Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > Mail Security: SMTP, POP3, Antispam and Antivirus
Reload this Page [7.306] Inline Encryption Possible?
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Page 1 of 2 1 2
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-16-2009, 07:37 AM
SveN's Avatar
Senior Member
  
Join Date: Nov 2000
Location: Frankfurt, Germany
Posts: 374
Default [7.306] Inline Encryption Possible?
Hi,
we are using Email Encryption via PGP. If I send an PGP Encrypted Email
to Lotus Notes the receiver only sees two attachments and can only
decrypt them if he saves the second attachment, renames it to *.PGP.

My Question: Is it possible to activate Inline Encryption?
So that the receiver receives an Email which contains
the Encrypted Mail inside the normal body?

Body would then contain:
Code:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.8 (GNU/Linux)

hQIOA/1lYCdt4x2xEAf/dyt57mD0yTajy8Glgs4L5mjx6O/G4TpD8Cp9lZFxd3Vy
gjOQIuMGnNkOwrsksiBe8iifW/8Qoov2Fc2lCT+S6ABsX4P8Sgc3jp+9EC/qIyUm
OQjb7iy5boR6b7sFkHqpGIgxh6eYCaT/9IKuTGNH9Et6Li9JeDeVcPv02cCux0IJ...
cu SveN
Reply With Quote
  #2 (permalink)  
Old 03-16-2009, 12:18 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,396
Default
Sven, I don't understand your scenario. Are you sending an encrypted email to a Notes server behind an Astaro, or are you behind an Astaro, but the Notes server is not?

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #3 (permalink)  
Old 03-16-2009, 12:25 PM
SveN's Avatar
Senior Member
  
Join Date: Nov 2000
Location: Frankfurt, Germany
Posts: 374
Default
I am behind the ASG, and the ASG encrypts the Email
for the notes receiver. It seems that Notes isn't aware of
the "application/pgp-encrypted" Mime Type. So it displays
two ugly attachments one contains "Version: 1" and the other
one "-----BEGIN PGP MESSAGE-----...". If you have a look at
the Email the ASG sends
Code:
MIME-Version: 1.0
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
	boundary="=-fQbxiiloSTJsKxY8wyrq"

--=-fQbxiiloSTJsKxY8wyrq
Content-Type: application/pgp-encrypted
Content-Transfer-Encoding: 7bit

Version: 1

--=-fQbxiiloSTJsKxY8wyrq
Content-Type: application/octet-stream
Content-Transfer-Encoding: 7bit

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.8 (GNU/Linux)

hQIOA/1lYCdt4x2xEAf/dyt57mD0yTajy8Glgs4L5mjx6O/G4TpD8Cp9lZFxd3Vy
gjOQIuMGnNkOwrsksiBe8iifW/8Qoov2Fc2lCT+S6ABsX4P8Sgc3jp+9EC/qIyUm
OQjb7iy5boR6b7sFkHqpGIgxh6eYCaT/9IKuTGNH9Et6Li9JeDeVcPv02cCux0IJ
LNi24S8gSfI4KErG2Whanm2gvISCPnU8e4sfRir39xpnne2LgzWyieCdz+zkFb0e
+YmLzjLBMnWQU/tA3CmipUMMQlHzjPSM6/C5g5OQlL+ThPkJJQBPX7cQQtfavW5j
it seems that Notes cannot display "application/pgp-encrypted"....

So it would be cool to have "-----BEGIN PGP MESSAGE-----..." in a simple Text Body...
Reply With Quote
  #4 (permalink)  
Old 03-16-2009, 01:00 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,396
Default
I don't know Notes, but with Exchange, I believe that encryption/decryption occurs at the client, not in the Exchange server. That requires installing a certificate before the client can exchange encrypted messages with a correspondent. Is that the behavior you're seeing?

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #5 (permalink)  
Old 03-16-2009, 01:26 PM
SveN's Avatar
Senior Member
  
Join Date: Nov 2000
Location: Frankfurt, Germany
Posts: 374
Default
Yes and No. The Notes Server and/or Client has nothing to do with en- oder decryption. They use an external tool for that (WinPT).

So they only want see the "-----BEGIN PGP MESSAGE-----..." in the Body of the Email and so they can copy it to the clipboard and decrypt it over there with this tool...
Reply With Quote
  #6 (permalink)  
Old 03-16-2009, 04:15 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,396
Default
SveN, I have read about PGP, but only have used certificates. It seems strange to me that there wouldn't have been more complaints about this or that Astaro would make this work any differently from the standard. If this was working before the 7.400 Up2Date, then it sounds like a new bug.

According to the Astaro documentation, if the Astaro does not have the sender's public key installed, and it can't find the public key on an OpenPGP Keyserver, it will not decrypt an incoming email. Once the key is installed, the Astaro decrypts incoming messages. This sounds similar to the situation you describe.

In consulting RFC4880, I find a description of the proper use of ASCII armor, but I couldn't find whether its use was a required part of the standard for composing a compliant message. I'm learning about PGP, is the use of ASCII armor required?

Cheers - Bob
PS I guess I still don't understand what they need. I thought you were looking for ACSII armor around the public key, but in rereading now, I see that was a false assumption. Are you saying that the message itself should be a separate attachment beginning with the ASCII armor header? I'm pretty sure the actual file is flat, and that it's the receiving email server that splits that file into header, message and attachments. Could it be that they have not finished configuring their Notes server?
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Last edited by BAlfson; 03-16-2009 at 04:52 PM. Reason: PS
Reply With Quote
  #7 (permalink)  
Old 03-17-2009, 08:45 AM
SveN's Avatar
Senior Member
  
Join Date: Nov 2000
Location: Frankfurt, Germany
Posts: 374
Default
Hi,

mainly Astaro uses rfc3156.txt for PGP Encryption and Decryption.
But if you have a client that is not aware of this RFC (the Client does not know about the "Content-Type: application/pgp-encrypted") it will display two ugly attachments (e.g. you could use Thunderbird without the Enigmal-Plugin you would see what I mean).

So my question is: if you have such a client, would it be possible to send the PGP-Enrypted Message inside a normal mail body as Text (with having "Content-Type: application/pgp-encrypted"). Something like this:
Code:
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
 
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.8 (GNU/Linux)
 
hQIOA/1lYCdt4x2xEAf/dyt57mD0yTajy8Glgs4L5mjx6O/G4TpD8Cp9lZFxd3Vy
gjOQIuMGnNkOwrsksiBe8iifW/8Qoov2Fc2lCT+S6ABsX4P8Sgc3jp+9EC/qIyUm
OQjb7iy5boR6b7sFkHqpGIgxh6eYCaT/9IKuTGNH9Et6Li9JeDeVcPv02cCux0IJ
LNi24S8gSfI4KErG2Whanm2gvISCPnU8e4sfRir39xpnne2LgzWyieCdz+zkFb0e
cu SveN
Reply With Quote
  #8 (permalink)  
Old 03-17-2009, 01:17 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,396
Default
Thanks for that information; this is the first time I've read RFC3156. I'm almost certain that there's no option in the Astaro to send an encrypted email without the RFC3156 "header" information.

Should Astaro make this an option because it's an alternative standard, or is the problem that the client on the Notes-end is not Notes-aware or is otherwise non-standard?

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #9 (permalink)  
Old 03-17-2009, 01:25 PM
SveN's Avatar
Senior Member
  
Join Date: Nov 2000
Location: Frankfurt, Germany
Posts: 374
Default
Hi,
I think it should be configurable for every Public Key
if this user wants to have RFC3156 Header or not.

Problem is that some Mail Clients (like Notes or Thunderbird
without the encrytion Plugin) are not aware of this RFC.
And those users will use an external Tool (e.g. WinPT) to
decode their Emails out of the message Body, but if you
send them RFC3156 Header they do not see anything in the
message body and you are unable to communicate with them...

So I think this would be a nice feature!
Reply With Quote
  #10 (permalink)  
Old 03-20-2009, 09:38 AM
Member
  
Join Date: Jul 2008
Posts: 45
Default
We don't support inline encryption. The main problem with it is, that there is no real standard for encrypting attachments with PGP/Inline.

Also, most mail clients do support PGP/MIME. I am surprised to hear that clients not supporting it are still in use.
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 03:11 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.