From db2a7f8aff9e7cbbf8e8279366b4ae064b90aae4 Mon Sep 17 00:00:00 2001 From: Andris Reinman Date: Sat, 16 Apr 2016 10:51:22 -0700 Subject: [PATCH] sign gpg messages --- lib/mailer.js | 7 +++++-- package.json | 2 +- routes/settings.js | 2 +- views/settings.hbs | 31 +++++++++++++++++++++++++++++++ 4 files changed, 38 insertions(+), 4 deletions(-) diff --git a/lib/mailer.js b/lib/mailer.js index 28a5c32c..30ff5aef 100644 --- a/lib/mailer.js +++ b/lib/mailer.js @@ -83,7 +83,7 @@ function getTemplate(template, callback) { } function createMailer(callback) { - settings.list(['smtpHostname', 'smtpPort', 'smtpEncryption', 'smtpUser', 'smtpPass', 'smtpLog', 'smtpDisableAuth', 'smtpMaxConnections', 'smtpMaxMessages', 'smtpSelfSigned'], (err, configItems) => { + settings.list(['smtpHostname', 'smtpPort', 'smtpEncryption', 'smtpUser', 'smtpPass', 'smtpLog', 'smtpDisableAuth', 'smtpMaxConnections', 'smtpMaxMessages', 'smtpSelfSigned', 'pgpPrivateKey', 'pgpPassphrase'], (err, configItems) => { if (err) { return callback(err); } @@ -109,7 +109,10 @@ function createMailer(callback) { rejectUnauthorized: !configItems.smtpSelfSigned } }); - module.exports.transport.use('stream', openpgpEncrypt()); + module.exports.transport.use('stream', openpgpEncrypt({ + signingKey: configItems.pgpPrivateKey, + passphrase: configItems.pgpPassphrase + })); return callback(null, module.exports.transport); }); diff --git a/package.json b/package.json index 536cb510..e2a90037 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "multer": "^1.1.0", "mysql": "^2.10.2", "nodemailer": "^2.3.2", - "nodemailer-openpgp": "^1.0.1", + "nodemailer-openpgp": "^1.0.2", "npmlog": "^2.0.3", "openpgp": "^2.2.1", "passport": "^0.3.2", diff --git a/routes/settings.js b/routes/settings.js index d9a581bd..faf5c6dd 100644 --- a/routes/settings.js +++ b/routes/settings.js @@ -11,7 +11,7 @@ let url = require('url'); let settings = require('../lib/models/settings'); -let allowedKeys = ['service_url', 'smtp_hostname', 'smtp_port', 'smtp_encryption', 'smtp_disable_auth', 'smtp_user', 'smtp_pass', 'admin_email', 'smtp_log', 'smtp_max_connections', 'smtp_max_messages', 'smtp_self_signed', 'default_from', 'default_address', 'default_subject', 'default_homepage', 'default_postaddress', 'default_sender', 'verp_hostname', 'verp_use', 'disable_wysiwyg']; +let allowedKeys = ['service_url', 'smtp_hostname', 'smtp_port', 'smtp_encryption', 'smtp_disable_auth', 'smtp_user', 'smtp_pass', 'admin_email', 'smtp_log', 'smtp_max_connections', 'smtp_max_messages', 'smtp_self_signed', 'default_from', 'default_address', 'default_subject', 'default_homepage', 'default_postaddress', 'default_sender', 'verp_hostname', 'verp_use', 'disable_wysiwyg', 'pgp_private_key', 'pgp_passphrase']; router.all('/*', (req, res, next) => { if (!req.user) { diff --git a/views/settings.hbs b/views/settings.hbs index 31341890..7fd02c40 100644 --- a/views/settings.hbs +++ b/views/settings.hbs @@ -251,6 +251,37 @@ {{/if}} +
+ + PGP Signing + + +

+ Only messages that are encrypted can be signed. Subsribers who have not set up a PGP public key in their profile receive normal email messages. Users with PGP key set receive encrypted messages and if you have signing key also set, the messages are signed + with this key. +

+

+ Do not use sensitive keys here. The private key and passphrase are not encrypted in the database. +

+ +
+ +
+ + Only fill this if your private key is encrypted with a passphrase +
+
+ +
+ +
+ + This value is optional. if you do not provide a private key, then PGP encrypted messages are sent without signing. +
+
+ +
+