zeyple icon indicating copy to clipboard operation
zeyple copied to clipboard

Published 20 hours ago verified publisher icon infertux

sign outgoing Mails

Open bastelfreak opened this issue 12 years ago • 10 comments
trafficstars

Hi,

first of all, thanks for the script, it's working great :)

Would it be possible to not only crypt outgoing mails but also sign them? I tried by myself to implement that feature, but unfortunately I've no clue about python.

bastelfreak avatar Aug 18 '13 19:08 bastelfreak

I'm not sure about adding this feature. That would mean having your private GPG key and its password stored on the server. I guess you could generate one key per server and revoke them should the server be compromised. But still, it doesn't sound really safe to me.

I'd like to add some sort of signing though to ensure integrity (i.e. make sure the message has not been tampered between the server and you).

What do you think? Did you have a better way of handling this issue in mind?

infertux avatar Aug 19 '13 10:08 infertux

It should be no probem to sign the emails with a key + passphrases that's stored on the server if every server gets a own key. If someone breaks into my server I've probably bigger problems then a compromised key. Also I could store the revocation keys on my local maschine or keepass container.

bastelfreak avatar Aug 19 '13 19:08 bastelfreak

That makes sense. Adding this to the roadmap for release 0.4.

infertux avatar Sep 16 '13 12:09 infertux

awesome, thanks.

bastelfreak avatar Sep 16 '13 13:09 bastelfreak

This sounds really useful to me if it gets implemented, kudos for the great project.

stephenjamieson avatar Mar 30 '14 04:03 stephenjamieson

Hi infertux,

do you have any new infos about release 0.4?

On 30.03.2014 06:31, stephenjamieson wrote:

This sounds really useful to me if it gets implemented, kudos for the great project.

Reply to this email directly or view it on GitHub: https://github.com/infertux/zeyple/issues/5#issuecomment-39017383

bastelfreak avatar Mar 31 '14 10:03 bastelfreak

Sorry for the delay @bastelfreak and @stephenjamieson, I can't seem to find the time to work on this project lately. I reckon release 0.4 is at least one month away. I'd happily give commit access to anyone willing to contribute.

infertux avatar Apr 03 '14 03:04 infertux

I'm currently not able to write usefull python code, also the gpg library is bretty hard to understand ( or I used the wrong docs). Need to lern python for my job anyway, will let you know if I'm able to contribute in the future.

bastelfreak avatar Jan 06 '15 15:01 bastelfreak

Hey guys, no update on this one yet? It seems like signing is a tough nut to crack. I have tried implementing Context.encrypt_sign but have been hitting the wall with that one. @infertux any chance you'll be able to look into this any time soon?

kaosmonk avatar Nov 30 '19 00:11 kaosmonk