gpgmailtunl(1p) [debian man page]
GPGMAILTUNL(1p) User Contributed Perl Documentation GPGMAILTUNL(1p) NAME
gpgmailtunl - Encrypts an email message into the body of another email. SYNOPSIS
gpgmailtunl [options] --encrypt | --decrypt DESCRIPTION
gpgmailtunl is a filter program that either encrypts an email message using the Gnu Privacy Guard and sends it to another recipient or decrypt an email message and forwards unencrypted to another destination. It can be used to exchange emails across an open network betweeen two trusted systems. TYPICAL USAGE
This program is intended to run from program like procmail or sendmail to create an email tunnel between two systems. Of course this is not as secure as using gpg as an end user program, it may be convenient in certain case. ENCRYPTION
To encapsulates an email within another you pipe the message to gpgmailtunl. OPTIONS GetOptions( \%opt, "encrypt", "decrypt", "sign", "secret-file=s", "from=s", "to=s", "subject=s", "homedir=s", "local-user=s", "recipient=s", ) or usage; to This is the address to which the encrypted message will be sent. This is the only required fields. recipient This sets the keyid that will be used to encrypt the outgoing message. If unset, gpgmailtunl will try to find a key matching the to option. subject Sets the subject of the outgoing message. This defaults to "Encrypted mail". from Sets the From header line of the outgoing message which will contains the encrypted one. sendmail will provides a default one if this is not set. sign If this option is used, the outgoing message will be signed. In this case you should probably use to local-user and secret-file options. secret-file File from which the secret to unlock the private used to sign the message can be read. local-user The keyid of the user that should sign the outgoing message. The default user will be used if not specified. homedir Sets an alternate gpg home directory. (This is where the keyrings are stored.) DECRYPTION
To extract an email to be forwarded to the final user you pipe the encrypted email to gpgmailtunl using the decrypt switch. Once decrypted, the encapsulated email message will be sent to the original destinator of the message. OPTIONS homedir Sets an alternate gpg home directory. (This is where the keyrings are stored.) secret-file File from which the secret to unlock the private used to decrypt the message can be read. AUTHOR
Francis J. Lacoste <francis.lacoste@iNsu.COM> COPYRIGHT
Copyright (c) 1999, 2000 iNsu Innovations Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. SEE ALSO
gpg(1) gpgmailtunl(1) GnuPG(3) perl v5.14.2 2011-11-22 GPGMAILTUNL(1p)
Check Out this Related Man Page
MIMEGPG(1) Double Precision, Inc. MIMEGPG(1) NAME
mimegpg - MIME-GPG utility SYNOPSIS
mimegpg [-s] [-E] [-e] [-c] [-d] [-p n] {--} {gpg options...} DESCRIPTION
The mimegpg tool signs, encrypts, or decrypts MIME-formatted E-mail messages using GnuPG. mimegpg does not contain any encryption code. It uses the GnuPG utility for all encryption and decryption functions. The -s option signs an E-mail message. The -E or the -e option encrypts the E-mail message. Specifying both -E/-e and -s encrypts and signs the E-mail message in a single step. The -d option decrypts the message. The -c option checks signatures. mimegpg works as a filter. It reads an E-mail message from standard input, which must be a MIME-formatted message. mimegpg signs, encrypts, and/or decrypts the message; then writes the encrypted, signed, or decrypted MIME message on standard output. The standard input to mimegpg must be a MIME E-mail message, with a "Mime Version: 1.0" header - even if the message does not contain any attachments. If the message contains any attachments, they are also signed and/or encrypted, individually. mimegpg automatically runs GnuPG, with the required options. mimegpg's options may also be followed by a single -- option; any remaining command line options are passed as additional options to GnuPG. The -E/-e option usually requires at least one -r GnuPG option, which may be specified in this fashion. The -p option specifies a file descriptor that contains any required passphrase. Any other valid GnuPG options may follow a double-dash, "--", as long as it makes sense for this operation (note that mimegpg automatically adds any GnuPG options that are needed to perform the given operation). The "--no-tty" option can be useful when mimegpg is used in a non-interactive mode. As always, secret keys that are password-protected secret keys cannot be used in the --no-tty mode, unless the -p option is used. SIGNING AND ENCRYPTING MESSAGES Use the -s option to sign MIME message content. Use the -E option to encrypt it. Use both options to both sign and encrypt. Follow with --, then any other GnuPG options. The -E option will require at least one -r GnuPG option. The -E option encapsulates the message content and all the attachments into a single encrypted MIME object. Some mail software cannot handle encapsulated content. The -e option encrypts each attachment separately, without encapsulation. If a secret key used for signing is password protected, the prompt to enter the password will be issued directly by GnuPG. Note that the -s and the -e (but not -E) options may issue multiple password prompts in interactive mode. mimegpg runs GnuPG multiple times if the MIME message contains attachments. GnuPG will be invoked separately for each attachment in the MIME message, and each invocation will prompt for any required key password. Note that the initial message headers are not signed and/or encrypted, except for the MIME headers themselves. However, any message/rfc822 MIME content - attached messages - are encrypted/signed in their entirety, headers and content. DECRYPTING AND CHECKING SIGNATURES The -d option attempts to decrypt any encrypted content in a MIME message. The -c option attempts to verify signatures of any signed content. Both -c and -d can be specified at the same time. -d looks for any multipart/encrypted MIME content, then attempts to decrypt it. -c looks for any multipart/signed MIME content, then attempts to verify the signature. The -c and -d options replace the multipart/signed and multipart/encrypted MIME content with a multipart/x-mimepgp section, that contains an additional attribute called "xpgpstatus". The value of the attribute is set to the exit code of GnuPG. Succesfully decrypting the message and/or verifying the signature sets the exit code to 0. A non-zero exit code indicates that the signature could not be verified, or the message could not be decrypted. The first section in this multipart/x-mimepgp is a text/plain section that contains any messages from GnuPG. The second section is any decrypted or signed content. mimegpg will include the signed content even if the signature could not be verified (check xpgpstatus). Encrypted content that could not be decrypted will not be included (obviously). Note - any existing x-mimegpg MIME section will have its content-type quietly reset to multipart/mixed, in order to avoid confusion (except when this is what got decrypted). SEE ALSO
reformime(1)[1]. AUTHOR
Sam Varshavchik Author NOTES
1. reformime(1) [set $man.base.url.for.relative.links]/reformime.html Courier Mail Server 04/04/2011 MIMEGPG(1)