[Bug 8897] New: Optional GnuPG encryption of outgoing emails
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Priority: P5 - low Change sponsored?: --- Bug ID: 8897 Assignee: mirko@abunchofthings.net Summary: Optional GnuPG encryption of outgoing emails Severity: enhancement Classification: Unclassified OS: All Reporter: mirko@abunchofthings.net Hardware: All Status: NEW Version: rel_3_12 Component: Notices Product: Koha Koha should have an option to encrypt outgoing emails with GnuPG. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #1 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 12763 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=12763&action=edit Bug 8897 [ENH] Optional GnuPG encryption of outgoing emails This enhancement allows GnuPG encryption of emails sent by Koha. Initial patch with some basic functionality. TODO: key management, attachments … -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |In Discussion --- Comment #2 from Mirko Tietgen <mirko@abunchofthings.net> --- To try the initial patch you would need - install gnupg and libcrypt-gpg-perl - add a keypair to GnuPG for your KohaAdminEmailAddress - add a key for your test patron (or use the same email as KohaAdminEmailAddress) - set EnhancedMessagingPreferences to 'allow' - set messaging preferences for your test patron to send emails for check-in and checkout - set GnuPG prefs: GnuPGPassphrase is the passphrase for your admin key, also enables the feature GnuPGPath is the path to gnupg. Standard on Debian is default: '/usr/bin/gpg' - check one thing out - check SQL: SELECT * FROM message_queue WHERE to_address = <testpatronemailaddress>; - observe that 'content' is encrypted, 'metadata' (next field) shows one entry (encryption of add) - check in and out more stuff - check SQL again, observe that 'content' is still encrypted while 'metadata' is gettign filled with more items checked in and checked out (encryption of append) -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #3 from Mirko Tietgen <mirko@abunchofthings.net> --- I forgot to say you need to add the keys as the Koha linux user (like koha-koha in a package installation) to be available to Koha. Also your admin key must be trusted. You could just copy over your .gnupg folder. Or you can do it the hard way: export keypair from your installation, copy to a file. Add on the command line with 'gpg --import filename' then get it's 'long key id' with 'gpg --list-keys --with-colons <key_id>' and trust it with 'gpg --trustedkey <long key id>' Or you wait until Koha can do that ;) -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #12763|0 |1 is obsolete| | --- Comment #4 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 12991 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=12991&action=edit Bug 8897 [ENH] Optional GnuPG encryption of outgoing emails This enhancement allows GnuPG encryption of emails sent by Koha. Initial patch with some basic functionality. TODO: key management, attachments … -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #12991|0 |1 is obsolete| | --- Comment #5 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 12992 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=12992&action=edit Bug 8897 [ENH] Optional GnuPG encryption of outgoing emails This enhancement allows GnuPG encryption of emails sent by Koha. Initial patch with some basic functionality. TODO: key management, attachments … -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #12992|0 |1 is obsolete| | --- Comment #6 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 12993 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=12993&action=edit Bug 8897 [ENH] Optional GnuPG encryption of outgoing emails This enhancement allows GnuPG encryption of emails sent by Koha. Initial patch with some basic functionality. TODO: key management, attachments … -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #12993|0 |1 is obsolete| | --- Comment #7 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 13954 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=13954&action=edit Bug 8897 [ENH] Optional GnuPG encryption of outgoing emails This enhancement allows GnuPG encryption of emails sent by Koha. Initial patch with some basic functionality. TODO: key management, attachments … rebased to master -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #8 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 13955 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=13955&action=edit Bug 8897 [ENH] Followup: add Icons to indicate encryption Adds icons to opac-userupdate.pl email fields indicating whether a GnuPG key is available for the respective email address. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #13955|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #13955|1 |0 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Robin Sheat <robin@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |robin@catalyst.net.nz --- Comment #9 from Robin Sheat <robin@catalyst.net.nz> --- This is interesting and I like it. However, why is it necessary to set a passphrase? To encrypt a message to a person, all you need is their key, you don't need your own one. To sign a message, you need a passphrase, but it's not documented as to whether that's happening or not. Also, the C4::GnuPG module should probably be moved to the Koha:: namespace and made nice and OO-ey. I'd like to see (in the future, this is a good beginning) the ability for users to attach their own keys. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #10 from Mirko Tietgen <mirko@abunchofthings.net> --- Hey Robin, thanks a lot for your comment. Good point about the passphrase, that seems worth considering. I am not too happy about putting it in the database. Some form of key management (let users enter their public keys) is supposed to be the next thing I'll be doing when I have some time to work on this. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Galen Charlton <gmcharlt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gmcharlt@gmail.com --- Comment #11 from Galen Charlton <gmcharlt@gmail.com> --- (In reply to Robin Sheat from comment #9)
This is interesting and I like it.
Question: is there any evidence that there actually exist patron communities that care enough to have actively requested encryption of outgoing library emails? I understand the reasons for adding this feature, particularly in light of recent political events, but I must confess to some doubt as to whether this would be used by anybody other than other Koha hackers. My question shouldn't be construed as a blocker. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #12 from Mirko Tietgen <mirko@abunchofthings.net> --- Hi Galen, thanks for having a look at this bug. I do not know of communities requesting this so far. But - as a library user, I would like to have the option - as a Koha developer, I would like to be able to offer people the option What I would like to look into once I have the time (will take a little while unfortunately) is - possibly change to openpgpjs (http://openpgpjs.org/) - see if outgoing encryption without a library key (as discussed above) is feasible That would make it possible for the individual user to decide if s/he prefers to receive encrypted emails without any interaction with or setup needs of the library (no key generation etc.). -- Just upload your public key to opt in. I do have libraries in mind that I assume would like to offer this feature to their users, but since this is still in an early stage I have not approached them regarding testing yet. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #13 from Robin Sheat <robin@catalyst.net.nz> --- I don't think you could use a JS library for this unless you ran the JS server-side. You can't send an email to their browser, have it encrypt it, and send it back. As for the passphrase stuff, you definitely can encrypt without a passphrase: $ gpg -a --encrypt --trust-model always -r 4BE030B3 This is a message. -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.12 (GNU/Linux) hQIOA07aRfuO76ueEAgAnjpAVlVtyfOpEUSest9ESwNDkwANu6DGNBEygkClBmDj ACCU22Yx8IIgV6zPfnT0W4rfndR3oUpel9mBnmGOFLKHPEY+FlZbCXtzHj6jqMGA ... You could have the server having its own passphrase if you wanted to sign things, but I'd consider that a less important thing, at least initially. I think as libraries tend to be fairly privacy-minded, this is something that they probably don't know they want. It's also a good argument against other software, "unlike that one, Koha really cares about user's privacy!" :) -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #14 from Mirko Tietgen <mirko@abunchofthings.net> --- I was thinking to have the JS server-side, like we have jquery in Koha. Would that be a problem? I think it does not break the "OPAC needs to work without JS" rule as it is not a core functionality. We allow local JS in the OPAC too. About using a library key/passphrase, I'm not sure if you would have situations where you need to decrypt messages, add stuff and encrypt them again before sending the email. I vaguely remember that is done, have not looked at the code in a while. You should be able to circumvent that with encryption at the very last moment of course if it does not matter the messages are stored unencrypted in the DB until then. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #15 from Robin Sheat <robin@catalyst.net.nz> --- (In reply to Mirko Tietgen from comment #14)
I was thinking to have the JS server-side, like we have jquery in Koha.
But jquery runs client side. It doesn't make sense to run this client side, as email generation happens without the interaction of a browser.
Would that be a problem? I think it does not break the "OPAC needs to work without JS" rule as it is not a core functionality. We allow local JS in the OPAC too.
I just can't see a place where encryption from the OPAC is something that's generally useful. We don't send emails from there.
About using a library key/passphrase, I'm not sure if you would have situations where you need to decrypt messages, add stuff and encrypt them again before sending the email.
No, once they're added to the message queue, I don't think anything more happens to them. They wouldn't be encrypted while working their way through the running process, they'd presumably get encrypted just before putting them in the queue (but I haven't looked at your code in forever.) -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #16 from Mirko Tietgen <mirko@abunchofthings.net> --- (In reply to Robin Sheat from comment #15)
(In reply to Mirko Tietgen from comment #14)
I was thinking to have the JS server-side, like we have jquery in Koha.
But jquery runs client side. It doesn't make sense to run this client side, as email generation happens without the interaction of a browser.
True. I will look into that when i have more time to see if it is possible. I have only used the JS an afternoon so far.
Would that be a problem? I think it does not break the "OPAC needs to work without JS" rule as it is not a core functionality. We allow local JS in the OPAC too.
I just can't see a place where encryption from the OPAC is something that's generally useful. We don't send emails from there.
Oh you are right of course, the only thing that needs to be done from the OPAC is to offer patrons a field to enter the public key. My bad.
About using a library key/passphrase, I'm not sure if you would have situations where you need to decrypt messages, add stuff and encrypt them again before sending the email.
No, once they're added to the message queue, I don't think anything more happens to them. They wouldn't be encrypted while working their way through the running process, they'd presumably get encrypted just before putting them in the queue (but I haven't looked at your code in forever.)
I think there is an update sometimes when the same action is repeated, to only send one email about it covering all instances of that actions. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #17 from Robin Sheat <robin@catalyst.net.nz> --- (In reply to Mirko Tietgen from comment #16)
I think there is an update sometimes when the same action is repeated, to only send one email about it covering all instances of that actions.
Ah right, I assume that it doesn't go and read the email back though, because that'd be weird. Really, it'd be best if it put events in to a queue and when the newest was 15 minutes old or more, it batched them into a digest and sent them. That might be what it does, I don't know. A conversation for a different bug, anyway. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Liz Rea <wizzyrea@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wizzyrea@gmail.com --- Comment #18 from Liz Rea <wizzyrea@gmail.com> --- Yes, the issue and return emails function on a delay - they could not be encrypted until they were leaving the server, as they wouldn't be complete yet. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #19 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 19820 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=19820&action=edit Bug 8897 [ENH] GPG Mail encryption -- New version Koha should offer patrons the option to receive their emails encrypted. This patch adds a dialog to the user interface (OPAC side) for patrons to add or delete a GPG public key. The key is directly added to or deleted from gpg (gnupg needs to be installed, binary expected at /usr/bin/gpg). This feature does not require sysadmins/librarians to do anything as long as the gpg binary if found. So far, mails are encrypted if a key for the recipient is avaliable - when sending lists or carts (encryption of email text + attachment) - when mails are sent through the message queue - … Missing so far: - hide public key interface from OPAC/userdetails when no binary is found - de-hardcode path to gpg (syspref) - deal with BCC mails (send message explaining that an encrypted email has been send to the patron instead of a BCC) - … Maybe later: - library-side key management: secret key for signing - encryption of emails from library to vendors - … -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mirko@abunchofthings.net -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #13954|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #13955|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #19820|0 |1 is obsolete| | --- Comment #20 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 19823 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=19823&action=edit Bug 8897 [ENH] GPG Mail encryption -- New version Koha should offer patrons the option to receive their emails encrypted. This patch adds a dialog to the user interface (OPAC side) for patrons to add or delete a GPG public key. The key is directly added to or deleted from gpg (gnupg needs to be installed, binary expected at /usr/bin/gpg). This feature does not require sysadmins/librarians to do anything as long as the gpg binary if found. So far, mails are encrypted if a key for the recipient is avaliable - when sending lists or carts (encryption of email text + attachment) - when mails are sent through the message queue - … Missing so far: - hide public key interface from OPAC/userdetails when no binary is found - de-hardcode path to gpg (syspref) - deal with BCC mails (send message explaining that an encrypted email has been send to the patron instead of a BCC) - … Maybe later: - library-side key management: secret key for signing - encryption of emails from library to vendors - … Bug 8897 [ENH] Follow-up: missing files I missed to add the opac-gnupg.pl and .tt files -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #19823|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #19823|1 |0 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #21 from Robin Sheat <robin@catalyst.net.nz> --- The path shouldn't be a syspref, it doesn't make sense. Library staff shouldn't be touching it. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #19823|0 |1 is obsolete| | --- Comment #22 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 19835 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=19835&action=edit Bug 8897 [ENH] GPG Mail encryption -- New version Koha should offer patrons the option to receive their emails encrypted. This patch adds a dialog to the user interface (OPAC side) for patrons to add or delete a GPG public key. The key is directly added to or deleted from gpg (gnupg needs to be installed, binary expected at /usr/bin/gpg). This feature does not require sysadmins/librarians to do anything as long as the gpg binary if found. So far, mails are encrypted if a key for the recipient is avaliable - when sending lists or carts (encryption of email text + attachment) - when mails are sent through the message queue - … Missing so far: - hide public key interface from OPAC/userdetails when no binary is found - de-hardcode path to gpg (syspref) - deal with BCC mails (send message explaining that an encrypted email has been send to the patron instead of a BCC) - … Maybe later: - library-side key management: secret key for signing - encryption of emails from library to vendors - … Test plan: -apply patch * Add/delete key: - in OPAC, log in as a user you got GPG kes for (primary email needs to match the key) - go to user details, email encryption - paste your public key into the form, save. when the page reloads, your key should be displayed in the form and a delete button at the bottom. in the terminal (as the koha-user!), do 'gpg --list-keys' and verify the key you just added is present - press the delete button under the form. on reload the form should be empty and your key gone. verify with (as the koha user) 'gpg --list-keys' in the terminal. - paste your key into the form again and save to do the following tests. * Encrypted cart emails - do a search, save a record in the the cart. open the cart, send it to the adress you added the key for. - check if the mail you receive has encrypted text and an encrypted attachment - decrypt both the text and the attachment, check if they are what you would expect * Encrypted list emails - if you do not have any lists, set up one with one record. - open the list from the opac, send it to you. enter the address you just added the key for - check that the mail you receive has encrypted text and an encrypted attachment. - decrypt both the text and the attachment, check if they are what you would expect * Encrypted message queue emails - check some items in and out for the patron you added the key for - wait for the message queue cronjob to run or run it manually - check if the email(s) you receive are encrypted and after decryption contain what you would expect Check all this again with another patron (without a gpg key) or use the same but delete the key before. Check that all mails and attachments are unencrypted and contain what you would expect (nothing is broken). If all that works for you, sign off the patch. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Discussion |Needs Signoff --- Comment #23 from Mirko Tietgen <mirko@abunchofthings.net> --- Robin: I was thinking of a case where the binary is in another place for some reasons. I agree that staff should not interfere with it. What other options are there? Make the Sysadmin put a symlink? Found the problem I had (needed to allow encryption with untrusted keys) and fixed some other small errors, I think it is ready for the first tests. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #19835|0 |1 is obsolete| | --- Comment #24 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 19836 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=19836&action=edit Bug 8897 [ENH] GPG Mail encryption -- New version Koha should offer patrons the option to receive their emails encrypted. This patch adds a dialog to the user interface (OPAC side) for patrons to add or delete a GPG public key. The key is directly added to or deleted from gpg (gnupg needs to be installed, binary expected at /usr/bin/gpg). This feature does not require sysadmins/librarians to do anything as long as the gpg binary if found. So far, mails are encrypted if a key for the recipient is avaliable - when sending lists or carts (encryption of email text + attachment) - when mails are sent through the message queue - … Missing so far: - hide public key interface from OPAC/userdetails when no binary is found - de-hardcode path to gpg (syspref) - deal with BCC mails (send message explaining that an encrypted email has been send to the patron instead of a BCC) - … Maybe later: - library-side key management: secret key for signing - encryption of emails from library to vendors - … Test plan: -apply patch * Add/delete key: - in OPAC, log in as a user you got GPG kes for (primary email needs to match the key) - go to user details, email encryption - paste your public key into the form, save. when the page reloads, your key should be displayed in the form and a delete button at the bottom. in the terminal (as the koha-user!), do 'gpg --list-keys' and verify the key you just added is present - press the delete button under the form. on reload the form should be empty and your key gone. verify with (as the koha user) 'gpg --list-keys' in the terminal. - paste your key into the form again and save to do the following tests. * Encrypted cart emails - do a search, save a record in the the cart. open the cart, send it to the adress you added the key for. - check if the mail you receive has encrypted text and an encrypted attachment - decrypt both the text and the attachment, check if they are what you would expect * Encrypted list emails - if you do not have any lists, set up one with one record. - open the list from the opac, send it to you. enter the address you just added the key for - check that the mail you receive has encrypted text and an encrypted attachment. - decrypt both the text and the attachment, check if they are what you would expect * Encrypted message queue emails - check some items in and out for the patron you added the key for - wait for the message queue cronjob to run or run it manually - check if the email(s) you receive are encrypted and after decryption contain what you would expect Check all this again with another patron (without a gpg key) or use the same but delete the key before. Check that all mails and attachments are unencrypted and contain what you would expect (nothing is broken). If all that works for you, sign off the patch. Bug 8897 Follow-up - fix file header fixes the copyright header for opac-gnupg.pl -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #25 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 19840 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=19840&action=edit Bug 8897 Follow-up: add Crypt:GPG dependency this patch adds the perl module Crypt::GPG and the resp. package libcrypt-gpg-perl to PerlDependences.pm, debian/control and the debian and ubuntu package files -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #26 from Robin Sheat <robin@catalyst.net.nz> --- The best option would probably be to search $PATH. For dependencies, don't forget debian/control.in. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #19836|0 |1 is obsolete| | --- Comment #27 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 19872 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=19872&action=edit Bug 8897 [ENH] GPG Mail encryption -- New version Koha should offer patrons the option to receive their emails encrypted. This patch adds a dialog to the user interface (OPAC side) for patrons to add or delete a GPG public key. The key is directly added to or deleted from gpg (gnupg needs to be installed, binary expected at /usr/bin/gpg). This feature does not require sysadmins/librarians to do anything as long as the gpg binary if found. So far, mails are encrypted if a key for the recipient is avaliable - when sending lists or carts (encryption of email text + attachment) - when mails are sent through the message queue - … Missing so far: - hide public key interface from OPAC/userdetails when no binary is found - de-hardcode path to gpg (syspref) - deal with BCC mails (send message explaining that an encrypted email has been send to the patron instead of a BCC) - … Maybe later: - library-side key management: secret key for signing - encryption of emails from library to vendors - … Test plan: -apply patch * Add/delete key: - in OPAC, log in as a user you got GPG kes for (primary email needs to match the key) - go to user details, email encryption - paste your public key into the form, save. when the page reloads, your key should be displayed in the form and a delete button at the bottom. in the terminal (as the koha-user!), do 'gpg --list-keys' and verify the key you just added is present - press the delete button under the form. on reload the form should be empty and your key gone. verify with (as the koha user) 'gpg --list-keys' in the terminal. - paste your key into the form again and save to do the following tests. * Encrypted cart emails - do a search, save a record in the the cart. open the cart, send it to the adress you added the key for. - check if the mail you receive has encrypted text and an encrypted attachment - decrypt both the text and the attachment, check if they are what you would expect * Encrypted list emails - if you do not have any lists, set up one with one record. - open the list from the opac, send it to you. enter the address you just added the key for - check that the mail you receive has encrypted text and an encrypted attachment. - decrypt both the text and the attachment, check if they are what you would expect * Encrypted message queue emails - check some items in and out for the patron you added the key for - wait for the message queue cronjob to run or run it manually - check if the email(s) you receive are encrypted and after decryption contain what you would expect Check all this again with another patron (without a gpg key) or use the same but delete the key before. Check that all mails and attachments are unencrypted and contain what you would expect (nothing is broken). If all that works for you, sign off the patch. Squashed a few minor changes. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #19840|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #28 from Mirko Tietgen <mirko@abunchofthings.net> --- You can also test the encryption of subscription alerts if you apply bug 10621 before this patch. See description there to trigger a subscription alert. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Jared Camins-Esakov <jcamins@cpbibliography.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Patch doesn't apply --- Comment #29 from Jared Camins-Esakov <jcamins@cpbibliography.com> --- There is a small conflict in C4::Letter that I am not sure how to resolve. Does the from e-mail address have to be the patron's e-mail address for GPG to work? It seems to me we'd prefer it to be the library's e-mail address, if one is set, but I presume there's a reason for the change in the patch, so I wanted to ask for feedback on it. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #30 from Jared Camins-Esakov <jcamins@cpbibliography.com> --- Additionally, it looks like there are no unit tests. Is it possible to unit test C4::GnuPG? Finally, and this is a definite blocker, it looks like C4::GnuPG is initialized with file-level my variables: +my $gpg = new Crypt::GPG; +$gpg->gpgbin('/usr/bin/gpg'); +$gpg->encryptsafe(0); # we have to allow untrusted keys This will not work well with persistent environments like Plack. The my could be changed to our, but even better would be changing the way initialization is handled such that a file-level variable is unnecessary. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #31 from Mirko Tietgen <mirko@abunchofthings.net> --- (In reply to Jared Camins-Esakov from comment #29)
There is a small conflict in C4::Letter that I am not sure how to resolve. Does the from e-mail address have to be the patron's e-mail address for GPG to work? It seems to me we'd prefer it to be the library's e-mail address, if one is set, but I presume there's a reason for the change in the patch, so I wanted to ask for feedback on it.
I found the problem with the wrong address while I was working on this and fixed it in Bug 10621 instead of here. I had initially fixed it in this bug and then un-did it to have the seperate entry. I will change the patch when I have a little more time, the old behaviour should not be reimplemented by this patch. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #19872|0 |1 is obsolete| | --- Comment #32 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 21235 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21235&action=edit Bug 8897 [ENH] GPG Mail encryption -- New version Koha should offer patrons the option to receive their emails encrypted. This patch adds a dialog to the user interface (OPAC side) for patrons to add or delete a GPG public key. The key is directly added to or deleted from gpg (gnupg needs to be installed, binary expected at /usr/bin/gpg). This feature does not require sysadmins/librarians to do anything as long as the gpg binary if found. So far, mails are encrypted if a key for the recipient is avaliable - when sending lists or carts (encryption of email text + attachment) - when mails are sent through the message queue - … Missing so far: - hide public key interface from OPAC/userdetails when no binary is found - de-hardcode path to gpg (syspref) - deal with BCC mails (send message explaining that an encrypted email has been send to the patron instead of a BCC) - … Maybe later: - library-side key management: secret key for signing - encryption of emails from library to vendors - … Test plan: -apply patch * Add/delete key: - in OPAC, log in as a user you got GPG kes for (primary email needs to match the key) - go to user details, email encryption - paste your public key into the form, save. when the page reloads, your key should be displayed in the form and a delete button at the bottom. in the terminal (as the koha-user!), do 'gpg --list-keys' and verify the key you just added is present - press the delete button under the form. on reload the form should be empty and your key gone. verify with (as the koha user) 'gpg --list-keys' in the terminal. - paste your key into the form again and save to do the following tests. * Encrypted cart emails - do a search, save a record in the the cart. open the cart, send it to the adress you added the key for. - check if the mail you receive has encrypted text and an encrypted attachment - decrypt both the text and the attachment, check if they are what you would expect * Encrypted list emails - if you do not have any lists, set up one with one record. - open the list from the opac, send it to you. enter the address you just added the key for - check that the mail you receive has encrypted text and an encrypted attachment. - decrypt both the text and the attachment, check if they are what you would expect * Encrypted message queue emails - check some items in and out for the patron you added the key for - wait for the message queue cronjob to run or run it manually - check if the email(s) you receive are encrypted and after decryption contain what you would expect Check all this again with another patron (without a gpg key) or use the same but delete the key before. Check that all mails and attachments are unencrypted and contain what you would expect (nothing is broken). If all that works for you, sign off the patch. Squashed a few minor changes. Bug 8897 Follow-up: plack fix -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Patch doesn't apply |Needs Signoff --- Comment #33 from Mirko Tietgen <mirko@abunchofthings.net> ---
Finally, and this is a definite blocker, it looks like C4::GnuPG is initialized with file-level my variables:
+my $gpg = new Crypt::GPG; +$gpg->gpgbin('/usr/bin/gpg'); +$gpg->encryptsafe(0); # we have to allow untrusted keys
This will not work well with persistent environments like Plack. The my could be changed to our, but even better would be changing the way initialization is handled such that a file-level variable is unnecessary.
The initialization id required by the perl dependency. I have changed it to our. I have also rebased and resolved the conflict in Letters.pm. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #34 from Mirko Tietgen <mirko@abunchofthings.net> --- "The initialization is required"… (typo) -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 I'm just a bot <gitbot@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gitbot@bugs.koha-community. | |org When did the bot| |2013-09-24 last check this| | --- Comment #35 from I'm just a bot <gitbot@bugs.koha-community.org> --- Patch applied cleanly, go forth and signoff -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 I'm just a bot <gitbot@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Patch doesn't apply When did the bot|2013-09-24 00:00:00 |2013-10-25 last check this| | --- Comment #36 from I'm just a bot <gitbot@bugs.koha-community.org> --- Applying: Bug 8897 [ENH] GPG Mail encryption -- New version Using index info to reconstruct a base tree... M C4/Installer/PerlDependencies.pm M C4/Letters.pm M debian/control M install_misc/debian.packages M opac/opac-sendshelf.pl Falling back to patching base and 3-way merge... Auto-merging opac/opac-sendshelf.pl CONFLICT (content): Merge conflict in opac/opac-sendshelf.pl Auto-merging install_misc/debian.packages Auto-merging debian/control CONFLICT (content): Merge conflict in debian/control Auto-merging C4/Letters.pm CONFLICT (content): Merge conflict in C4/Letters.pm Auto-merging C4/Installer/PerlDependencies.pm CONFLICT (content): Merge conflict in C4/Installer/PerlDependencies.pm Patch failed at 0001 Bug 8897 [ENH] GPG Mail encryption -- New version The copy of the patch that failed is found in: /home/christopher/git/koha/.git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #37 from David Cook <dcook@prosentient.com.au> --- I think this would be a great addition to Koha. As Galen mentioned, I'm not sure how many libraries would want this, but as Robin (I think) mentioned, they probably just don't know they want this yet. I suppose I rather Koha be a forerunner rather than playing catch-up when it comes to encryption. P.S. It does give me an excuse to finally play with GPG... -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 M. Tompsett <mtompset@hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Patch doesn't apply |In Discussion -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 M. Tompsett <mtompset@hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #21235|0 |1 is obsolete| | --- Comment #38 from M. Tompsett <mtompset@hotmail.com> --- Created attachment 27296 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=27296&action=edit Bug 8897 [ENH] GPG Mail encryption -- New version Koha should offer patrons the option to receive their emails encrypted. This patch adds a dialog to the user interface (OPAC side) for patrons to add or delete a GPG public key. The key is directly added to or deleted from gpg (gnupg needs to be installed, binary expected at /usr/bin/gpg). This feature does not require sysadmins/librarians to do anything as long as the gpg binary if found. So far, mails are encrypted if a key for the recipient is avaliable - when sending lists or carts (encryption of email text + attachment) - when mails are sent through the message queue - ... Missing so far: - hide public key interface from OPAC/userdetails when no binary is found - de-hardcode path to gpg (syspref) - deal with BCC mails (send message explaining that an encrypted email has been send to the patron instead of a BCC) - ... Maybe later: - library-side key management: secret key for signing - encryption of emails from library to vendors - ... Test plan: -apply patch * Add/delete key: - in OPAC, log in as a user you got GPG kes for (primary email needs to match the key) - go to user details, email encryption - paste your public key into the form, save. when the page reloads, your key should be displayed in the form and a delete button at the bottom. in the terminal (as the koha-user!), do 'gpg --list-keys' and verify the key you just added is present - press the delete button under the form. on reload the form should be empty and your key gone. verify with (as the koha user) 'gpg --list-keys' in the terminal. - paste your key into the form again and save to do the following tests. * Encrypted cart emails - do a search, save a record in the the cart. open the cart, send it to the adress you added the key for. - check if the mail you receive has encrypted text and an encrypted attachment - decrypt both the text and the attachment, check if they are what you would expect * Encrypted list emails - if you do not have any lists, set up one with one record. - open the list from the opac, send it to you. enter the address you just added the key for - check that the mail you receive has encrypted text and an encrypted attachment. - decrypt both the text and the attachment, check if they are what you would expect * Encrypted message queue emails - check some items in and out for the patron you added the key for - wait for the message queue cronjob to run or run it manually - check if the email(s) you receive are encrypted and after decryption contain what you would expect Check all this again with another patron (without a gpg key) or use the same but delete the key before. Check that all mails and attachments are unencrypted and contain what you would expect (nothing is broken). If all that works for you, sign off the patch. Squashed a few minor changes. Bug 8897 Follow-up: plack fix NOTE: I rebased this so it applies nicely. I'm setting into 'In Discussion', so the original author can rebase himself or confirm this is good. I found the following: - Bug 8368 (only a couple days after the last rebase) patch (recoded the line, for the first conflict -- New version is correct) (renamed shelf to list, for the second conflict -- Second version is this patch) - Bug 11124 triggers a conflict in C4/Installer/PerlDependencies.pm - Bug 9611 also affected C4/Installer/PerlDependencies.pm and debian/control - Bug 5544 added code which caused a conflict for C4/Letter. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #39 from Mirko Tietgen <mirko@abunchofthings.net> --- (In reply to M. Tompsett from comment #38)
NOTE: I rebased this so it applies nicely. I'm setting into 'In Discussion', so the original author can rebase himself or confirm this is good.
Thanks Mark for the rebase! I wasn't aware you did that and wondered why my rebase was much easier than expected now :) I will add an up-to-date version with changes for bootstrap once I figure out how to make git bz and the new bugzilla version friends again, can't submit anything atm. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #27296|0 |1 is obsolete| | --- Comment #40 from Mirko Tietgen <mirko@abunchofthings.net> --- Created attachment 46640 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=46640&action=edit Bug 8897 [ENH] GPG Mail encryption -- New version Koha should offer patrons the option to receive their emails encrypted. This patch adds a dialog to the user interface (OPAC side) for patrons to add or delete a GPG public key. The key is directly added to or deleted from gpg (gnupg needs to be installed, binary expected at /usr/bin/gpg). This feature does not require sysadmins/librarians to do anything as long as the gpg binary if found. So far, mails are encrypted if a key for the recipient is avaliable - when sending lists or carts (encryption of email text + attachment) - when mails are sent through the message queue - ... Missing so far: - hide public key interface from OPAC/userdetails when no binary is found - de-hardcode path to gpg (syspref) - deal with BCC mails (send message explaining that an encrypted email has been send to the patron instead of a BCC) - ... Maybe later: - library-side key management: secret key for signing - encryption of emails from library to vendors - ... Test plan: -apply patch * Add/delete key: - in OPAC, log in as a user you got GPG kes for (primary email needs to match the key) - go to user details, email encryption - paste your public key into the form, save. when the page reloads, your key should be displayed in the form and a delete button at the bottom. in the terminal (as the koha-user!), do 'gpg --list-keys' and verify the key you just added is present - press the delete button under the form. on reload the form should be empty and your key gone. verify with (as the koha user) 'gpg --list-keys' in the terminal. - paste your key into the form again and save to do the following tests. * Encrypted cart emails - do a search, save a record in the the cart. open the cart, send it to the adress you added the key for. - check if the mail you receive has encrypted text and an encrypted attachment - decrypt both the text and the attachment, check if they are what you would expect * Encrypted list emails - if you do not have any lists, set up one with one record. - open the list from the opac, send it to you. enter the address you just added the key for - check that the mail you receive has encrypted text and an encrypted attachment. - decrypt both the text and the attachment, check if they are what you would expect * Encrypted message queue emails - check some items in and out for the patron you added the key for - wait for the message queue cronjob to run or run it manually - check if the email(s) you receive are encrypted and after decryption contain what you would expect Check all this again with another patron (without a gpg key) or use the same but delete the key before. Check that all mails and attachments are unencrypted and contain what you would expect (nothing is broken). If all that works for you, sign off the patch. Squashed a few minor changes. Bug 8897 Follow-up: plack fix NOTE: I rebased this so it applies nicely. I'm setting into 'In Discussion', so the original author can rebase himself or confirm this is good. I found the following: - Bug 8368 (only a couple days after the last rebase) patch (recoded the line, for the first conflict -- New version is correct) (renamed shelf to list, for the second conflict -- Second version is this patch) - Bug 11124 triggers a conflict in C4/Installer/PerlDependencies.pm - Bug 9611 also affected C4/Installer/PerlDependencies.pm and debian/control - Bug 5544 added code which caused a conflict for C4/Letter. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 --- Comment #41 from Mirko Tietgen <mirko@abunchofthings.net> --- Rebased. I will look into this soon, probably make a few changes and set it back to needs signoff -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |http://bugs.koha-community. | |org/bugzilla3/show_bug.cgi? | |id=15303 -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897 Mirko Tietgen <mirko@abunchofthings.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |http://bugs.koha-community. | |org/bugzilla3/show_bug.cgi? | |id=15540 -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org