sign gpg messages

lib/mailer.js

@@ -83,7 +83,7 @@ function getTemplate(template, callback) {
 }
 
 function createMailer(callback) {
-    settings.list(['smtpHostname', 'smtpPort', 'smtpEncryption', 'smtpUser', 'smtpPass', 'smtpLog', 'smtpDisableAuth', 'smtpMaxConnections', 'smtpMaxMessages', 'smtpSelfSigned'], (err, configItems) => {
+    settings.list(['smtpHostname', 'smtpPort', 'smtpEncryption', 'smtpUser', 'smtpPass', 'smtpLog', 'smtpDisableAuth', 'smtpMaxConnections', 'smtpMaxMessages', 'smtpSelfSigned', 'pgpPrivateKey', 'pgpPassphrase'], (err, configItems) => {
         if (err) {
             return callback(err);
         }
@@ -109,7 +109,10 @@ function createMailer(callback) {
                 rejectUnauthorized: !configItems.smtpSelfSigned
             }
         });
-        module.exports.transport.use('stream', openpgpEncrypt());
+        module.exports.transport.use('stream', openpgpEncrypt({
+            signingKey: configItems.pgpPrivateKey,
+            passphrase: configItems.pgpPassphrase
+        }));
 
         return callback(null, module.exports.transport);
     });

package.json

@@ -47,7 +47,7 @@
     "multer": "^1.1.0",
     "mysql": "^2.10.2",
     "nodemailer": "^2.3.2",
-    "nodemailer-openpgp": "^1.0.1",
+    "nodemailer-openpgp": "^1.0.2",
     "npmlog": "^2.0.3",
     "openpgp": "^2.2.1",
     "passport": "^0.3.2",

routes/settings.js

@@ -11,7 +11,7 @@ let url = require('url');
 
 let settings = require('../lib/models/settings');
 
-let allowedKeys = ['service_url', 'smtp_hostname', 'smtp_port', 'smtp_encryption', 'smtp_disable_auth', 'smtp_user', 'smtp_pass', 'admin_email', 'smtp_log', 'smtp_max_connections', 'smtp_max_messages', 'smtp_self_signed', 'default_from', 'default_address', 'default_subject', 'default_homepage', 'default_postaddress', 'default_sender', 'verp_hostname', 'verp_use', 'disable_wysiwyg'];
+let allowedKeys = ['service_url', 'smtp_hostname', 'smtp_port', 'smtp_encryption', 'smtp_disable_auth', 'smtp_user', 'smtp_pass', 'admin_email', 'smtp_log', 'smtp_max_connections', 'smtp_max_messages', 'smtp_self_signed', 'default_from', 'default_address', 'default_subject', 'default_homepage', 'default_postaddress', 'default_sender', 'verp_hostname', 'verp_use', 'disable_wysiwyg', 'pgp_private_key', 'pgp_passphrase'];
 
 router.all('/*', (req, res, next) => {
     if (!req.user) {

views/settings.hbs

@@ -251,6 +251,37 @@
         {{/if}}
     </fieldset>
 
+    <fieldset>
+        <legend>
+            PGP Signing
+        </legend>
+
+        <p>
+            Only messages that are encrypted can be signed. Subsribers who have not set up a PGP public key in their profile receive normal email messages. Users with PGP key set receive encrypted messages and if you have signing key also set, the messages are signed
+            with this key.
+        </p>
+        <p class="text-warning">
+            Do not use sensitive keys here. The private key and passphrase are not encrypted in the database.
+        </p>
+
+        <div class="form-group">
+            <label for="pgp-passphrase" class="col-sm-2 control-label">Private Key Passphrase</label>
+            <div class="col-sm-10">
+                <input type="password" class="form-control" name="pgp-passphrase" id="pgp-passphrase" placeholder="Passprase" value="{{pgpPassphrase}}">
+                <span class="help-block">Only fill this if your private key is encrypted with a passphrase</span>
+            </div>
+        </div>
+
+        <div class="form-group">
+            <label for="pgp-private-key" class="col-sm-2 control-label">PGP Private Key</label>
+            <div class="col-sm-10">
+                <textarea class="form-control gpg-text" rows="3" id="pgp-private-key" name="pgp-private-key">{{pgpPrivateKey}}</textarea>
+                <span class="help-block">This value is optional. if you do not provide a private key, then PGP encrypted messages are sent without signing.</span>
+            </div>
+        </div>
+
+    </fieldset>
+
     <hr />
 
     <div class="form-group">