Changes between Version 23 and Version 24 of AnnouncerPlugin/MessageEncryption
- Timestamp:
- Aug 24, 2015, 12:32:47 PM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
AnnouncerPlugin/MessageEncryption
v23 v24 1 = Announcer cryptographic capabilities =2 1 [[PageOutline(2-4,page content)]] 2 3 = Announcer cryptographic capabilities 4 3 5 This page documents the effort to add optional encryption for AnnouncerPlugin email messages using GnuPG. 4 6 See #6773 for the corresponding ticket asking for this enhancement and [wiki:CryptoPlugin CryptoPlugin] for the future of this development. 5 7 6 == Why == 8 == Why 9 7 10 Let's see how cryptography could help with Trac announcements. 8 11 … … 12 15 Signing emails will help recipients to be sure, that they got unaltered content and got it from you. Encrypting emails will help to distribute announcements to external recipients as freely as to recipients inside without concerns on discretion. 13 16 14 == How (proposed implementation) == 17 == How (proposed implementation) 18 15 19 It might help a lot to have a closer look at [t:wiki:TracDev/Announcer internal structure and event flow] of AnnouncerPlugin. Where to kick in is of course an essential decision. Since it's not only about mangle the message body (one of the earlier assumptions that all turned out to reach not far enough), there is not a single point but a bunch of changes needed to get cryptographic operations working. 16 20 … … 19 23 ''Update:'' I've thought a lot about the aforementioned approach and found it far to narrow. So a major re-design is on the way now. Cryptographically operations will be completely moved into a dedicated stack of python scripts: CryptoPlugin, that provides universal, reusable methods for certificate and key management and beyond announcement email content. 20 24 21 === !AnnouncerEmailEncryption === 25 === !AnnouncerEmailEncryption 26 22 27 To get !AnnouncerEmailEncryption up and working you'll have to take the following steps: 23 1. install GnuPG on the same host along with Trac[[BR]]28 1. Install GnuPG on the same host along with Trac[[BR]] 24 29 For Debian GNU/Linux a simple 25 30 {{{ … … 27 32 }}} 28 33 will do. 29 2. install `python-gnupg`30 Currently there is no Debian package available. Install from source of [http ://code.google.com/p/python-gnupg/downloads/listproject site] is preferred. So we get a mature and actively maintained Python interface to GnuPG.31 3. configure !AnnouncerEmailEncryption in the !`[announcer]` section of `trac.ini` for the given Trac environment34 2. Install `python-gnupg` 35 Currently there is no Debian package available. Install from source of [https://bitbucket.org/vinay.sajip/python-gnupg project site] is preferred. So we get a mature and actively maintained Python interface to GnuPG. 36 3. Configure !AnnouncerEmailEncryption in the !`[announcer]` section of `trac.ini` for the given Trac environment 32 37 33 38 ||'''available option''' ||'''value''' ||'''default''' ||'''note''' || … … 61 66 Beware, that 4 and 5 is not fully covered by current development code. So this is subject to change a lot, before a public release. As with current code for AnnouncerPlugin there'll be DEBUG logging embedded into all operations mentioned above. 62 67 63 === Q&A === 68 === Q&A 69 64 70 [FIXME: add more Q+A here to help with code design evaluation and code review] 65 71 ?: ''Is it true that different users will have different keys? If so, we can add configuration to the user's preference page. We could have a big textbox for GPG key and if they have one entered, then use encryption. … … 79 85 ||missing pubkey ||fingerprint in user settings but no corresponding key in pubkeyring file ||delete recipient from recipient list of event in delivery, create new event with info "specified pubkey not in Tracs keyring" to be sent to this user and project admin || 80 86 87 == Beyond current development scope 81 88 82 == Beyond current development scope ==83 89 There is a [t:wiki:TracDev/Proposals/Announcer proposal] to replace current Trac Notification system with AnnouncerPlugin. This will make the effort for a really clean solution even more urgent. 84 90 85 91 Consider [https://subtrac.sara.nl/oss/email2trac/ticket/186 cryptography related features] for EmailtoTracScript ([https://subtrac.sara.nl/oss/email2trac current home outside of Tack-Hacks]). It could be interesting i.e. to allow only e-mails with valid signature from known senders to pass, fighting spam at another level. 86 92 87 === Development traces (history) === 93 === Development traces (history) 94 88 95 This is kept for reference and personal attitude to preserve historical notes. 89 96 1. step: add some code to make encryption just work '''done'''[[BR]] … … 110 117 3. step: extend web_ui of AnnouncerPlugin to remote-control new options from user and/or administration settings - ''canceled, as this is largely unrelated to this plugins core business'' 111 118 112 == Resources (for ideas and code) == 119 == Resources (for ideas and code) 120 113 121 * Python e-mail test server http://docs.djangoproject.com/en/1.1/topics/email/#topics-email 114 122 * How Django, another Python based system handles e-mail-encryption with [http://code.google.com/p/django-email-extras/ django-email-extras] ([http://code.google.com/p/django-email-extras/source/browse/trunk/email_extras/ browse the code])