encrypt forwarded emails to gpg-enabled mailbox

2020-03-08 23:07:23 +01:00 · 2020-03-08 23:07:23 +01:00 · 612e4f6717
parent 5d5131f32c
commit 612e4f6717
2 changed files with 41 additions and 1 deletions
--- a/app/pgp_utils.py
+++ b/app/pgp_utils.py
@ -4,9 +4,11 @@ from app.config import GNUPGHOME

 gpg = gnupg.GPG(gnupghome=GNUPGHOME)

+
 class PGPException(Exception):
    pass

+
 def load_public_key(public_key: str) -> str:
    """Load a public key into keyring and return the fingerprint. If error, raise Exception"""
    import_result = gpg.import_keys(public_key)
--- a/email_handler.py
+++ b/email_handler.py
@ -31,13 +31,17 @@ It should contain the following info:

 """
 import time
+from email import encoders
 from email.message import Message
+from email.mime.application import MIMEApplication
+from email.mime.multipart import MIMEMultipart
 from email.parser import Parser
 from email.policy import SMTPUTF8
 from smtplib import SMTP
 from typing import Optional

 from aiosmtpd.controller import Controller
+import gnupg

 from app.config import (
    EMAIL_DOMAIN,
@ -47,6 +51,7 @@ from app.config import (
    ADMIN_EMAIL,
    SUPPORT_EMAIL,
    POSTFIX_SUBMISSION_TLS,
+    GNUPGHOME,
 )
 from app.email_utils import (
    get_email_name,
@ -74,6 +79,7 @@ from app.models import (
 )
 from app.utils import random_string
 from server import create_app
+from app import pgp_utils


 # fix the database connection leak issue
@ -255,6 +261,31 @@ def should_append_alias(msg, alias):
    return True


+def prepare_pgp_message(orig_msg: Message, pgp_fingerprint: str):
+    msg = MIMEMultipart("encrypted", protocol="application/pgp-encrypted")
+
+    # copy all headers from original message except the "Content-Type"
+    for i in reversed(range(len(orig_msg._headers))):
+        header_name = orig_msg._headers[i][0].lower()
+        if header_name != "Content-Type".lower():
+            msg[header_name] = orig_msg._headers[i][1]
+
+    first = MIMEApplication(
+        _subtype="pgp-encrypted", _encoder=encoders.encode_7or8bit, _data=""
+    )
+    first.set_payload("Version: 1")
+    msg.attach(first)
+
+    second = MIMEApplication("octet-stream", _encoder=encoders.encode_7or8bit)
+    second.add_header("Content-Disposition", "inline")
+    # encrypt original message
+    encrypted_data = pgp_utils.encrypt(orig_msg.as_string(), pgp_fingerprint)
+    second.set_payload(encrypted_data)
+    msg.attach(second)
+
+    return msg
+
+
 def handle_forward(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> str:
    """return *status_code message*"""
    alias = rcpt_to.lower()  # alias@SL
@ -267,7 +298,14 @@ def handle_forward(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> str:
            LOG.d("alias %s cannot be created on-the-fly, return 510", alias)
            return "510 Email not exist"

-    mailbox_email = gen_email.mailbox_email()
+    mailbox = gen_email.mailbox
+    mailbox_email = mailbox.email
+
+    # create PGP email if needed
+    if mailbox.pgp_finger_print:
+        LOG.d("Encrypt message using mailbox %s", mailbox)
+        msg = prepare_pgp_message(msg, mailbox.pgp_finger_print)
+
    forward_email = get_or_create_forward_email(msg["From"], gen_email)
    forward_log = ForwardEmailLog.create(forward_id=forward_email.id)