[Koha-bugs] [Bug 8897] Optional GnuPG encryption of outgoing emails

Thu Sep 19 14:01:32 CEST 2013

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897

Mirko Tietgen <mirko at abunchofthings.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #19872|0                           |1
        is obsolete|                            |

--- Comment #32 from Mirko Tietgen <mirko at abunchofthings.net> ---
Created attachment 21235
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21235&action=edit
Bug 8897 [ENH] GPG Mail encryption -- New version

Koha should offer patrons the option to receive their emails encrypted.
This patch adds a dialog to the user interface (OPAC side) for patrons to add
or delete a GPG public key. The key is directly added to or deleted from gpg
(gnupg needs to be installed, binary expected at /usr/bin/gpg).

This feature does not require sysadmins/librarians to do anything as long as
the gpg binary if found.

So far, mails are encrypted if a key for the recipient is avaliable
- when sending lists or carts (encryption of email text + attachment)
- when mails are sent through the message queue
- …

Missing so far:
- hide public key interface from OPAC/userdetails when no binary is found
- de-hardcode path to gpg (syspref)
- deal with BCC mails (send message explaining that an encrypted email has been
send to the patron instead of a BCC)
- …

Maybe later:
- library-side key management: secret key for signing
- encryption of emails from library to vendors
- …

Test plan:

-apply patch

* Add/delete key:
- in OPAC, log in as a user you got GPG kes for (primary email needs to match
the key)
- go to user details, email encryption
- paste your public key into the form, save. when the page reloads, your key
should be displayed in the form and a delete button at the bottom. in the
terminal (as the koha-user!), do 'gpg --list-keys' and verify the key you just
added is present
- press the delete button under the form. on reload the form should be empty
and your key gone. verify with (as the koha user) 'gpg --list-keys' in the
terminal.

- paste your key into the form again and save to do the following tests.

* Encrypted cart emails
- do a search, save a record in the the cart. open the cart, send it to the
adress you added the key for.
- check if the mail you receive has encrypted text and an encrypted attachment
- decrypt both the text and the attachment, check if they are what you would
expect

* Encrypted list emails
- if you do not have any lists, set up one with one record.
- open the list from the opac, send it to you. enter the address you just added
the key for
- check that the mail you receive has encrypted text and an encrypted
attachment.
- decrypt both the text and the attachment, check if they are what you would
expect

* Encrypted message queue emails
- check some items in and out for the patron you added the key for
- wait for the message queue cronjob to run or run it manually
- check if the email(s) you receive are encrypted and after decryption contain
what you would expect

Check all this again with another patron (without a gpg key) or use the same
but delete the key before. Check that all mails and attachments are unencrypted
and contain what you would expect (nothing is broken).

If all that works for you, sign off the patch.

Squashed a few minor changes.

Bug 8897 Follow-up: plack fix

-- 
You are receiving this mail because:
You are watching all bug changes.