[WIP] Encrypt mail with pgp

Based on this feature Request and some Issues I started working on encrypted Email Support.

Fixes #3853 (closed) and #3471 (moved)

ToDo List:

• Sending PGP signed messages.
• PGP can be enabled in the admin interface.
• PGP signing can be enabled in the admin interface.
• PGP passphrase can be configured in the admin interface.
• User can upload a personal public PGP Key.
• User can specify if they want to receive encrypted mails.
• PGP Fingerprint is visible on the Profile page.
• When clicking on the fingerprint, the RAW PGP Key is shown.
• Admin can remove a users PGP Key
• Admin can see and change a users PGP settings.
• Decrypt mails send to the GitLab server (Reply by email feature)
• Write Tests
• Cleanup Code
• Make the servers PGP Key available in the web interface (e.g. in the Help selection)
• Write documentation

For these changes to work fully, GnuPG must be installed on the system. Also two new Gems are required gpgme and mail-gpg.

PS: This is the first time I am developing something in Ruby/Rails, so your feedback is really appreciated!

I think that settings should now be stored in the db and configured by the UI so you might want to look into that part. https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/models/application_setting.rb might be a starting point for it.

I also wonder if there is possibly some overlap between signed emails and signed commits which is another feature I've seen being requested. Perhaps this could be written in such a way to be easily extended to support signed commits?

As signed commits are already supported by git (using git commit -S or setting the commit.gpgsign config variable). If the key is included in the users settings, it shouldn't be difficult to add the option for the -S flag to commits, merges and tags done via the web UI, I think. Should be a good extension of this after the email task is done and merged in.

Yeah, that was what I was getting at, something that the UI can use to validate and work with signed commits / tags.

For reference here are a couple of feedback items in the old system I found:

http://feedback.gitlab.com/forums/176466-deprecated-feedback-forum/suggestions/4006354-check-pgp-signed-commits

http://feedback.gitlab.com/forums/176466-deprecated-feedback-forum/suggestions/6898202-support-signed-pushes

Making signed commits through the WebUI is a bad idea. Because to make a signature, the private key must be available in the keyring of the server. And my private key is something I would never "publish".

Checking signed commits/pushes/tags or sending encryped messages however only requires the public key. And once the public key is uploaded, showing and validating signatures with git log --show-signature is easy.

Fair point, just wanted to point out that there was some overlap in what you were doing so you might be able to handle both or at least keep the signed commits in mind to make implementing anything easier.

Added 1 commit:

• 1350a608 - PGP Settings are now configured though the web UI (e.g they are stored in the DB…

Marked the task Decrypt mails send to the GitLab server (Reply by email feature) as completed

Marked the task Write Tests as completed

Marked the task Write Tests as incomplete

Marked the task Cleanup Code as completed

Marked the task Cleanup Code as incomplete

Marked the task Admin can see and change a users PGP settings. as incomplete

Added 1 commit:

• 11b68ff1 - Signing is now globally configured for the server as part of the application set…

Added 1 commit:

• 5c9aa2fc - [CI SKIP] Somehow this comma broke the pgps_controller. Fixed now

Added 2 commits:

• a2bb725a - The servers pgp key is now available under the help selection
• e2bf8b5f - Due to a problem with gpg2, securing the servers key with a passphrase is (currently?) disabled.

Marked the task Make the servers PGP Key available in the web interface (e.g. in the Help selection) as completed

I also think that signing commits from the webinterface is not a good idea due to the private key issues. But the public key of a user could automatically be downloaded from a keyserver if the user pushes a signed commit.

Great news someone started working on this! The last commit is from Dec 7, any update on this in the meantime?

Atm I am having some issues with the reply by email feature, because the codebase I am using is from October. I am currently rebasing my whole code with the current master, but my time is very limited until end of April. I hope to get it ready for the march release but I am not sure yet.

Added 5945 commits:

• e2bf8b5f...2bcbc7c6 - 5944 commits from branch gitlab-org:master
• 9b30cd48 - [WIP] Added new field to the profile settings allowing to add a pgp key

Any news on this?

Status changed to closed

I am sorry, but currently I do not have the time to continue this project. For this reason I am closing the MR.

mentioned in commit 529e89b0

mentioned in commit 6c9c6da0

mentioned in commit 3bb453d5