stalwartlabs/mail-server
1
1
Fork 0
mirror of https://github.com/stalwartlabs/mail-server.git synced 2025-02-27 01:13:11 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

PGP -> OpenPGP

Browse source
This commit is contained in:
mdecimus 2023-08-02 19:00:04 +02:00
parent 66272f7200
commit fe2e4079d3
6 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. This projec
## [0.3.3] - 2023-08-02
### Added
- Encryption at rest with **S/MIME** and **PGP** support.
- Encryption at rest with **S/MIME** or **OpenPGP**.
- Support for referencing context variables from dynamic values.
### Changed

2
README.md
View file

@ -34,7 +34,7 @@ Key features:
- Email aliases, mailing lists, subaddressing and catch-all addresses support.
- Integration with **OpenTelemetry** to enable monitoring, tracing, and performance analysis.
- **Secure**:
- Encryption at rest with **S/MIME** and **PGP** support.
- Encryption at rest with **S/MIME** or **OpenPGP**.
- OAuth 2.0 [authorization code](https://www.rfc-editor.org/rfc/rfc8628) and [device authorization](https://www.rfc-editor.org/rfc/rfc8628) flows.
- Access Control Lists (ACLs).
- Rate limiting.

10
crates/jmap/src/email/crypto.rs
View file

@ -151,7 +151,7 @@ impl EncryptMessage for Message<'_> {
for cert in &params.certs {
keys.push(SignedPublicKey::from_bytes(&cert[..]).map_err(|err| {
EncryptMessageError::Error(format!(
"Failed to parse PGP public key: {}",
"Failed to parse OpenPGP public key: {}",
err
))
})?);
@ -430,13 +430,13 @@ fn try_parse_pem(bytes: &[u8]) -> Result<Option<(EncryptionMethod, Vec<Vec<u8>>)
let tag = std::str::from_utf8(&buf).unwrap();
if tag.contains("CERTIFICATE") {
if method.map_or(false, |m| m == EncryptionMethod::PGP) {
return Err("Cannot mix PGP and S/MIME certificates".to_string());
return Err("Cannot mix OpenPGP and S/MIME certificates".to_string());
} else {
method = Some(EncryptionMethod::SMIME);
}
} else if tag.contains("PGP") {
if method.map_or(false, |m| m == EncryptionMethod::SMIME) {
return Err("Cannot mix PGP and S/MIME certificates".to_string());
return Err("Cannot mix OpenPGP and S/MIME certificates".to_string());
} else {
method = Some(EncryptionMethod::PGP);
}
@ -481,7 +481,7 @@ fn try_parse_pem(bytes: &[u8]) -> Result<Option<(EncryptionMethod, Vec<Vec<u8>>)
match method.unwrap() {
EncryptionMethod::PGP => {
if let Err(err) = SignedPublicKey::from_bytes(&cert[..]) {
return Err(format!("Failed to decode PGP public key: {}", err));
return Err(format!("Failed to decode OpenPGP public key: {}", err));
}
}
EncryptionMethod::SMIME => {
@ -670,7 +670,7 @@ impl JMAP {
impl Display for EncryptionMethod {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
EncryptionMethod::PGP => write!(f, "PGP"),
EncryptionMethod::PGP => write!(f, "OpenPGP"),
EncryptionMethod::SMIME => write!(f, "S/MIME"),
}
}

4
resources/config/jmap.toml
View file

@ -36,6 +36,10 @@ timeout = "30s"
[jmap]
directory = "__DIRECTORY__"
[jmap.encryption]
enable = true
append = false
[jmap.session.cache]
ttl = "1h"
size = 100

2
resources/htx/crypto_disabled.htx
View file

@ -1 +1 @@
<div class="illustration"><i class="icon ion-unlocked"></i></div><p class="auth"><b>Encryption at rest disabled</b><br /><br />Messages will now be stored in plain text on the server..</p>
<div class="illustration"><i class="icon ion-unlocked"></i></div><p class="auth"><b>Encryption at rest disabled</b><br /><br />Messages will now be stored in plain text on the server.</p>

2
resources/htx/crypto_form.htx
View file

@ -1 +1 @@
<div class="illustration"><i class="icon ion-unlocked"></i></div><p class="auth">Enable encryption at rest for your <b>Stalwart Mail Server</b> account</p><div class="form-group"><input class="form-control" type="text" name="email" placeholder="Login"></div><div class="form-group"><input class="form-control" type="password" name="password" placeholder="Password"></div><div class="form-group"><select class="form-control" id="encryption" name="encryption"><option value="pgp-256">PGP (AES256)</option><option value="pgp-128">PGP (AES128)</option><option value="smime-256">S/MIME (AES256-CBC)</option><option value="smime-128">S/MIME (AES128-CBC)</option><option value="disable">Disable Encryption</option></select></div><div class="form-group" id="certificate_div"><div class="fileUpload btn btn-secondary btn-block"><span>Select Certificate...</span><input type="file" id="certificate" name="certificate" class="upload"></div></div><div class="form-group"><button class="btn btn-primary btn-block" type="submit">Update</button></div><a class="auth" style="font-size:12px" href="about:blank">Cancel</a>
<div class="illustration"><i class="icon ion-unlocked"></i></div><p class="auth">Enable encryption at rest for your <b>Stalwart Mail Server</b> account</p><div class="form-group"><input class="form-control" type="text" name="email" placeholder="Login"></div><div class="form-group"><input class="form-control" type="password" name="password" placeholder="Password"></div><div class="form-group"><select class="form-control" id="encryption" name="encryption"><option value="pgp-256">OpenPGP (AES256)</option><option value="pgp-128">OpenPGP (AES128)</option><option value="smime-256">S/MIME (AES256-CBC)</option><option value="smime-128">S/MIME (AES128-CBC)</option><option value="disable">Disable Encryption</option></select></div><div class="form-group" id="certificate_div"><div class="fileUpload btn btn-secondary btn-block"><span>Select Certificate...</span><input type="file" id="certificate" name="certificate" class="upload"></div></div><div class="form-group"><button class="btn btn-primary btn-block" type="submit">Update</button></div><a class="auth" style="font-size:12px" href="about:blank">Cancel</a>