[Koha-bugs] [Bug 8897] Optional GnuPG encryption of outgoing emails

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Sat Jan 30 20:41:34 CET 2016 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8897

--- Comment #42 from Mirko Tietgen <mirko at abunchofthings.net> ---
Working on this. Ported the template to Bootstrap, was broken before.
Struggling with PGP design flaws. If this is supposed to work without any
knowledge on the librarian side, there needs to be a way to prevent people from
"stealing a patrons identity".

Right now, patron uploads key, key will be used to encrypt emails to patron.
However, the connection 'patron' => 'key' is done by gpg:

- patron uploads public key
- (if previous key for email address exists, it is deleted)
- key is stored in gpg (keyring of the koha system user)

Let's say an attacker generates a key pair with patron's email address in the
UID and uploads it to the attacker's own user account. Patron's old key gets
deleted, the new one is used for patron's account.

Patron will find out once they cannot open their emails from the library. If
the attacker managed to get the email(s) up to this point, they are able to
open them, because they got the relevant private key.

There needs to be a way to connect patron and key in Koha. The easiest and best
for our use case would be to have the public keys in the Koha DB only and
encrypt emails using what the DB has, without the gpg key management.
Unfortunately that does not seem to be possible at all, at least I could not
find it yet. I mean something like
"gpg, encrypt text x with public key $public_key_as_string_from_db"

Workarounds either need interference on the librarian side or prevent updating
patron's public key. I am still hoping to get this working for libraries with
zero interest in crypto. I will look into what could be done with some kind of
Key ID verification by the patron, but it would be overly complicated compared
to storing keys in the db per patron.

Sorry, just thinking aloud. If you accidentally receive this transmission and
think I am missing something, feel free to interrupt.

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list