search

caronc / apprise

Apprise - Push Notifications that work with just about every platform!
https://hub.docker.com/r/caronc/apprise
BSD 2-Clause "Simplified" License
10.95k stars 388 forks source link

PGP support for emails #414

Open Redsandro opened 2 years ago

Redsandro commented 2 years ago

:bulb: The Idea

Allow to encrypt messages and attachments with PGP/GnuPG using a specified public key before sending emails.

This way you can forward sensitive content to your self-hosted apprise where it will be encrypted before being sent to a publicly hosted mail server over which you don't have control.

:man_technologist: The Implementation

I don't know how to do this platform independently in Python. A search provided some possibly interesting related projects:

Perhaps it's easiest to do a switch internally and call os dependent binaries. Throw an error when binary does not exist.

caronc commented 2 years ago

The only problem i see with PGP is that the certificate can bet quite large. The only way I can think of implementing this is adding ?pgp=/path/to/local/key in the URL:

Or it could be ?sign= or whatever you feel is more appropriate.

The only catch is that his feature wouldn't work using say the Apprise API for example because it could possibly be exploited (accessing someones remote server and passing in different local files to ?pgp=. You know?

Thoughts?

Redsandro commented 2 years ago

I think you should think of the certificate as a file rather than a string:

apprise --title 'Sensitive content' \
        --body 'Here is the leaked document.' \
        --attach document.pdf \
        --pgp certificate.key \
        'mailto://myemail:mypass@protonmail.com'

if a --pgp file is supplied, it needs to be used in email related plugins. I.e. if the certificate is wrong, invalid, or path does not exist etc throw an error so the email is not sent unencrypted by mistake.