我已经采用了 gpg-mailgate 的所有分支并将所有工作部分放在一起,使其几乎完全正常工作。我遇到的最后一个问题是附件通过加密文件名.originalextension.pgp 但不可解密。
这是我正在使用的 mailgate 插件的完整代码。
#!/usr/bin/python
from ConfigParser import RawConfigParser
from email.mime.base import MIMEBase
import email
import email.message
import re
import GnuPG
import smtplib
import sys
# Read configuration from /etc/gpg-mailgate.conf
_cfg = RawConfigParser()
_cfg.read('/etc/gpg-mailgate.conf')
cfg = dict()
for sect in _cfg.sections():
cfg[sect] = dict()
for (name, value) in _cfg.items(sect):
cfg[sect][name] = value
# Read e-mail from stdin
raw = sys.stdin.read()
raw_message = email.message_from_string( raw )
from_addr = raw_message['From']
to_addrs = sys.argv[1:]
def send_msg( message, recipients = None ):
if recipients == None:
recipients = to_addrs
if cfg.has_key('logging') and cfg['logging'].has_key('file'):
log = open(cfg['logging']['file'], 'a')
log.write("Sending email to: <%s>\n" % '> <'.join( recipients ))
log.close()
relay = (cfg['relay']['host'], int(cfg['relay']['port']))
smtp = smtplib.SMTP(relay[0], relay[1])
smtp.sendmail( from_addr, recipients, message.as_string() )
def encrypt_payload( payload, gpg_to_cmdline ):
gpg = GnuPG.GPGEncryptor( cfg['gpg']['keyhome'], gpg_to_cmdline )
raw_payload = payload.get_payload(decode=True)
gpg.update( raw_payload )
if "-----BEGIN PGP MESSAGE-----" in raw_payload and "-----END PGP MESSAGE-----" in raw_payload:
return payload
payload.set_payload( gpg.encrypt() )
if payload['Content-Disposition']:
payload.replace_header( 'Content-Disposition', re.sub(r'filename="([^"]+)"', r'filename="\1.pgp"', payload['Content-Disposition']) )
if payload['Content-Type']:
payload.replace_header( 'Content-Type', re.sub(r'name="([^"]+)"', r'name="\1.pgp"', payload['Content-Type']) )
# if payload.get_content_type() != 'text/plain' and payload.get_content_type != 'text/html':
if 'name="' in payload['Content-Type']:
payload.replace_header( 'Content-Type', re.sub(r'^[a-z/]+;', r'application/octet-stream;', payload['Content-Type']) )
payload.set_payload( "\n".join( filter( lambda x:re.search(r'^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$',x), payload.get_payload().split("\n") ) ) )
return payload
def encrypt_all_payloads( payloads, gpg_to_cmdline ):
encrypted_payloads = list()
if type( payloads ) == str:
msg = email.message.Message()
msg.set_payload( payloads )
return encrypt_payload( msg, gpg_to_cmdline ).as_string()
for payload in payloads:
if( type( payload.get_payload() ) == list ):
encrypted_payloads.append( encrypt_all_payloads( payload.get_payload(), gpg_to_cmdline ) )
else:
encrypted_payloads.append( [encrypt_payload( payload, gpg_to_cmdline )] )
return sum(encrypted_payloads, [])
def get_msg( message ):
if not message.is_multipart():
return message.get_payload()
return '\n\n'.join( [str(m) for m in message.get_payload()] )
keys = GnuPG.public_keys( cfg['gpg']['keyhome'] )
gpg_to = list()
ungpg_to = list()
for to in to_addrs:
domain = to.split('@')[1]
if domain in cfg['default']['domains'].split(','):
if to in keys:
gpg_to.append( (to, to) )
elif cfg.has_key('keymap') and cfg['keymap'].has_key(to):
gpg_to.append( (to, cfg['keymap'][to]) )
else:
ungpg_to.append(to)
if gpg_to == list():
if cfg['default'].has_key('add_header') and cfg['default']['add_header'] == 'yes':
raw_message['X-GPG-Mailgate'] = 'Not encrypted, public key not found'
send_msg( raw_message )
exit()
if ungpg_to != list():
send_msg( raw_message, ungpg_to )
if cfg.has_key('logging') and cfg['logging'].has_key('file'):
log = open(cfg['logging']['file'], 'a')
log.write("Encrypting email to: %s\n" % ' '.join( map(lambda x: x[0], gpg_to) ))
log.close()
if cfg['default'].has_key('add_header') and cfg['default']['add_header'] == 'yes':
raw_message['X-GPG-Mailgate'] = 'Encrypted by GPG Mailgate'
gpg_to_cmdline = list()
gpg_to_smtp = list()
for rcpt in gpg_to:
gpg_to_smtp.append(rcpt[0])
gpg_to_cmdline.extend(rcpt[1].split(','))
encrypted_payloads = encrypt_all_payloads( raw_message.get_payload(), gpg_to_cmdline )
raw_message.set_payload( encrypted_payloads )
send_msg( raw_message, gpg_to_smtp )
我的客户(roundcube 和 k-9 )不知道如何处理该文件。如果我从命令行执行 gpg --decrypt filename.txt.pgp 我得到: gpg: no valid OpenPGP data found。gpg:decrypt_message 失败:eof
电子邮件的标题是:
User-Agent: K-9 Mail for Android
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----YR49011GO0MWM753ETYWUA7CBOKGAV"
Subject: New with attachments
From: Bruce Markey <bruce@secryption.com>
Date: Fri, 13 Sep 2013 06:18:03 -0400
To: "bruce@packetaddiction.com" <bruce@packetaddiction.com>
Message-ID: <53178821-6d6c-4b7d-b9c7-5a49034da1ef@email.android.com>
X-GPG-Mailgate: Encrypted by GPG Mailgate
我什至不确定要调试“什么”,因为一切看起来都不错,而且完全没有错误。
如果有人有任何方向,我将不胜感激。
更新:我发现了这个从电子邮件附加的解密 gpg 文件(file.pgp)
我决定添加一行将 raw 写入日志文件。
MIME-Version: 1.0
X-Received: by 10.68.130.1 with SMTP id oa1mr18868651pbb.35.1379162867744;
Sat, 14 Sep 2013 05:47:47 -0700 (PDT)
Received: by 10.68.46.72 with HTTP; Sat, 14 Sep 2013 05:47:47 -0700 (PDT)
Date: Sat, 14 Sep 2013 08:47:47 -0400
Message-ID: <CACRtyey-L9Z5JGNG4bheYqJ7tVK+6qfigmanH9pTUk0ute5gEw@mail.gmail.com>
Subject: Test with attachment - Saturday
From: Bruce Markey <bmarkey@gmail.com>
To: bruce@packetaddiction.com
Content-Type: multipart/mixed; boundary=047d7b10ca15d1c7b904e65760eb
--047d7b10ca15d1c7b904e65760eb
Content-Type: text/plain; charset=ISO-8859-1
Just a simple test with txt attachment
--047d7b10ca15d1c7b904e65760eb
Content-Type: text/plain; charset=US-ASCII; name="TestAttach.txt"
Content-Disposition: attachment; filename="TestAttach.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_hlkty4930
VGhpcyBpcyBqdXN0IGEgdGVzdCBvZiB0aGUgYXR0YWNobWVudHMuIApUaGlzIGlzIGEgc2ltcGxl
IHRleHQgZmlsZS4gCgo=
--047d7b10ca15d1c7b904e65760eb--
由于这是原始编写的,因此它是预加密的。那么我应该在加密之前解码base64吗?
看了一会儿之后,我不明白为什么这条线在这里。
if 'name="' in payload['Content-Type']:
payload.replace_header( 'Content-Type', re.sub(r'^[a-z/]+;', r'application/octet- stream;', payload['Content-Type']) )
payload.set_payload( "\n".join( filter( lambda x:re.search(r'^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$',x), payload.get_payload().split("\n") ) ) )
为什么要更改为 application/octet-stream?
更新:
我认为除非我做错了什么,否则我可以正常工作。我更改了以下内容:
def get_msg( message ):
if not message.is_multipart():
return message.get_payload()
return '\n\n'.join( [base64.decodestring(str(m)) for m in message.get_payload()] )
这现在允许我实际运行 gpg --decrypt filename.txt 。
(我假设大多数附件将以 base64 格式通过,尽管我可能会为所有内容传输编码类型添加测试。)