[Koha-bugs] [Bug 8897] Optional GnuPG encryption of outgoing emails

Sat Apr 19 05:51:15 CEST 2014

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897

M. Tompsett <mtompset at hotmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #21235|0                           |1
        is obsolete|                            |

--- Comment #38 from M. Tompsett <mtompset at hotmail.com> ---
Created attachment 27296
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=27296&action=edit
Bug 8897 [ENH] GPG Mail encryption -- New version

Koha should offer patrons the option to receive their emails encrypted.
This patch adds a dialog to the user interface (OPAC side) for patrons to add
or delete a GPG public key. The key is directly added to or deleted from gpg
(gnupg needs to be installed, binary expected at /usr/bin/gpg).

This feature does not require sysadmins/librarians to do anything as long as
the gpg binary if found.

So far, mails are encrypted if a key for the recipient is avaliable
- when sending lists or carts (encryption of email text + attachment)
- when mails are sent through the message queue
- ...

Missing so far:
- hide public key interface from OPAC/userdetails when no binary is found
- de-hardcode path to gpg (syspref)
- deal with BCC mails (send message explaining that an encrypted email has been
send to the patron instead of a BCC)
- ...

Maybe later:
- library-side key management: secret key for signing
- encryption of emails from library to vendors
- ...

Test plan:

-apply patch

* Add/delete key:
- in OPAC, log in as a user you got GPG kes for (primary email needs to match
the key)
- go to user details, email encryption
- paste your public key into the form, save. when the page reloads, your key
should be displayed in the form and a delete button at the bottom. in the
terminal (as the koha-user!), do 'gpg --list-keys' and verify the key you just
added is present
- press the delete button under the form. on reload the form should be empty
and your key gone. verify with (as the koha user) 'gpg --list-keys' in the
terminal.

- paste your key into the form again and save to do the following tests.

* Encrypted cart emails
- do a search, save a record in the the cart. open the cart, send it to the
adress you added the key for.
- check if the mail you receive has encrypted text and an encrypted attachment
- decrypt both the text and the attachment, check if they are what you would
expect

* Encrypted list emails
- if you do not have any lists, set up one with one record.
- open the list from the opac, send it to you. enter the address you just added
the key for
- check that the mail you receive has encrypted text and an encrypted
attachment.
- decrypt both the text and the attachment, check if they are what you would
expect

* Encrypted message queue emails
- check some items in and out for the patron you added the key for
- wait for the message queue cronjob to run or run it manually
- check if the email(s) you receive are encrypted and after decryption contain
what you would expect

Check all this again with another patron (without a gpg key) or use the same
but delete the key before. Check that all mails and attachments are unencrypted
and contain what you would expect (nothing is broken).

If all that works for you, sign off the patch.

Squashed a few minor changes.

Bug 8897 Follow-up: plack fix

NOTE: I rebased this so it applies nicely. I'm setting into
'In Discussion', so the original author can rebase himself or
confirm this is good. I found the following:

- Bug 8368 (only a couple days after the last rebase) patch
(recoded the line, for the first conflict -- New version is correct)
(renamed shelf to list, for the second conflict -- Second version is this
patch)
- Bug 11124 triggers a conflict in C4/Installer/PerlDependencies.pm
- Bug 9611 also affected C4/Installer/PerlDependencies.pm and debian/control
- Bug 5544 added code which caused a conflict for C4/Letter.

-- 
You are receiving this mail because:
You are watching all bug changes.