[SOLVED] html mail encryption from terminal

mk1234 · 01-09-2013, 01:45 PM

Hi, how to send encrypted html mail from terminal? The problem I am trying to solve is that I want to send encrypted html message that client upon receiving should show rendered html instead showing html source code as a message.

So far I tried this: import public key of the person I want to send encrypted mail to; then write html message (without <html> tags) in one file; then do gpg --recipient user@example.com--armor --encrypt message where mail should match with the one in public key that I imported previously.

Then I send it with mailx -a 'Content-Type:text/html' -s"title" user@example.com< message.asc
and what I get after decrypt is a message that has html source code instead html message.

What am I doing wrong?

sneakyimp · 01-10-2013, 02:46 AM

I think what you are doing sounds about right, the problem is likely with the client at the destination. It sounds like you are encrypting an HTML file and sending it and they receive it and decrypt it. After decryption, there doesn't seem to be any mail-exchange protocol in place to apply some sort of mime type to render the source code.

NyteOwl · 01-10-2013, 03:58 PM

or they have html mail disabled in their client.

mk1234 · 01-17-2013, 02:57 PM

Thanks for your answers.
@NyteOwl: they can receive html mail and see it. For example, sending same email unencrypted shows fine. Also sending same html mail via Thunderbird and Enigmail also shows html mail in client (all are using Thunderbird with exactly same setup).

I assume I might be missing some headers but even tried to replicate exact header order by enigmail html mail, I couldn't see the letter. The only thing I see is a blank page yet in source of the mail I see encrypted content.

The only possible way I managed to get closer to the solution is to send it somehow as an attachement by using headers. Then if I right click and choose "Decrypt and open" in Thunderbird, it shows HTML for example in Firefox...

So far I tried a lot of variations and playing with headers using mailx, PHP code with mail function, Drupal Openpgp module and what not. But no luck.

Any more suggestions, tips?

BlackRider · 01-18-2013, 09:01 AM

Most close method I have found on the net tells to do

echo "Your secret message" | gpg -ea -r "Recipient name" | mail -s "Subject" recipient@example.com

or

gpg -ea -r "Recipient name" -o - filename | mail -s "Subject line" recipient@example.com

It does not seem to apply to (X)HTML or the like.

You may want to test a regular (graphic) client which supports GPG and HTML, get message it sends and decrypt it by hand before the receiver to see what does it really look like.

BlackRider · 01-18-2013, 09:28 AM

Remember that your outgoing email should surely have a header like

Code:

"Content-Type: multipart/encrypted;
 boundary=4b5784e4-fc05-45bb-9a72-e9070a11423c;
 charset=UTF-8;
 protocol="application/pgp-encrypted"

And the content itself should be specification compliant. I think your method does not set the above.

Copi&paste from the web:

Code:

--
As the PGP/MIME RFC 3156 states under section 4, OpenPGP encrypted data

    Before OpenPGP encryption, the data is written in MIME canonical format (body and headers).

Following is an example of an RFC822 compliant mail message, which should be processed and displayed as expected.

Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii

This is only encrypted!
--

In other words: The HTML message you pass should surely need headers to properly identify itself. You may try with a text/html type.

sneakyimp · 01-18-2013, 09:46 AM

I think BlackRider has a point. The encrypted message should declare its mime type as encrypted. Based on the original post, it sounds like the mail client knows the message is encrypted. The issue is that when it arrives it is properly decrypted, but the message that is decrypted has no mime type declaration. How about a DOCTYPE declaration in the HTML? Or perhaps a content-type tag in the HTML?

BlackRider · 01-18-2013, 09:57 AM

The encrypted stuff must be inserted in a standard MIME canonical way.

An HTML message needs a header like:

Code:

Content-Type: text/html; charset = "UTF-8"
Content-Transfer-Encoding: quoted-printable

<head></head>
<body id=3D"email">

<p> STUFF, STUFF, STUFF</p>

.... etc,etc,etc

So you would encrypt the HTML code disposed in this canonical way, and then put the result in a file which conforms to the PGP/MIME specs (RFC 3156) which should be read by the OP.

It seems a task for a custom coded app :-(

sneakyimp · 01-18-2013, 10:05 AM

I know that webservers should supply headers, but I wasn't aware that a header declaration was necessary in an html email. I expect that'll be worth a try. I was thinking something like this:

Code:

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

mk1234 · 01-22-2013, 02:15 PM

Ok here is my contribution to the topic: mime-construct

Code:

enc_type=application/pgp-encrypted
enc_params="Version: 1$nl"
mime-construct --subpart --file-auto mailmessage.html | gpg --encrypt --armor -r user@domain.com | mime-construct --to "user@domain.com" --subject "test" --multipart "multipart/encrypted; protocol=\"$enc_type\"" --type "$enc_type" --string "$enc_params" --type application/octet-stream --file -

Lets say mailmessage.html has html code in it (without head, body and html tags). So this gets the file, encrypts, prepare multipart message and sends. This works perfect. (you can test this out by adding --output before --to so it just outputs message with headers and body instead to send it).

So the mail looks kind like this:

Code:

To: user@domain.com
Subject: test
MIME-Version: 1.0 (mime-construct 1.11)
Content-Type: multipart/encrypted; protocol=""; boundary=culturally

--culturally
Content-Type: 


--culturally
Content-Type: application/octet-stream

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

<encrypted message>
-----END PGP MESSAGE-----

--culturally--

So it set multipart / encrypted header, set boundary and added part of the message to be octet-stream.
Now I tried to replicate this and send correct message via PHP. With some changes I managed to do it:

Code:

<?php

$boundary = uniqid('np');

$headers = "MIME-Version: 1.0\r\n";
$headers .= "From: Foo <foo@bar.com>\r\n";
$headers .= "Subject: Test mail\r\n";
$headers .= "Content-Type: multipart/encrypted; protocol=\"application/pgp-encrypted\"; boundary=" . $boundary . "\r\n";
$headers .= "--" . $boundary . "\r\n";
$headers .= "Content-Type: application/pgp-encrypted\r\n";
$headers .= "Content-Transfer-Encoding: base64\r\n\n";
$headers .= "VmVyc2lvbjogMQ==\r\n\n";
$headers .= "--" . $boundary . "\r\n";
$headers .= "Content-Type: application/octet-stream; name=\"encrypted.asc\"\r\n";
$headers .= "Content-Disposition: inline; filename=\"encrypted.asc\"";

$message = '-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

.....<encrypted text here>
-----END PGP MESSAGE-----
';

mail('user@domain.com', 'Test mail', $message, $headers);

?>

which worked at first, but now it doesn't.

So even with all those advancement, I am still standing on the beginning as I cannot effectively port header combination to PHP for example. So thanks for all the tips and points about headers, its super valuable for me.

If anyone has a bit more understanding in this issue, I d be glad to hear.. I know PHP implementation goes past thread's topic so you can send me PM.

sneakyimp · 01-22-2013, 06:43 PM

I can't really tell exactly what is going on from your post -- i.e., what the initial code is from -- a shell script? If you are having trouble with the php mail command, you may find PEAR::Mail_Mime useful.

Also, what do you mean by "worked at first, now it doesn't" ?

unSpawn · 01-23-2013, 08:18 AM

Moved: This thread is more suitable in the Software forum (not a security issue) and has been moved accordingly to help your thread/question get the exposure it deserves.

mk1234 · 02-25-2013, 05:15 PM

Thank you unSpawn!

Overall I solved the issue. It is related how to properly stack headers and which to encrypt,which to leave outside of encrypted part.
Long story short, this link helped me to get an order of headers. He technically followed exactly how Enigmail does it.

Link: http://thomas.gouverneur.name/2012/0...mail-with-php/

Thanks everyone for contribution!