Feature #4895

GnuPG support

Added by Peter Meier almost 8 years ago. Updated about 2 years ago.

Status:NewStart date:2010-02-22
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Email receiving
Target version:-
Resolution:

Description

As Redmine supports sending and receiving of emails it would be nice to have GnuPG support at hand.

I imagine the following basic features:

  • it should be possible to add a global keypair (public and private key and passphrase) for the systemaddress(es), given these options are set
    • redmine should be able to receive encrypted emails, decrypt them and process them further as a plaintext email
    • redmine should be able to send out signed emails
  • it should be possible for users to add a public key to their account. Given one is uploaded
    • redmine should be able to send out encrypted emails to this user (this would require to split the email sending on a per user basis. At least for the ones that requires to receive encrypted emailsr. Splitting the encrypted and plaintext users in 2 receiving groups might also be possible, however the per user is preferred)

Given the implementation of the basic features, further features could be implemented, such as:

  • it is only possible to change states of a ticket, by sending a signed email, which signature can be verified by redmine
  • it is possible to require a public key if you'd like to receive emails for a project
  • it is possible to require that only encrypted outgoing emails are allowed for a certain or any project.
  • etc.

History

#1 Updated by Jean-Philippe Lang almost 8 years ago

  • Category set to Email receiving

#2 Updated by Oleg Lozinskij over 7 years ago

+1

#3 Updated by John Hogenmiller over 7 years ago

While using GnuPG for email is good, I would also like to see this as part of the documents module or even as a separate module "Encrypted Pages".

For each decent-sized customer I have, I use redmine to store information about their setup - servers, network, web sites, etc. For example. if I am managing a client's office network, I can list all their devices, write documentation in the wiki, record issues, etc. However, even though it is a semi-private, secure server (some clients have access to their information), I don't store passwords in Redmine. I maintain a separate keepass file.

However, I would love the ability to put all the important credentials into one page, encrypt it, and then unencrypt it through the redmine interface.

I looked at doing it with FireGPG, which I had used in the past, but they have discontinued support. Also, it would be nice if everything could be maintained on the server side (like request tracker does). Private keys would be password protected, so you would have to enter a password in order to decrypt any saved encrypted text.

#4 Updated by Terence Mill over 7 years ago

The idea is good, i created a more common feature request for this.. see Issue #6257.

#5 Updated by Guy Barnhart-Magen over 6 years ago

This is what i am looking for, i would like to be able to encrypt all redmine outgoing email with a public key i can give to the clients. is this possible? is there a different mechanism for sending email in redmine that would allow such a plugin to be written?

#6 Updated by Mr Embedded over 4 years ago

+1

This would be perfect. There is a plugin http://www.redmine.org/plugins/redmine_email_notification_content_filter which allows you to remove the content of outgoing emails but using GPG would bump the email security up several notches.

There is a ruby GPG wrapper https://github.com/HHRy/gpgr that may be useful here.

#7 Updated by Alexander Blum over 2 years ago

I implemented most features in the plugin 'OpenPGP': https://www.redmine.org/plugins/openpgp

Notes regarding the feature descriptions of this ticket:

  • only one private server PGP key for the whole redmine instance
  • splitting of the email addresses is on email level (not per-user)
  • rejection of invalid signatures may only globally activated (not per-project) and is all-or-none (no distinction of rights)

It's tested using redmine 3.1.0, although it may work with other versions as well. Feedback is appreciated, especially regarding compatibility.

#8 Updated by Daniel Maas about 2 years ago

Hey Alexander,

very nice plugin!!

The outgoing mails are encrypted without problems.

My Problem is that I am not able to receive encrypted mails at the moment.
I added the private key with password for the redmine instance. And the key is added to the keyring of
the user www-data which apache uses.

I fetch the mails with:
/usr/local/bin/rake redmine:email:receive_imap RAILS_ENV="production" host=<mailhost> port=993 ssl=1 username=<username> password=<password>

unencrypted mails are working and are appended to the answered issie.
But if I encrypt the mail (no matter if MIME or INLINE)
the mail is not showing up in redmine.
I can not see any failure or notice in the logfile of redmine.

Would be nice if you have an idea what could be wrong.

Thanks

Environment:
Redmine version 3.1.1.stable
Ruby version 2.1.5-p273 (2014-11-13) [x86_64-linux-gnu]
Rails version 4.2.4
Environment production
Database adapter PostgreSQL
SCM:
Git 2.1.4
Filesystem
Redmine plugins:
openpgp 1.0

Also available in: Atom PDF