-
Notifications
You must be signed in to change notification settings - Fork 1k
Algorithms: Crypto key importing
This page is based on reading code from commit 117acab dated 2018-07-17 and files generated by it. There may errors or omissions!
Mailpile uses GnuPG to manage PGP encryption keys. (The interface is in mailpile.crypto.gpgi.GnuPG.) In order for Mailpile to send a PGP encrypted email or verify a received PGP signature, the PGP public key of the other party must be present in the GnuPG keychain.
When a new pile is set up, at the user's option, either a dedicated GnuPG keychain is created in the pile directory, or Mailpile is configured to use the GnuPG keychain shared with other piles and applications run by the same user. If the shared keychain is used, then keys can be imported using applications and sources not related to Mailpile. In either case, Mailpile can import keys.
Mailpile is selective in importing keys. Specifically, when accessed through the browser interface, it imports another party's public key to the GnuPG keychain only when the user composes an email to that party and only with the user's approval. This guards against indiscriminate acceptance of keys of unknown validity.
Given an email address, Mailpile can search for keys valid for that address using the crypto/keylookup command plugin mailpile.plugins.keylookup.KeyLookup.__init__.KeyLookup. For each possible source of keys there is a handler, which is a derived class of mailpile.plugins.keylookup.KeyLookup.__init__.LookupHandler. The sources are, in the order in which they are searched:
-
GnuPG keychain- the key has previously been imported. -
E-mail keys- the key is in an email attachment received from the other party. DNS PKA records-
PGP Keyservers- the key is published on a keyserver.
The search returns a list of key fingerprints, ranked on the basis of several criteria.
Given an email address, fingerprint, and the source of the key, Mailpile can import the key using the crypto/keyimport command plugin mailpile.plugins.keylookup.KeyLookup.__init__.KeyImport.
In the compose window recipient fields (To, CC, BCC), recipients for which keys are present on the keychain are flagged with the green closed lock icon.
Key searching is triggered when the user requests encryption by clicking on the lock icon in the lower right of the compose window. If the keychain contain a public key for each recipient, the green closed lock icon is shown. If not, the yellow open lock icon is displayed and the Cannot Encrypt box pops up, with a button for each recipient for which it is missing a key. The user can click on a key to initiate the search for one recipient. This invokes the crypto/keylookup command for that recipient's email address. As keys are found, they are displayed in the Cannot Encrypt box with a button to request importing of the key using the crypto/keyimport command. All possible key sources are searched, but the import can be requested before all searches are complete. Once a key has been imported the Cannot Encrypt box can be closed, the yellow lock icon can be clicked once again, and if all is well it will change to the green closed lock icon indicating that the message can be encrypted.