gpg-lacre/gpg-mailgate-web
fkrone f7e3b16069 Changes to cron, register-handler, settings and templates:
- Cron now notifies user what happened (key successfully added/deleted or error)
- More options to customize templates
- Separating concepts in settings (S/MIME, templates)
- Register-handler now only informs on failed PGP submissions (reduce mails to user and false positive mails)
2015-01-31 16:08:12 +01:00
..
public_html Update index.php 2014-03-02 14:12:09 +01:00
cron.py Changes to cron, register-handler, settings and templates: 2015-01-31 16:08:12 +01:00
README Update README 2014-02-26 01:52:07 +01:00
schema.sql Initial commit for gpg-mailgate-web addition. 2013-09-26 19:40:27 -04:00

gpg-mailgate-web
----------------

gpg-mailgate-web is a web interface designed to allow any web user
  to upload their PGP public key and then have all mail sent via
  your mail server be encrypted. (Note: this is not meant for email
  authentication, only encryption.)

After submitting their key to a web form, the user will be required
  to confirm their email address. A cron script will register the
  public key with gpg-mailgate (keyhome_only must be set to no
  currently, which is the default) after email confirmation. From
  then on, email to the specified address will be encrypted with
  the public key.

gpg-mailgate-web is useful for two purposes: for a transparent
  PGP encryption layer in front of any web application, or simple as
  a web interface for gpg-mailgate so that users on your mail server
  can easily upload and change their PGP keys.

Note that all processing relating to the mail server is done via the
  cron script. This means that gpg-mailgate and the gpgmw cron can
  be installed on a different server from the web server. The MySQL
  database must be shared between the two applications though.

1. Installation instructions:

  1) Install gpg-mailgate.
  2) Create a MySQL database for gpg-mailgate.
    a) Schema file is located in schema.sql
    b) Database name and account goes in /etc/gpg-mailgate.conf (and set enabled = yes)
  3) Copy the contents of public_html to your web directory.
  4) Move config.sample.php to config.php and edit the configuration file.
  5) Copy cron.py to /usr/local/bin/gpgmw-cron.py and set up a cron job
    a) Create /etc/cron.d/gpgmw with the contents:
    
    */3 * * * * nobody /usr/bin/python /usr/local/bin/gpgmw-cron.py > /dev/null
  
  6) Ensure that cron is working and test your new gpg-mailgate-web installation!

----------------------------------------

2. Adding rudimentary HKP Keyserver functionality for submitting public keys from the GPG client

(so far only implemented and tested with lighttpd - basically you just need to make your http server
 listen on port 11371, redirect it to your gpg-mailgate-web directory and add a rewrite rule to catch
 'pks/add' in the URI)

  1) add the following lines to your lighttp.conf file and change the path to your gpg-mailgate-web directory
 
      server.reject-expect-100-with-417 = "disable"

      $SERVER["socket"] == ":11371" {
          server.document-root = "/var/www/gpgmw"
          setenv.add-response-header = ( "Via" => "1.1 yourserver.tld:11371 (lighttpd)" )
          accesslog.filename = "/var/log/lighttpd/hkp-access.log"
          url.rewrite-once = ( "^/pks/(.*)" => "/index.php?/pks/$1" )
      }

  2) reload lighttpd: /etc/init.d/lighttpd restart
  3) in the index.php add the following line after the other required_once(...) lines:
  
      require_once("include/phphkp.php");
  
  4) change the constants in the include/phphkp.php file!
  
  5) check if it works with a GPG client of your choice pushing a public key to your server's
     domain or IP
     
     (HTTP request to http://yourserver.tld:11371/pks/add with the public key in a POST variable 'keytext')