From ef37b603185de3f8e1ab293c0694f1bc6ee18f94 Mon Sep 17 00:00:00 2001 From: tiyn Date: Tue, 7 Jul 2026 02:50:16 +0200 Subject: [PATCH] Emails: End-To-End Encryption Linked Between Entries --- wiki/docker/mailserver_-_docker-mailserver.md | 15 ++++-- wiki/email.md | 17 +++++++ wiki/linux/gpg.md | 6 ++- wiki/openpgp.md | 46 ++++++++++++++----- wiki/thunderbird.md | 10 ++-- 5 files changed, 73 insertions(+), 21 deletions(-) diff --git a/wiki/docker/mailserver_-_docker-mailserver.md b/wiki/docker/mailserver_-_docker-mailserver.md index 8215617..ae71db9 100644 --- a/wiki/docker/mailserver_-_docker-mailserver.md +++ b/wiki/docker/mailserver_-_docker-mailserver.md @@ -1,6 +1,6 @@ # mailserver – docker-mailserver -This is a [Docker](/wiki/docker.md) container for a mailserver. +This is a [Docker](/wiki/docker.md) container for a docker-mailserver. The official container and documentation was made by [mailserver](https://hub.docker.com/r/mailserver/docker-mailserver). It contains dovecot, antispam, antivirus, ssl and many more features. @@ -31,7 +31,7 @@ Create the file `rebuild.sh`. You then need to start the container using `rebuild.sh`. After the container is running create the desired mail accounts where `` is the desired -email account consisting of its parts and `` is the password. +[email](/wiki/email.md) account consisting of its parts and `` is the password. It is recommended to create a postmaster account aswell. It can be either created as a secondary account or just linked to the first account as shown in the following lines. @@ -51,7 +51,7 @@ Finally rebuild the container once again. The required DNS configuration is explained in the [corresponding section of the email wiki entry](/wiki/email.md#mail-server-records). -This needs to be set up for the email to work properly with most other providers. +This needs to be set up for the [email](/wiki/email.md) to work properly with most other providers. For the DKIM record the generated configuration has to be retrieved from the following file. @@ -141,12 +141,19 @@ The required DNS records described in the created as previously shown in [the previous section](#initial-configuration). After that mail addresses for the additional domains can simply be created and used. -No further setup is needed and emails using the new domains can simply be created. +No further setup is needed and [emails](/wiki/email.md) using the new domains can simply be created. ```sh ./setup.sh email add () ``` +### Optional: Client Setup + +After setting up the [Email](/wiki/email.md) server, some [Client](/wiki/email.md#client) +configurations may be taken. +Especially recommended is the set-up of +[end-to-end encryption](/wiki/email.md#end-to-end-encryption). + ### rebuild.sh ```sh diff --git a/wiki/email.md b/wiki/email.md index cb0ed20..ca3b71c 100644 --- a/wiki/email.md +++ b/wiki/email.md @@ -125,3 +125,20 @@ And even if you have it can be useful to keep your mails synced locally on your It also features, contact, todo and calendar management. - [FairEmail](/wiki/android/fairemail.md) is a free and open-source mail client for [Android](/wiki/android.md). + +## Usage + +This section addresses the usage of various Email related topics. + +## End-to-End Encryption + +Besides transport encryption (TLS), emails can also be protected using end-to-end encryption. +The two most common standards are [OpenPGP](/wiki/openpgp.md) and S/MIME. +OpenPGP allows emails to be digitally signed and encrypted. +Unlike TLS, which only protects the transport between mail servers and clients, OpenPGP protects the +message itself. + +The generation, management and export of OpenPGP keys is described in the +[GPG entry](/wiki/linux/gpg.md). +The configuration of specific mail clients is described in the corresponding client entries such as +[Thunderbird](/wiki/thunderbird.md#use-openpgp-for-encryption-decryption-and-signing). diff --git a/wiki/linux/gpg.md b/wiki/linux/gpg.md index e142780..d0d8bfd 100644 --- a/wiki/linux/gpg.md +++ b/wiki/linux/gpg.md @@ -12,7 +12,11 @@ Sometimes it is also called `gnupg2`. ## Usage -This section addresses the usage of the Open GPG. +This section describes the management of OpenPGP keys using [Gnu Privacy Guard](https://gnupg.org/). + +The generated keys can subsequently be used by various applications such as +[email clients](/wiki/email.md#client), [Git](/wiki/git_%28general%29.md), file encryption tools or +[package](/wiki/linux/package_manager.md) signing tools. ### List or Find a Key diff --git a/wiki/openpgp.md b/wiki/openpgp.md index 737476e..f9ca645 100644 --- a/wiki/openpgp.md +++ b/wiki/openpgp.md @@ -1,24 +1,46 @@ # OpenPGP -[OpenPGP](https://www.openpgp.org/) is the most widely used encryption standard proposed in from -[RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880). +[OpenPGP](https://www.openpgp.org/) is the most widely used open standard for end-to-end encryption +and digital signatures. +It is standardized by [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880). + +## Concepts + +OpenPGP uses asymmetric cryptography. + +Every user owns a key pair consisting of two keys. +The first is the public key, which can safely be shared with everyone. +The second is the private key, which must never leave the owner's control. + +The public key is used by others to encrypt messages or verify digital signatures. +The private key is used to decrypt received messages and to create signatures. + +Unlike transport encryption (TLS), OpenPGP protects the content of an email itself. ## Setup There are different implementations of OpenPGP. -Many [Linux](/wiki/linux.md) [package managers](/wiki/linux/package_manager.md) -package the implementation called [Gnu Privacy Guard](/wiki/linux/gpg.md) in the `gnupg` or -sometimes also `gpg` or `gpg2` package. +Many [Linux](/wiki/linux.md) [package managers](/wiki/linux/package_manager.md) package the +implementation called [Gnu Privacy Guard](/wiki/linux/gpg.md) in the `gnupg`, `gpg` or `gpg2` +package. ## Usage -This section addresses the usage of OpenPGP. -All topics regarding generation, export or editing keys are described in the specific implementation -of the OpenPGP standard – for example [PGP](/wiki/linux/gpg.md). +OpenPGP is commonly used to encrypt or sign files and email. + +The management of keys is implementation specific and is described in the corresponding +implementation. +For the most common implementation see the [GPG entry](/wiki/linux/gpg.md). + +Mail clients such as +[Thunderbird](/wiki/thunderbird.md#use-openpgp-for-encryption-decryption-and-signing) can directly +use existing OpenPGP keys. ### Publishing PGP Keys -It sometimes can be useful to publicly publish your public key. -This is mostly done to verify mail addresses. -For this the public key is usually added be added on [keys.openpgp.org](https://keys.openpgp.org). -Select `upload` or `manage` on the website and follow instructions to set this up. +It sometimes can be useful to publicly publish a public key. +This allows other users to easily obtain the key for encrypted communication. + +One commonly used public key server is [keys.openpgp.org](https://keys.openpgp.org). + +Select `Upload` or `Manage` on the website and follow the instructions. diff --git a/wiki/thunderbird.md b/wiki/thunderbird.md index db915d1..e131ded 100644 --- a/wiki/thunderbird.md +++ b/wiki/thunderbird.md @@ -23,17 +23,19 @@ select `Edit`. Navigate to `End-To-End Encryption` and set the settings according to your wishes. For example the OpenPGP key may have to be selected and default settings for signing could be set. -### Use PGP Key for Encryption, Decryption and Signing +### End-To-End Encryption Using PGP Key Thunderbird can use [OpenPGP](/wiki/openpgp.md) to sign, encrypt or decrypt mails. +This is especially important for [End-to-End encryption](/wiki/email.md#end-to-end-encryption). -Firstly a key needs to be generated. -This is explained in the sections on [key generation](/wiki/linux/gpg.md#generating-a-key-pair), +Firstly a key needs to be generated and then exported. +This is explained in the sections of [GPG](/wiki/linux/gpg.md) on +[key generation](/wiki/linux/gpg.md#generating-a-key-pair), [key management](/wiki/linux/gpg.md#managing-multiple-users-and-e-mails-of-an-existing-secret-key) and [key export](/wiki/linux/gpg.md#backing-up-and-exporting-keys) in the [GPG entry](/wiki/linux/gpg.md). Other [OpenPGP](/wiki/openpgp.md) implementations can also be used but [GPG](/wiki/linux/gpg.md) is -the most used one. +by far the most used one. To add a key to an existing mail account on Thunderbird, navigate to the `Account Settings` under `Edit` and then select the mail to add the PGP key to and `End-to-End Encryption`.