File: extensiveexample.txt

package info (click to toggle)
gpg-remailer 3.04.05-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 720 kB
  • sloc: cpp: 1,522; sh: 179; makefile: 114; ansic: 23; fortran: 20
file content (430 lines) | stat: -rw-r--r-- 15,090 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
What follows is an extensive example of how to install and setup the
gpg-remailer. 

It is assumed that you've installed the gpg-remailer program, and that it's
available as /usr/bin/gpg-remailer.


Define the remailer's account:
==============================

1. The gpg-remailer will receive mail sent at remailer@suffix.rc.rug.nl
    The remailer needs an account: for that the user 'remailer' is
    defined. E.g., 

--------------------------------------------------------------------------
adduser --home /var/lib/remailer --disabled-password --disabled-login remailer
Adding user `remailer' ...
Adding new group `remailer' (1011) ...
Adding new user `remailer' (1006) with group `remailer' ...
Creating home directory `/var/lib/remailer' ...
Copying files from `/etc/skel' ...
Changing the user information for remailer
Enter the new value, or press ENTER for the default
    Full Name []: 
    Room Number []: 
    Work Phone []: 
    Home Phone []: 
    Other []: 
Is the information correct? [Y/n] y
--------------------------------------------------------------------------


2. Make sure that access to /var/lib/remailer is denied except to remailer
    itself: 

        chmod -R og-rwx remailer

3. Change to user 'remailer'. As root, do: 

        su - remailer

    and then, as the user 'remailer' do:

        mkdir etc tmp

4. Enter 'exit' to return to the 'root' account.

Define and test mail sent to the remailer:
==========================================

1. Set up a mail account for the remailer in /etc/mail/aliases (/etc/aliases
    in some installations): add this line to /etc/mail/aliases:

    remailer:       /tmp/remailer

    After running `newaliases' mail sent to remailer@suffix.rc.rug.nl appears
    in (is appended to) the file /tmp/remailer.

    Looking at the owner/group specification of /tmp/remailer we find the name
    that's used by the mail program. My sendmail program uses 'mail', but
    other names may also be encountered, like 'nobody':

    ls -l /tmp/remailer:

    -rw-r----- 1 mail mail 2566 Dec 17 12:03 /tmp/remailer

2. Remove /tmp/remailer, and create the following script, name it
    /usr/local/bin/id.sh:

#/bin/bash
id > /tmp/remailer

3.  Do 'chmod +x /usr/local/bin/id.sh

    
4. To check processing of mail sent to 'remailer' add this line to the sudoers
    file (e.g., call 'sudoedit /etc/sudoers.d/specs')

    mail    ALL = (remailer)  NOPASSWD:  /usr/local/bin/id.sh

5. Change the 'remailer: ...' line in /etc/mail/aliases
    into 

    remailer:       "|sudo -u remailer /usr/local/bin/id.sh"

   and run 'newaliases'.

6. Once again send mail to remailer, and /tmp/remailer should contain something
    like:

uid=1006(remailer) gid=1011(remailer) groups=1011(remailer)

7. Once 6. succeeds, do 'rm /usr/local/bin/id.sh' as you don't need it
    anymore. 

8. Setup the mail account so that mail is sent to the remailer: Change the
    'remailer: ...' line in /etc/mail/aliases 
    into 

    remailer:       "|sudo -u remailer /usr/bin/gpg-remailer

   and run 'newaliases'.

9. Change the previously mentioned line in the sudoers 
    file (e.g., call 'sudoedit /etc/sudoers.d/specs') into:

    mail    ALL = (remailer)  NOPASSWD:  /usr/bin/gpg-remailer


Define an initial configuration file for the user remailer:
===========================================================

1. Create the file /var/lib/remailer/etc/gpg-remailer.rc containing:

--------------------------------------------------------------------------
clear-text: accepted
noMail:     true
replyTo:    provide a reply-to address here
recipient:  destination-address-here
member:     some-member-address-here
signature:  none
--------------------------------------------------------------------------

    This allows you to test the reception and basic handling of of e-mail by
    the gpg-remailer. At this point the recipient and member addresses are
    irrelevant. 

2. Once again send an e-mail to the remailer address. Now the file
    /var/lib/remailer/etc/remailer.log is creating showing something like:

--------------------------------------------------------------------------
Dec 17 15:06:58 Clear-text mail
Dec 17 15:06:58 Removing all temporary files
--------------------------------------------------------------------------

3. Now fill in a real e-mail address for the recipient in
    /var/lib/remailer/etc/gpg-remailer.rc (i.e., an e-mail address that can be
    reached from the computer on which the remailer mail account has been
    defined) and remove the 'noMail: true' line. E.g., I could do:

--------------------------------------------------------------------------
clear-text: accepted
replyTo:    provide a reply-to address here
recipient:  f.b.brokken@rug.nl
member:     some-member-address-here
signature:  none
--------------------------------------------------------------------------

4. Once again send an e-mail to the remailer which must then be arriving at
    the "recipient's" address

E.g., after sending (omitting not relevant headers):

--------------------------------------------------------------------------
From f.b.brokken@rug.nl Thu Dec 17 11:59:06 2015
Date: Thu, 17 Dec 2015 11:59:06 +0100
From: "Frank B. Brokken" <f.b.brokken@rug.nl>
To: remailer
Subject: hello world
Reply-To: f.b.brokken@rug.nl

hi
-- 
    Frank B. Brokken
--------------------------------------------------------------------------

    
I received (omitting not relevant headers):

--------------------------------------------------------------------------
Date: Thu, 17 Dec 2015 15:11:19 +0100
From: remailer@rug.nl
To: f.b.brokken@rug.nl
Subject: Subject: hello world


hi
--
    Frank B. Brokken
--------------------------------------------------------------------------

Encrypted mail
==============

1. To handle encrypted mail, the remailer needs a PGP key. To create this key
    first, as root, issue the command:

        su - remailer

    to change to the remailer's ID.

2. Next, as the user 'remailer' generate its GPG keypair by issuing:

        gpg --gen-key    

    All default answers can normally be accepted. As e-mail address, specify
    'remailer@fqdn, where `fqdn' is the fully qualified domain name of the
    host where the 'remailer' mail account has been defined (see the next
    example). The interaction at this point looks like this (be sure to
    specify your own fqdn, and not example.rug.nl, which is used as example:

--------------------------------------------------------------------------
Real name: Remailer for encrypted and plain e-mail
Email address: remailer@example.rug.nl
Comment: 
You selected this USER-ID:
    "Remailer for encrypted and plain e-mail <remailer@examplerug.nl>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
--------------------------------------------------------------------------

    Next press the enter key twice, so that no passphrase is required. GPG
    then issues a warning:

--------------------------------------------------------------------------
You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway.  You can change your passphrase at any time,
using this program with the option "--edit-key".
--------------------------------------------------------------------------

    The warning is ignored: as long as the computer running the remailer is
    well-protected (i.e., only used by a member of the certteam) using a
    non-password protected key is defensible.

    Now they key is being generated, eventually resulting in a message like
    this:

--------------------------------------------------------------------------
pub   2048R/4EFA600E 2015-12-19
      Key fingerprint = 9EA5 220B 42AF 6912 9B0D  7304 D684 9112 4EFA 600E
uid        Remailer for encrypted and plain e-mail <remailer@examplerug.nl>
sub   2048R/48FCCFD0 2015-12-19
--------------------------------------------------------------------------


2. The public key is now uploaded to a key server, or could otherwise be
    distributed over the members of the cert team. To upload, use

        gpg --send-keys remailer

    To extract the remailer's key to file, use:

        gpg --export --armor remailer > ~/etc/pubkey.txt

3. All the users of the cert-team have their own PGP keys (if not: generate
    them as just shown). 

4. Make the PGP keys of the members of the cert-team available to the user
    'remailer' (e.g., copy them to the computer where the remailer account has
    been installed) Then, assuming a public key is made available as
    /tmp/pubkey.txt, do, still as user 'remailer':

        gpg --import /tmp/pubkey

    This results in output similar to this:

--------------------------------------------------------------------------
gpg: key EAE4D8AA: public key "Frank B. Brokken <f.b.brokken@rug.nl>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
--------------------------------------------------------------------------

5. To avoid warnings about untrusted keys, the remailer can sign each newly
    added key by doing (use the actual key IDs, not the one shown in the next
    example):

        gpg --edit-key EAE4D8AA

    then, interactively, give the commands:

        sign
        save

4. Distribute the public PGP key of the remailer over the members of the
    cert-team. Assuming a public key is made available as /tmp/pubkey.txt, and
    has key ID 4EFA600E (see point 1, this section), each member should do:

        gpg --edit-key 4EFA600E

    then, interactively, they should give the commands:

        sign
        save
        
Handling encrypted and signed e-mail:
=====================================

1. As the user 'remailer' edit the file etc/gpg-remailer.rc to contain:

--------------------------------------------------------------------------
clear-text: accepted
#   noMail:     true        Or completely remove this line 
replyTo:    Sec team mail, signed and optionally encrypted <remailer@fqdn>

#   We use this for testing only: enter the mail address matching the account
#   that you provided with the remailer's public key
recipient:  your mail address (e.g., I used: f.b.brokken@rug.nl here)
member:     your mail address (e.g., I used: f.b.brokken@rug.nl here)

signature:  required
--------------------------------------------------------------------------


2. Now send an encrypted and signed message to the remailer. E.g., I sent this
    signed and encrypted e-mail:

--------------------------------------------------------------------------
Date: Sat, 19 Dec 2015 14:56:29 +0100
From: "Frank B. Brokken" <f.b.brokken@rug.nl>
To: remailer
Subject: hello world

[-- PGP output follows (current time: Sat Dec 19 15:07:19 2015) --]
gpg: Signature made Sat Dec 19 14:56:29 2015 CET using RSA key ID EAE4D8AA
gpg: Good signature from "Frank B. Brokken <f.b.brokken@rug.nl>"
[-- End of PGP output --]

[-- The following data is PGP/MIME encrypted --]

signed and encrypted

--
    Frank B. Brokken
--------------------------------------------------------------------------

[-- End of PGP/MIME encrypted data --]


And I received in return:

--------------------------------------------------------------------------
Date: Sat, 19 Dec 2015 15:02:27 +0100
From: remailer@rug.nl
To: f.b.brokken@rug.nl
Subject: Subject: hello world

[-- PGP output follows (current time: Sat Dec 19 15:06:04 2015) --]
gpg: Signature made Sat Dec 19 15:02:27 2015 CET using RSA key ID 4EFA600E
gpg: Good signature from "Remailer for encrypted and plain e-mail <remailer@suffix.rc.rug.nl>"
[-- End of PGP output --]

[-- The following data is PGP/MIME encrypted --]

gpg: encrypted with 2048-bit RSA key, ID 6F42985B, created 2009-05-23
      "Frank B. Brokken <f.b.brokken@rug.nl>"                        
gpg: encrypted with 2048-bit RSA key, ID 48FCCFD0, created 2015-12-19
      "Remailer for encrypted and plain e-mail <remailer@suffix.rc.rug.nl>"
gpg: Signature made Sat Dec 19 14:56:29 2015 CET using RSA key ID EAE4D8AA
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 1f, 0u
gpg: Good signature from "Frank B. Brokken <f.b.brokken@rug.nl>"

signed and encrypted

--
    Frank B. Brokken

[-- End of PGP/MIME encrypted data --]
--------------------------------------------------------------------------

    When multiple recipients had been defined, each recipient would have
    received this e-mail, showing: 

        1. The e-mail was received from the remailer: signed by the remailer,
            so as a recipient you're confident that it isn't a fake-mail

        2. The verification of the original sender by showing gpg's signature
            verification output of the mail received by the remailer

        3. The original text (and possibly attachments, if used).

3. In this case, the following is appended to the remailer.log file:

--------------------------------------------------------------------------
Dec 19 15:28:23 GPG encrypted mail (Subject: hello world) sent to f.b.brokken@rug.nl
Dec 19 15:28:23 Removing all temporary files
--------------------------------------------------------------------------

Using a mailing list
====================

1. Using a mailing list isn't strictly necessary, but a mailing list comes in
    handy because with it comes the software to send mail to a group
    of e-mail addresses. 

2. The following communication protocol will be used:

    a. One of the group members sends an e-mail (possibly signed and
        encrypted) to the 'remailer' e-mail address
 
    b. The gpg-remailer decrypts and re-encrypts the mail for the addresses
        mentioned with the 'member:' entries in gpg-remailer.rc.

    c. The gpg-remailer's recipient is specified as the mailing list's e-mail
        address (which could be on any computer accepting e-mail from the
        computer running the gpg-remailer

    d. The gpg-remailer sends the re-encrypted e-mail to the mailing list

    e. The mailing list distributes the re-encrypted mail over its
        members 

    f. Each member receives an e-mail, encrypted with the member's public key,
        so each member is able to decrypt and read the received e-mail.

3. Using this protocol the gpg-remailer.rc file is modified like this:

--------------------------------------------------------------------------
clear-text: accepted
replyTo:    Sec team mail, signed and optionally encrypted <remailer@fqdn>

recipient:  address of the mailing list
member:     cert-team member 1's mailing address
member:     cert-team member 2's mailing address
member:     cert-team member 3's mailing address
member:     cert-team member 4's mailing address

signature:  required
--------------------------------------------------------------------------