mirror of
https://github.com/tiyn/wiki.git
synced 2026-07-07 20:41:36 +02:00
Emails: End-To-End Encryption Linked Between Entries
This commit is contained in:
@@ -1,6 +1,6 @@
|
|||||||
# mailserver – docker-mailserver
|
# mailserver – docker-mailserver
|
||||||
|
|
||||||
This is a [Docker](/wiki/docker.md) container for a mailserver.
|
This is a [Docker](/wiki/docker.md) container for a docker-mailserver.
|
||||||
The official container and documentation was made by
|
The official container and documentation was made by
|
||||||
[mailserver](https://hub.docker.com/r/mailserver/docker-mailserver).
|
[mailserver](https://hub.docker.com/r/mailserver/docker-mailserver).
|
||||||
It contains dovecot, antispam, antivirus, ssl and many more features.
|
It contains dovecot, antispam, antivirus, ssl and many more features.
|
||||||
@@ -31,7 +31,7 @@ Create the file `rebuild.sh`.
|
|||||||
You then need to start the container using `rebuild.sh`.
|
You then need to start the container using `rebuild.sh`.
|
||||||
|
|
||||||
After the container is running create the desired mail accounts where `<user@domain>` is the desired
|
After the container is running create the desired mail accounts where `<user@domain>` is the desired
|
||||||
email account consisting of its parts and `<password>` is the password.
|
[email](/wiki/email.md) account consisting of its parts and `<password>` is the password.
|
||||||
It is recommended to create a postmaster account aswell.
|
It is recommended to create a postmaster account aswell.
|
||||||
It can be either created as a secondary account or just linked to the first account as shown in the
|
It can be either created as a secondary account or just linked to the first account as shown in the
|
||||||
following lines.
|
following lines.
|
||||||
@@ -51,7 +51,7 @@ Finally rebuild the container once again.
|
|||||||
|
|
||||||
The required DNS configuration is explained in the
|
The required DNS configuration is explained in the
|
||||||
[corresponding section of the email wiki entry](/wiki/email.md#mail-server-records).
|
[corresponding section of the email wiki entry](/wiki/email.md#mail-server-records).
|
||||||
This needs to be set up for the email to work properly with most other providers.
|
This needs to be set up for the [email](/wiki/email.md) to work properly with most other providers.
|
||||||
|
|
||||||
For the DKIM record the generated configuration has to be retrieved from the following file.
|
For the DKIM record the generated configuration has to be retrieved from the following file.
|
||||||
|
|
||||||
@@ -141,12 +141,19 @@ The required DNS records described in the
|
|||||||
created as previously shown in [the previous section](#initial-configuration).
|
created as previously shown in [the previous section](#initial-configuration).
|
||||||
|
|
||||||
After that mail addresses for the additional domains can simply be created and used.
|
After that mail addresses for the additional domains can simply be created and used.
|
||||||
No further setup is needed and emails using the new domains can simply be created.
|
No further setup is needed and [emails](/wiki/email.md) using the new domains can simply be created.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
./setup.sh email add <user@domain.tld> (<password>)
|
./setup.sh email add <user@domain.tld> (<password>)
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Optional: Client Setup
|
||||||
|
|
||||||
|
After setting up the [Email](/wiki/email.md) server, some [Client](/wiki/email.md#client)
|
||||||
|
configurations may be taken.
|
||||||
|
Especially recommended is the set-up of
|
||||||
|
[end-to-end encryption](/wiki/email.md#end-to-end-encryption).
|
||||||
|
|
||||||
### rebuild.sh
|
### rebuild.sh
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
|
|||||||
@@ -125,3 +125,20 @@ And even if you have it can be useful to keep your mails synced locally on your
|
|||||||
It also features, contact, todo and calendar management.
|
It also features, contact, todo and calendar management.
|
||||||
- [FairEmail](/wiki/android/fairemail.md) is a free and open-source mail client for
|
- [FairEmail](/wiki/android/fairemail.md) is a free and open-source mail client for
|
||||||
[Android](/wiki/android.md).
|
[Android](/wiki/android.md).
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
This section addresses the usage of various Email related topics.
|
||||||
|
|
||||||
|
## End-to-End Encryption
|
||||||
|
|
||||||
|
Besides transport encryption (TLS), emails can also be protected using end-to-end encryption.
|
||||||
|
The two most common standards are [OpenPGP](/wiki/openpgp.md) and S/MIME.
|
||||||
|
OpenPGP allows emails to be digitally signed and encrypted.
|
||||||
|
Unlike TLS, which only protects the transport between mail servers and clients, OpenPGP protects the
|
||||||
|
message itself.
|
||||||
|
|
||||||
|
The generation, management and export of OpenPGP keys is described in the
|
||||||
|
[GPG entry](/wiki/linux/gpg.md).
|
||||||
|
The configuration of specific mail clients is described in the corresponding client entries such as
|
||||||
|
[Thunderbird](/wiki/thunderbird.md#use-openpgp-for-encryption-decryption-and-signing).
|
||||||
|
|||||||
@@ -12,7 +12,11 @@ Sometimes it is also called `gnupg2`.
|
|||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
This section addresses the usage of the Open GPG.
|
This section describes the management of OpenPGP keys using [Gnu Privacy Guard](https://gnupg.org/).
|
||||||
|
|
||||||
|
The generated keys can subsequently be used by various applications such as
|
||||||
|
[email clients](/wiki/email.md#client), [Git](/wiki/git_%28general%29.md), file encryption tools or
|
||||||
|
[package](/wiki/linux/package_manager.md) signing tools.
|
||||||
|
|
||||||
### List or Find a Key
|
### List or Find a Key
|
||||||
|
|
||||||
|
|||||||
@@ -1,24 +1,46 @@
|
|||||||
# OpenPGP
|
# OpenPGP
|
||||||
|
|
||||||
[OpenPGP](https://www.openpgp.org/) is the most widely used encryption standard proposed in from
|
[OpenPGP](https://www.openpgp.org/) is the most widely used open standard for end-to-end encryption
|
||||||
[RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).
|
and digital signatures.
|
||||||
|
It is standardized by [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880).
|
||||||
|
|
||||||
|
## Concepts
|
||||||
|
|
||||||
|
OpenPGP uses asymmetric cryptography.
|
||||||
|
|
||||||
|
Every user owns a key pair consisting of two keys.
|
||||||
|
The first is the public key, which can safely be shared with everyone.
|
||||||
|
The second is the private key, which must never leave the owner's control.
|
||||||
|
|
||||||
|
The public key is used by others to encrypt messages or verify digital signatures.
|
||||||
|
The private key is used to decrypt received messages and to create signatures.
|
||||||
|
|
||||||
|
Unlike transport encryption (TLS), OpenPGP protects the content of an email itself.
|
||||||
|
|
||||||
## Setup
|
## Setup
|
||||||
|
|
||||||
There are different implementations of OpenPGP.
|
There are different implementations of OpenPGP.
|
||||||
Many [Linux](/wiki/linux.md) [package managers](/wiki/linux/package_manager.md)
|
Many [Linux](/wiki/linux.md) [package managers](/wiki/linux/package_manager.md) package the
|
||||||
package the implementation called [Gnu Privacy Guard](/wiki/linux/gpg.md) in the `gnupg` or
|
implementation called [Gnu Privacy Guard](/wiki/linux/gpg.md) in the `gnupg`, `gpg` or `gpg2`
|
||||||
sometimes also `gpg` or `gpg2` package.
|
package.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
This section addresses the usage of OpenPGP.
|
OpenPGP is commonly used to encrypt or sign files and email.
|
||||||
All topics regarding generation, export or editing keys are described in the specific implementation
|
|
||||||
of the OpenPGP standard – for example [PGP](/wiki/linux/gpg.md).
|
The management of keys is implementation specific and is described in the corresponding
|
||||||
|
implementation.
|
||||||
|
For the most common implementation see the [GPG entry](/wiki/linux/gpg.md).
|
||||||
|
|
||||||
|
Mail clients such as
|
||||||
|
[Thunderbird](/wiki/thunderbird.md#use-openpgp-for-encryption-decryption-and-signing) can directly
|
||||||
|
use existing OpenPGP keys.
|
||||||
|
|
||||||
### Publishing PGP Keys
|
### Publishing PGP Keys
|
||||||
|
|
||||||
It sometimes can be useful to publicly publish your public key.
|
It sometimes can be useful to publicly publish a public key.
|
||||||
This is mostly done to verify mail addresses.
|
This allows other users to easily obtain the key for encrypted communication.
|
||||||
For this the public key is usually added be added on [keys.openpgp.org](https://keys.openpgp.org).
|
|
||||||
Select `upload` or `manage` on the website and follow instructions to set this up.
|
One commonly used public key server is [keys.openpgp.org](https://keys.openpgp.org).
|
||||||
|
|
||||||
|
Select `Upload` or `Manage` on the website and follow the instructions.
|
||||||
|
|||||||
@@ -23,17 +23,19 @@ select `Edit`.
|
|||||||
Navigate to `End-To-End Encryption` and set the settings according to your wishes.
|
Navigate to `End-To-End Encryption` and set the settings according to your wishes.
|
||||||
For example the OpenPGP key may have to be selected and default settings for signing could be set.
|
For example the OpenPGP key may have to be selected and default settings for signing could be set.
|
||||||
|
|
||||||
### Use PGP Key for Encryption, Decryption and Signing
|
### End-To-End Encryption Using PGP Key
|
||||||
|
|
||||||
Thunderbird can use [OpenPGP](/wiki/openpgp.md) to sign, encrypt or decrypt mails.
|
Thunderbird can use [OpenPGP](/wiki/openpgp.md) to sign, encrypt or decrypt mails.
|
||||||
|
This is especially important for [End-to-End encryption](/wiki/email.md#end-to-end-encryption).
|
||||||
|
|
||||||
Firstly a key needs to be generated.
|
Firstly a key needs to be generated and then exported.
|
||||||
This is explained in the sections on [key generation](/wiki/linux/gpg.md#generating-a-key-pair),
|
This is explained in the sections of [GPG](/wiki/linux/gpg.md) on
|
||||||
|
[key generation](/wiki/linux/gpg.md#generating-a-key-pair),
|
||||||
[key management](/wiki/linux/gpg.md#managing-multiple-users-and-e-mails-of-an-existing-secret-key)
|
[key management](/wiki/linux/gpg.md#managing-multiple-users-and-e-mails-of-an-existing-secret-key)
|
||||||
and [key export](/wiki/linux/gpg.md#backing-up-and-exporting-keys) in the
|
and [key export](/wiki/linux/gpg.md#backing-up-and-exporting-keys) in the
|
||||||
[GPG entry](/wiki/linux/gpg.md).
|
[GPG entry](/wiki/linux/gpg.md).
|
||||||
Other [OpenPGP](/wiki/openpgp.md) implementations can also be used but [GPG](/wiki/linux/gpg.md) is
|
Other [OpenPGP](/wiki/openpgp.md) implementations can also be used but [GPG](/wiki/linux/gpg.md) is
|
||||||
the most used one.
|
by far the most used one.
|
||||||
|
|
||||||
To add a key to an existing mail account on Thunderbird, navigate to the `Account Settings` under
|
To add a key to an existing mail account on Thunderbird, navigate to the `Account Settings` under
|
||||||
`Edit` and then select the mail to add the PGP key to and `End-to-End Encryption`.
|
`Edit` and then select the mail to add the PGP key to and `End-to-End Encryption`.
|
||||||
|
|||||||
Reference in New Issue
Block a user