Mail Signing & Encryption Module
This module allows to apply PGP or S/MIME signature / encryption to emails sent to customers and/or user agents.
Signing and encryption is configured on a per mailbox basis.
Signing / encryption errors can be found in:
- “Manage » Logs » Apps Logs”
- “Manage » Logs » Send Errors”
This module does not validate or decrypt incoming emails signed with S/MIME.
Free S/MIME certificates in .pfx format can be received here.
To sign outgoing emails you will need a certificate and a private key in .pem format. To extract certificate and private key from .pfx file use the following console commands:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes Enter Import Password: [enter your certificate password] openssl pkcs12 -in certname.pfx -nokeys -out cert.pem Enter Import Password: [enter your certificate password]
To make sure that signing works, you can send a test email to Gmail:
Just upload .pem certificate in the Encryption section.
Here is the discussion of the PGP signing & encryption.
PGP signing and encrypting requires PHP GnuPG extension:
apt-get install php7.x-gnupg
To sign/encrypt emails you need to have a GPG key (without a passphrase):
If your system does not allow to create a key without a passphrase, just create the keys with Kleopatra.
The email address you enter when generating the GPG key, should be entered as “Key Email Address” in module’s settings.
Signature will be attached to emails as signature.asc and contain PGP signature.
To encrypt emails you need to have GPG keys for each recipient’s email address (without a passphrase).
Encrypted email will contain “noname” attachment with “Version: 1” text inside and encrypted.asc file containing PGP-encrypted message.