1
0
mirror of https://github.com/tiyn/wiki.git synced 2026-07-07 20:41:36 +02:00

Emails: End-To-End Encryption Linked Between Entries

This commit is contained in:
2026-07-07 02:50:16 +02:00
parent 4c7759e930
commit ef37b60318
5 changed files with 73 additions and 21 deletions

View File

@@ -1,6 +1,6 @@
# mailserver docker-mailserver
This is a [Docker](/wiki/docker.md) container for a mailserver.
This is a [Docker](/wiki/docker.md) container for a docker-mailserver.
The official container and documentation was made by
[mailserver](https://hub.docker.com/r/mailserver/docker-mailserver).
It contains dovecot, antispam, antivirus, ssl and many more features.
@@ -31,7 +31,7 @@ Create the file `rebuild.sh`.
You then need to start the container using `rebuild.sh`.
After the container is running create the desired mail accounts where `<user@domain>` is the desired
email account consisting of its parts and `<password>` is the password.
[email](/wiki/email.md) account consisting of its parts and `<password>` is the password.
It is recommended to create a postmaster account aswell.
It can be either created as a secondary account or just linked to the first account as shown in the
following lines.
@@ -51,7 +51,7 @@ Finally rebuild the container once again.
The required DNS configuration is explained in the
[corresponding section of the email wiki entry](/wiki/email.md#mail-server-records).
This needs to be set up for the email to work properly with most other providers.
This needs to be set up for the [email](/wiki/email.md) to work properly with most other providers.
For the DKIM record the generated configuration has to be retrieved from the following file.
@@ -141,12 +141,19 @@ The required DNS records described in the
created as previously shown in [the previous section](#initial-configuration).
After that mail addresses for the additional domains can simply be created and used.
No further setup is needed and emails using the new domains can simply be created.
No further setup is needed and [emails](/wiki/email.md) using the new domains can simply be created.
```sh
./setup.sh email add <user@domain.tld> (<password>)
```
### Optional: Client Setup
After setting up the [Email](/wiki/email.md) server, some [Client](/wiki/email.md#client)
configurations may be taken.
Especially recommended is the set-up of
[end-to-end encryption](/wiki/email.md#end-to-end-encryption).
### rebuild.sh
```sh

View File

@@ -125,3 +125,20 @@ And even if you have it can be useful to keep your mails synced locally on your
It also features, contact, todo and calendar management.
- [FairEmail](/wiki/android/fairemail.md) is a free and open-source mail client for
[Android](/wiki/android.md).
## Usage
This section addresses the usage of various Email related topics.
## End-to-End Encryption
Besides transport encryption (TLS), emails can also be protected using end-to-end encryption.
The two most common standards are [OpenPGP](/wiki/openpgp.md) and S/MIME.
OpenPGP allows emails to be digitally signed and encrypted.
Unlike TLS, which only protects the transport between mail servers and clients, OpenPGP protects the
message itself.
The generation, management and export of OpenPGP keys is described in the
[GPG entry](/wiki/linux/gpg.md).
The configuration of specific mail clients is described in the corresponding client entries such as
[Thunderbird](/wiki/thunderbird.md#use-openpgp-for-encryption-decryption-and-signing).

View File

@@ -12,7 +12,11 @@ Sometimes it is also called `gnupg2`.
## Usage
This section addresses the usage of the Open GPG.
This section describes the management of OpenPGP keys using [Gnu Privacy Guard](https://gnupg.org/).
The generated keys can subsequently be used by various applications such as
[email clients](/wiki/email.md#client), [Git](/wiki/git_%28general%29.md), file encryption tools or
[package](/wiki/linux/package_manager.md) signing tools.
### List or Find a Key

View File

@@ -1,24 +1,46 @@
# OpenPGP
[OpenPGP](https://www.openpgp.org/) is the most widely used encryption standard proposed in from
[RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).
[OpenPGP](https://www.openpgp.org/) is the most widely used open standard for end-to-end encryption
and digital signatures.
It is standardized by [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).
## Concepts
OpenPGP uses asymmetric cryptography.
Every user owns a key pair consisting of two keys.
The first is the public key, which can safely be shared with everyone.
The second is the private key, which must never leave the owner's control.
The public key is used by others to encrypt messages or verify digital signatures.
The private key is used to decrypt received messages and to create signatures.
Unlike transport encryption (TLS), OpenPGP protects the content of an email itself.
## Setup
There are different implementations of OpenPGP.
Many [Linux](/wiki/linux.md) [package managers](/wiki/linux/package_manager.md)
package the implementation called [Gnu Privacy Guard](/wiki/linux/gpg.md) in the `gnupg` or
sometimes also `gpg` or `gpg2` package.
Many [Linux](/wiki/linux.md) [package managers](/wiki/linux/package_manager.md) package the
implementation called [Gnu Privacy Guard](/wiki/linux/gpg.md) in the `gnupg`, `gpg` or `gpg2`
package.
## Usage
This section addresses the usage of OpenPGP.
All topics regarding generation, export or editing keys are described in the specific implementation
of the OpenPGP standard for example [PGP](/wiki/linux/gpg.md).
OpenPGP is commonly used to encrypt or sign files and email.
The management of keys is implementation specific and is described in the corresponding
implementation.
For the most common implementation see the [GPG entry](/wiki/linux/gpg.md).
Mail clients such as
[Thunderbird](/wiki/thunderbird.md#use-openpgp-for-encryption-decryption-and-signing) can directly
use existing OpenPGP keys.
### Publishing PGP Keys
It sometimes can be useful to publicly publish your public key.
This is mostly done to verify mail addresses.
For this the public key is usually added be added on [keys.openpgp.org](https://keys.openpgp.org).
Select `upload` or `manage` on the website and follow instructions to set this up.
It sometimes can be useful to publicly publish a public key.
This allows other users to easily obtain the key for encrypted communication.
One commonly used public key server is [keys.openpgp.org](https://keys.openpgp.org).
Select `Upload` or `Manage` on the website and follow the instructions.

View File

@@ -23,17 +23,19 @@ select `Edit`.
Navigate to `End-To-End Encryption` and set the settings according to your wishes.
For example the OpenPGP key may have to be selected and default settings for signing could be set.
### Use PGP Key for Encryption, Decryption and Signing
### End-To-End Encryption Using PGP Key
Thunderbird can use [OpenPGP](/wiki/openpgp.md) to sign, encrypt or decrypt mails.
This is especially important for [End-to-End encryption](/wiki/email.md#end-to-end-encryption).
Firstly a key needs to be generated.
This is explained in the sections on [key generation](/wiki/linux/gpg.md#generating-a-key-pair),
Firstly a key needs to be generated and then exported.
This is explained in the sections of [GPG](/wiki/linux/gpg.md) on
[key generation](/wiki/linux/gpg.md#generating-a-key-pair),
[key management](/wiki/linux/gpg.md#managing-multiple-users-and-e-mails-of-an-existing-secret-key)
and [key export](/wiki/linux/gpg.md#backing-up-and-exporting-keys) in the
[GPG entry](/wiki/linux/gpg.md).
Other [OpenPGP](/wiki/openpgp.md) implementations can also be used but [GPG](/wiki/linux/gpg.md) is
the most used one.
by far the most used one.
To add a key to an existing mail account on Thunderbird, navigate to the `Account Settings` under
`Edit` and then select the mail to add the PGP key to and `End-to-End Encryption`.