Mail Signing & Encryption Module

This module allows to apply PGP or S/MIME signature / encryption to emails sent to customers and/or user agents.

Signing and encryption is configured on a per mailbox basis and applied to all conversations.

Debugging

Signing / encryption errors can be found in:

• “Manage » Logs » Apps Logs”
• “Manage » Logs » Send Errors”

S/MIME

This module does not validate or decrypt incoming emails signed with S/MIME.

Signing Emails

Free S/MIME certificates in .pfx format can be received here.

To sign outgoing emails you will need a certificate and a private key in .pem format. To extract certificate and private key from .pfx file use the following console commands:

openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
Enter Import Password: [enter your certificate password]

openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
Enter Import Password: [enter your certificate password]

To make sure that signing works, you can send a test email to Gmail:

Encrypting Emails

Just upload .pem certificate in the Encryption section.

PGP

Here is the discussion of the PGP signing & encryption.

PGP signing and encrypting requires PHP GnuPG extension:

apt-get install php7.x-gnupg

To sign/encrypt emails you need to have a GPG key (without a passphrase):

gpg --gen-key

If your system does not allow to create a key without a passphrase, just create the key with Kleopatra.

The email address you enter when generating the GPG key, should be entered as “Key Email Address” in module’s settings.

Signing Emails

Signature will be attached to emails as signature.asc and contain PGP signature.

Encrypting Emails

To encrypt emails you need to have GPG keys for each recipient’s email address (without a passphrase).

Encrypted email will contain “noname” attachment with “Version: 1” text inside and encrypted.asc file containing PGP-encrypted message.

Troubleshooting

“get_key failed” error

See this discussion.