From time to time you may wish to hide personal mail or mail that contains sensitive data from other people's eyes that might have access to your mailbox, too like on any freemail account or on machines where you are not the only root user.
Automatic and complete encryption of incoming mails including all attachments is actually quite simple if you use PGP/MIME (RFC 2015/3156). As I didn't find any tool to encrypt mail using PGP/MIME except MUAs like Mutt or Thunderbird with the Enigmail extension which don't work out for automatic encryption, I'll write here how I did it with procmail. You can use this procmail recipe to encrypt mail that you keep in your inbox or that you forward encrypted to a different mail address ... but you know how to use procmail, don't you ;-)?
:0 H
# modify your filter, which mails to encrypt, here:
* ^Subject: encryptme
{
MYHDRS=`formail -XContent-Type: -XContent-disposition: -XContent-transfer-encoding:`
:0 fh
| formail -I 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";boundary="MfFXiAuoTsnnDAfX"' -I Content-transfer-encoding: -I Content-disposition:
:0 fb
# replace with your PGP key ID here:
| { cat ~/.gpg-mime-start ; { echo "$MYHDRS" ; echo ; cat - ; } | gpg --batch --quiet --always-trust -a -e -r E8487A39; cat ~/.gpg-mime-end; }
}
The file .gpg-mime-start looks like this:
--MfFXiAuoTsnnDAfX Content-Type: application/pgp-encrypted Content-Disposition: attachment Version: 1 --MfFXiAuoTsnnDAfX Content-Type: application/octet-stream Content-Disposition: inline; filename="msg.asc"
Be aware there's an empty line at the end!
The file .gpg-mime-end looks like this:
--MfFXiAuoTsnnDAfX
Be aware there's an empty line at the beginning!
That's it. With the shell pipe magic used here encryption of mail with arbitrary size is possible. Now you have your mail encrypted in your mailbox and only you can read it. If you have a PGP/MIME aware mail user agent reading mails will still be as easy as it was before.
Bjoern Jacke |
|
| b j o e r n [at] j 3 e . d e |
|