mirror of
https://github.com/tiyn/wiki.git
synced 2026-07-07 20:41:36 +02:00
Emails: End-To-End Encryption Linked Between Entries
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
# mailserver – docker-mailserver
|
||||
|
||||
This is a [Docker](/wiki/docker.md) container for a mailserver.
|
||||
This is a [Docker](/wiki/docker.md) container for a docker-mailserver.
|
||||
The official container and documentation was made by
|
||||
[mailserver](https://hub.docker.com/r/mailserver/docker-mailserver).
|
||||
It contains dovecot, antispam, antivirus, ssl and many more features.
|
||||
@@ -31,7 +31,7 @@ Create the file `rebuild.sh`.
|
||||
You then need to start the container using `rebuild.sh`.
|
||||
|
||||
After the container is running create the desired mail accounts where `<user@domain>` is the desired
|
||||
email account consisting of its parts and `<password>` is the password.
|
||||
[email](/wiki/email.md) account consisting of its parts and `<password>` is the password.
|
||||
It is recommended to create a postmaster account aswell.
|
||||
It can be either created as a secondary account or just linked to the first account as shown in the
|
||||
following lines.
|
||||
@@ -51,7 +51,7 @@ Finally rebuild the container once again.
|
||||
|
||||
The required DNS configuration is explained in the
|
||||
[corresponding section of the email wiki entry](/wiki/email.md#mail-server-records).
|
||||
This needs to be set up for the email to work properly with most other providers.
|
||||
This needs to be set up for the [email](/wiki/email.md) to work properly with most other providers.
|
||||
|
||||
For the DKIM record the generated configuration has to be retrieved from the following file.
|
||||
|
||||
@@ -141,12 +141,19 @@ The required DNS records described in the
|
||||
created as previously shown in [the previous section](#initial-configuration).
|
||||
|
||||
After that mail addresses for the additional domains can simply be created and used.
|
||||
No further setup is needed and emails using the new domains can simply be created.
|
||||
No further setup is needed and [emails](/wiki/email.md) using the new domains can simply be created.
|
||||
|
||||
```sh
|
||||
./setup.sh email add <user@domain.tld> (<password>)
|
||||
```
|
||||
|
||||
### Optional: Client Setup
|
||||
|
||||
After setting up the [Email](/wiki/email.md) server, some [Client](/wiki/email.md#client)
|
||||
configurations may be taken.
|
||||
Especially recommended is the set-up of
|
||||
[end-to-end encryption](/wiki/email.md#end-to-end-encryption).
|
||||
|
||||
### rebuild.sh
|
||||
|
||||
```sh
|
||||
|
||||
@@ -125,3 +125,20 @@ And even if you have it can be useful to keep your mails synced locally on your
|
||||
It also features, contact, todo and calendar management.
|
||||
- [FairEmail](/wiki/android/fairemail.md) is a free and open-source mail client for
|
||||
[Android](/wiki/android.md).
|
||||
|
||||
## Usage
|
||||
|
||||
This section addresses the usage of various Email related topics.
|
||||
|
||||
## End-to-End Encryption
|
||||
|
||||
Besides transport encryption (TLS), emails can also be protected using end-to-end encryption.
|
||||
The two most common standards are [OpenPGP](/wiki/openpgp.md) and S/MIME.
|
||||
OpenPGP allows emails to be digitally signed and encrypted.
|
||||
Unlike TLS, which only protects the transport between mail servers and clients, OpenPGP protects the
|
||||
message itself.
|
||||
|
||||
The generation, management and export of OpenPGP keys is described in the
|
||||
[GPG entry](/wiki/linux/gpg.md).
|
||||
The configuration of specific mail clients is described in the corresponding client entries such as
|
||||
[Thunderbird](/wiki/thunderbird.md#use-openpgp-for-encryption-decryption-and-signing).
|
||||
|
||||
@@ -12,7 +12,11 @@ Sometimes it is also called `gnupg2`.
|
||||
|
||||
## Usage
|
||||
|
||||
This section addresses the usage of the Open GPG.
|
||||
This section describes the management of OpenPGP keys using [Gnu Privacy Guard](https://gnupg.org/).
|
||||
|
||||
The generated keys can subsequently be used by various applications such as
|
||||
[email clients](/wiki/email.md#client), [Git](/wiki/git_%28general%29.md), file encryption tools or
|
||||
[package](/wiki/linux/package_manager.md) signing tools.
|
||||
|
||||
### List or Find a Key
|
||||
|
||||
|
||||
@@ -1,24 +1,46 @@
|
||||
# OpenPGP
|
||||
|
||||
[OpenPGP](https://www.openpgp.org/) is the most widely used encryption standard proposed in from
|
||||
[RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).
|
||||
[OpenPGP](https://www.openpgp.org/) is the most widely used open standard for end-to-end encryption
|
||||
and digital signatures.
|
||||
It is standardized by [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).
|
||||
|
||||
## Concepts
|
||||
|
||||
OpenPGP uses asymmetric cryptography.
|
||||
|
||||
Every user owns a key pair consisting of two keys.
|
||||
The first is the public key, which can safely be shared with everyone.
|
||||
The second is the private key, which must never leave the owner's control.
|
||||
|
||||
The public key is used by others to encrypt messages or verify digital signatures.
|
||||
The private key is used to decrypt received messages and to create signatures.
|
||||
|
||||
Unlike transport encryption (TLS), OpenPGP protects the content of an email itself.
|
||||
|
||||
## Setup
|
||||
|
||||
There are different implementations of OpenPGP.
|
||||
Many [Linux](/wiki/linux.md) [package managers](/wiki/linux/package_manager.md)
|
||||
package the implementation called [Gnu Privacy Guard](/wiki/linux/gpg.md) in the `gnupg` or
|
||||
sometimes also `gpg` or `gpg2` package.
|
||||
Many [Linux](/wiki/linux.md) [package managers](/wiki/linux/package_manager.md) package the
|
||||
implementation called [Gnu Privacy Guard](/wiki/linux/gpg.md) in the `gnupg`, `gpg` or `gpg2`
|
||||
package.
|
||||
|
||||
## Usage
|
||||
|
||||
This section addresses the usage of OpenPGP.
|
||||
All topics regarding generation, export or editing keys are described in the specific implementation
|
||||
of the OpenPGP standard – for example [PGP](/wiki/linux/gpg.md).
|
||||
OpenPGP is commonly used to encrypt or sign files and email.
|
||||
|
||||
The management of keys is implementation specific and is described in the corresponding
|
||||
implementation.
|
||||
For the most common implementation see the [GPG entry](/wiki/linux/gpg.md).
|
||||
|
||||
Mail clients such as
|
||||
[Thunderbird](/wiki/thunderbird.md#use-openpgp-for-encryption-decryption-and-signing) can directly
|
||||
use existing OpenPGP keys.
|
||||
|
||||
### Publishing PGP Keys
|
||||
|
||||
It sometimes can be useful to publicly publish your public key.
|
||||
This is mostly done to verify mail addresses.
|
||||
For this the public key is usually added be added on [keys.openpgp.org](https://keys.openpgp.org).
|
||||
Select `upload` or `manage` on the website and follow instructions to set this up.
|
||||
It sometimes can be useful to publicly publish a public key.
|
||||
This allows other users to easily obtain the key for encrypted communication.
|
||||
|
||||
One commonly used public key server is [keys.openpgp.org](https://keys.openpgp.org).
|
||||
|
||||
Select `Upload` or `Manage` on the website and follow the instructions.
|
||||
|
||||
@@ -23,17 +23,19 @@ select `Edit`.
|
||||
Navigate to `End-To-End Encryption` and set the settings according to your wishes.
|
||||
For example the OpenPGP key may have to be selected and default settings for signing could be set.
|
||||
|
||||
### Use PGP Key for Encryption, Decryption and Signing
|
||||
### End-To-End Encryption Using PGP Key
|
||||
|
||||
Thunderbird can use [OpenPGP](/wiki/openpgp.md) to sign, encrypt or decrypt mails.
|
||||
This is especially important for [End-to-End encryption](/wiki/email.md#end-to-end-encryption).
|
||||
|
||||
Firstly a key needs to be generated.
|
||||
This is explained in the sections on [key generation](/wiki/linux/gpg.md#generating-a-key-pair),
|
||||
Firstly a key needs to be generated and then exported.
|
||||
This is explained in the sections of [GPG](/wiki/linux/gpg.md) on
|
||||
[key generation](/wiki/linux/gpg.md#generating-a-key-pair),
|
||||
[key management](/wiki/linux/gpg.md#managing-multiple-users-and-e-mails-of-an-existing-secret-key)
|
||||
and [key export](/wiki/linux/gpg.md#backing-up-and-exporting-keys) in the
|
||||
[GPG entry](/wiki/linux/gpg.md).
|
||||
Other [OpenPGP](/wiki/openpgp.md) implementations can also be used but [GPG](/wiki/linux/gpg.md) is
|
||||
the most used one.
|
||||
by far the most used one.
|
||||
|
||||
To add a key to an existing mail account on Thunderbird, navigate to the `Account Settings` under
|
||||
`Edit` and then select the mail to add the PGP key to and `End-to-End Encryption`.
|
||||
|
||||
Reference in New Issue
Block a user