71 lines
3.1 KiB
Plaintext
71 lines
3.1 KiB
Plaintext
gpg-mailgate-web
|
|
----------------
|
|
|
|
gpg-mailgate-web is a web interface designed to allow any web user
|
|
to upload their PGP public key and then have all mail sent via
|
|
your mail server be encrypted. (Note: this is not meant for email
|
|
authentication, only encryption.)
|
|
|
|
After submitting their key to a web form, the user will be required
|
|
to confirm their email address. A cron script will register the
|
|
public key with gpg-mailgate (keyhome_only must be set to no
|
|
currently, which is the default) after email confirmation. From
|
|
then on, email to the specified address will be encrypted with
|
|
the public key.
|
|
|
|
gpg-mailgate-web is useful for two purposes: for a transparent
|
|
PGP encryption layer in front of any web application, or simple as
|
|
a web interface for gpg-mailgate so that users on your mail server
|
|
can easily upload and change their PGP keys.
|
|
|
|
Note that all processing relating to the mail server is done via the
|
|
cron script. This means that gpg-mailgate and the gpgmw cron can
|
|
be installed on a different server from the web server. The MySQL
|
|
database must be shared between the two applications though.
|
|
|
|
1. Installation instructions:
|
|
|
|
1) Install gpg-mailgate.
|
|
2) Create a MySQL database for gpg-mailgate.
|
|
a) Schema file is located in schema.sql
|
|
b) Database name and account goes in /etc/gpg-mailgate.conf (and set enabled = yes)
|
|
3) Copy the contents of public_html to your web directory.
|
|
4) Move config.sample.php to config.php and edit the configuration file.
|
|
5) Copy cron.py to /usr/local/bin/gpgmw-cron.py and set up a cron job
|
|
a) Create /etc/cron.d/gpgmw with the contents:
|
|
|
|
*/3 * * * * nobody /usr/bin/python /usr/local/bin/gpgmw-cron.py > /dev/null
|
|
|
|
6) Ensure that cron is working and test your new gpg-mailgate-web installation!
|
|
|
|
----------------------------------------
|
|
|
|
2. Adding rudimentary HKP Keyserver functionality for submitting public keys from the GPG client
|
|
|
|
(so far only implemented and tested with lighttpd - basically you just need to make your http server
|
|
listen on port 11371, redirect it to your gpg-mailgate-web directory and add a rewrite rule to catch
|
|
'pks/add' in the URI)
|
|
|
|
1) add the following lines to your lighttp.conf file and change the path to your gpg-mailgate-web directory
|
|
|
|
server.reject-expect-100-with-417 = "disable"
|
|
|
|
$SERVER["socket"] == ":11371" {
|
|
server.document-root = "/var/www/gpgmw"
|
|
setenv.add-response-header = ( "Via" => "1.1 yourserver.tld:11371 (lighttpd)" )
|
|
accesslog.filename = "/var/log/lighttpd/hkp-access.log"
|
|
url.rewrite-once = ( "^/pks/(.*)" => "/index.php?/pks/$1" )
|
|
}
|
|
|
|
2) reload lighttpd: /etc/init.d/lighttpd restart
|
|
3) in the index.php add the following line after the other required_once(...) lines:
|
|
|
|
require_once("include/phphkp.php");
|
|
|
|
4) change the constants in the include/phphkp.php file!
|
|
|
|
5) check if it works with a GPG client of your choice pushing a public key to your server's
|
|
domain or IP
|
|
|
|
(HTTP request to http://yourserver.tld:11371/pks/add with the public key in a POST variable 'keytext')
|