-cron.py and set up a cron job
a) Create /etc/cron.d/gpgmw with the contents:

*/3 * * * * nobody /usr/bin/python /usr/local/bin/gpgmw-cron.py > /dev/null

6) Ensure that cron is working and test your new gpg-mailgate-web installation!


2. Adding rudimentary HKP Keyserver functionality for submitting public keys from the GPG client

(so far only implemented and tested with lighttpd - basically you just need to make your http server
listen on port 11371, redirect it to your gpg-mailgate-web directory and add a rewrite rule to catch
'pks/add' in the URI)

1) add the following lines to your lighttp.conf file and change the path to your gpg-mailgate-web directory

server.reject-expect-100-with-417 = "disable"

$SERVER["socket"] == ":11371" {
server.document-root = "/var/www/gpgmw"
setenv.add-response-header = ( "Via" => "1.1 yourserver.tld:11371 (lighttpd)" )
accesslog.filename = "/var/log/lighttpd/hkp-access.log"
url.rewrite-once = ( "^/pks/(.*)" => "/index.php?/pks/$1" )

2) reload lighttpd: /etc/init.d/lighttpd restart
3) in the index.php add the following line after the other required_once(...) lines:


4) change the constants in the include/phphkp.php file!

5) check if it works with a GPG client of your choice pushing a public key to your server's
domain or IP

(HTTP request to http://yourserver.tld:11371/pks/add with the public key in a POST variable 'keytext')