2

我已经采用了 gpg-mailgate 的所有分支并将所有工作部分放在一起,使其几乎完全正常工作。我遇到的最后一个问题是附件通过加密文件名.originalextension.pgp 但不可解密。

这是我正在使用的 mailgate 插件的完整代码。

#!/usr/bin/python

from ConfigParser import RawConfigParser
from email.mime.base import MIMEBase
import email
import email.message
import re
import GnuPG
import smtplib
import sys

# Read configuration from /etc/gpg-mailgate.conf
_cfg = RawConfigParser()
_cfg.read('/etc/gpg-mailgate.conf')
cfg = dict()
for sect in _cfg.sections():
        cfg[sect] = dict()
        for (name, value) in _cfg.items(sect):
                cfg[sect][name] = value

# Read e-mail from stdin
raw = sys.stdin.read()
raw_message = email.message_from_string( raw )
from_addr = raw_message['From']
to_addrs = sys.argv[1:]

def send_msg( message, recipients = None ):
        if recipients == None:
                recipients = to_addrs
        if cfg.has_key('logging') and cfg['logging'].has_key('file'):
                log = open(cfg['logging']['file'], 'a')
                log.write("Sending email to: <%s>\n" % '> <'.join( recipients ))
                log.close()
        relay = (cfg['relay']['host'], int(cfg['relay']['port']))
        smtp = smtplib.SMTP(relay[0], relay[1])
        smtp.sendmail( from_addr, recipients, message.as_string() )

def encrypt_payload( payload, gpg_to_cmdline ):
        gpg = GnuPG.GPGEncryptor( cfg['gpg']['keyhome'], gpg_to_cmdline )
        raw_payload = payload.get_payload(decode=True)
        gpg.update( raw_payload )
        if "-----BEGIN PGP MESSAGE-----" in raw_payload and "-----END PGP MESSAGE-----" in raw_payload:
          return payload
        payload.set_payload( gpg.encrypt() )
        if payload['Content-Disposition']:
                payload.replace_header( 'Content-Disposition', re.sub(r'filename="([^"]+)"', r'filename="\1.pgp"', payload['Content-Disposition']) )
        if payload['Content-Type']:
                payload.replace_header( 'Content-Type', re.sub(r'name="([^"]+)"', r'name="\1.pgp"', payload['Content-Type']) )
#               if payload.get_content_type() != 'text/plain' and payload.get_content_type != 'text/html':
                if 'name="' in payload['Content-Type']:
                        payload.replace_header( 'Content-Type', re.sub(r'^[a-z/]+;', r'application/octet-stream;', payload['Content-Type']) )
                        payload.set_payload( "\n".join( filter( lambda x:re.search(r'^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$',x), payload.get_payload().split("\n") ) ) )
        return payload

def encrypt_all_payloads( payloads, gpg_to_cmdline ):
        encrypted_payloads = list()
        if type( payloads ) == str:
                msg = email.message.Message()
                msg.set_payload( payloads )
                return encrypt_payload( msg, gpg_to_cmdline ).as_string()
        for payload in payloads:
                if( type( payload.get_payload() ) == list ):
                        encrypted_payloads.append( encrypt_all_payloads( payload.get_payload(), gpg_to_cmdline ) )
                else:
                        encrypted_payloads.append( [encrypt_payload( payload, gpg_to_cmdline )] )
        return sum(encrypted_payloads, [])

def get_msg( message ):
        if not message.is_multipart():
                return message.get_payload()
        return '\n\n'.join( [str(m) for m in message.get_payload()] )

keys = GnuPG.public_keys( cfg['gpg']['keyhome'] )
gpg_to = list()
ungpg_to = list()

for to in to_addrs:
        domain = to.split('@')[1]
        if domain in cfg['default']['domains'].split(','):
                if to in keys:
                        gpg_to.append( (to, to) )
                elif cfg.has_key('keymap') and cfg['keymap'].has_key(to):
                        gpg_to.append( (to, cfg['keymap'][to]) )
        else:
                ungpg_to.append(to)

if gpg_to == list():
        if cfg['default'].has_key('add_header') and cfg['default']['add_header'] == 'yes':
                raw_message['X-GPG-Mailgate'] = 'Not encrypted, public key not found'
        send_msg( raw_message )
        exit()

if ungpg_to != list():
        send_msg( raw_message, ungpg_to )

if cfg.has_key('logging') and cfg['logging'].has_key('file'):
        log = open(cfg['logging']['file'], 'a')
        log.write("Encrypting email to: %s\n" % ' '.join( map(lambda x: x[0], gpg_to) ))
        log.close()

if cfg['default'].has_key('add_header') and cfg['default']['add_header'] == 'yes':
        raw_message['X-GPG-Mailgate'] = 'Encrypted by GPG Mailgate'

gpg_to_cmdline = list()
gpg_to_smtp = list()
for rcpt in gpg_to:
        gpg_to_smtp.append(rcpt[0])
        gpg_to_cmdline.extend(rcpt[1].split(','))

encrypted_payloads = encrypt_all_payloads( raw_message.get_payload(), gpg_to_cmdline )
raw_message.set_payload( encrypted_payloads )

send_msg( raw_message, gpg_to_smtp )

我的客户(roundcube 和 k-9 )不知道如何处理该文件。如果我从命令行执行 gpg --decrypt filename.txt.pgp 我得到: gpg: no valid OpenPGP data found。gpg:decrypt_message 失败:eof

电子邮件的标题是:

User-Agent: K-9 Mail for Android
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----YR49011GO0MWM753ETYWUA7CBOKGAV"
Subject: New with attachments 
From: Bruce Markey <bruce@secryption.com>
Date: Fri, 13 Sep 2013 06:18:03 -0400
To: "bruce@packetaddiction.com" <bruce@packetaddiction.com>
Message-ID: <53178821-6d6c-4b7d-b9c7-5a49034da1ef@email.android.com>
X-GPG-Mailgate: Encrypted by GPG Mailgate

我什至不确定要调试“什么”,因为一切看起来都不错,而且完全没有错误。

如果有人有任何方向,我将不胜感激。

更新:我发现了这个从电子邮件附加的解密 gpg 文件(file.pgp)

我决定添加一行将 raw 写入日志文件。

MIME-Version: 1.0
X-Received: by 10.68.130.1 with SMTP id oa1mr18868651pbb.35.1379162867744;
Sat, 14 Sep 2013 05:47:47 -0700 (PDT)
Received: by 10.68.46.72 with HTTP; Sat, 14 Sep 2013 05:47:47 -0700 (PDT)
Date: Sat, 14 Sep 2013 08:47:47 -0400
Message-ID: <CACRtyey-L9Z5JGNG4bheYqJ7tVK+6qfigmanH9pTUk0ute5gEw@mail.gmail.com>
Subject: Test with attachment - Saturday
From: Bruce Markey <bmarkey@gmail.com>
To: bruce@packetaddiction.com
Content-Type: multipart/mixed; boundary=047d7b10ca15d1c7b904e65760eb

--047d7b10ca15d1c7b904e65760eb
Content-Type: text/plain; charset=ISO-8859-1

Just a simple test with txt attachment

--047d7b10ca15d1c7b904e65760eb
Content-Type: text/plain; charset=US-ASCII; name="TestAttach.txt"
Content-Disposition: attachment; filename="TestAttach.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_hlkty4930

VGhpcyBpcyBqdXN0IGEgdGVzdCBvZiB0aGUgYXR0YWNobWVudHMuIApUaGlzIGlzIGEgc2ltcGxl
IHRleHQgZmlsZS4gCgo=
--047d7b10ca15d1c7b904e65760eb--

由于这是原始编写的,因此它是预加密的。那么我应该在加密之前解码base64吗?

看了一会儿之后,我不明白为什么这条线在这里。

if 'name="' in payload['Content-Type']:
payload.replace_header( 'Content-Type', re.sub(r'^[a-z/]+;', r'application/octet-  stream;', payload['Content-Type']) )
payload.set_payload( "\n".join( filter( lambda x:re.search(r'^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$',x), payload.get_payload().split("\n") ) ) )

为什么要更改为 application/octet-stream?

更新:

我认为除非我做错了什么,否则我可以正常工作。我更改了以下内容:

def get_msg( message ):
    if not message.is_multipart():
        return message.get_payload()
return '\n\n'.join( [base64.decodestring(str(m)) for m in message.get_payload()] )

这现在允许我实际运行 gpg --decrypt filename.txt 。

(我假设大多数附件将以 base64 格式通过,尽管我可能会为所有内容传输编码类型添加测试。)

4

1 回答 1

0

在加密之前,需要对附件进行解码、内容传输编码。请参阅原始问题更新中的代码。

于 2013-09-14T16:24:17.620 回答