{ "info": { "author": "blag", "author_email": "blag@users.noreply.github.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Environment :: Web Environment", "Framework :: Django", "Intended Audience :: Developers", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Topic :: Communications :: Email", "Topic :: Security :: Cryptography" ], "description": ".. image:: https://travis-ci.org/blag/django-secure-mail.svg?branch=master\n :target: https://travis-ci.org/blag/django-secure-mail\n\n.. image:: https://coveralls.io/repos/github/blag/django-secure-mail/badge.svg\n :target: https://coveralls.io/github/blag/django-secure-mail\n\n\nCreated by `blag `_. Forked from PR\n`#39 `_ and\n`#40 `_ of\n`django-email-extras `_ by\n`Stephen McDonald `_.\n\nIntroduction\n============\n\ndjango-secure-mail is a Django reusable app providing a mail backend to send\nopportunistically signed and encrypted emails using PGP. Also provided are\nmodels and an admin page to manage uploaded PGP keys.\n\nNote that the provided backend only signs outgoing mail if the recipient has\nuploaded a valid public key. Users without valid public keys will *not* have\ntheir outgoing mail signed or encrypted.\n\n\nDependencies\n============\n\n* `python-gnupg `_ is\n required for sending PGP encrypted email.\n\n\nInstallation\n============\n\nThe easiest way to install django-secure-mail is directly from PyPi\nusing `pip `_ by running the command\nbelow:\n\n.. code-block:: bash\n\n $ pip install django-secure-mail\n\nOtherwise you can download django-secure-mail and install it directly\nfrom source:\n\n.. code-block:: bash\n\n $ python setup.py install\n\n\nConfiguration\n=============\n\n1. Add ``secure_mail`` to your ``INSTALLED_APPS`` setting and run database\n migrations:\n\n .. code-block:: bash\n\n $ python manage.py migrate secure_mail\n\n2. Set ``EMAIL_BACKEND`` in your settings module to\n ``secure_mail.backends.EncryptingSmtpEmailBackend`` or one of the\n development/testing backends listed in `Development and Testing`_.\n\n3. Set the ``SECURE_MAIL_GNUPG_HOME`` setting to a directory that contains the\n GPG keyring. If you are running multiple Django nodes, each node will need\n read *and write* access to this directory.\n\n4. Set the ``SECURE_MAIL_GNUPG_ENCODING`` variable to the encoding your GPG\n executable requires. This is generally ``latin-1`` for GPG 1.x and ``utf-8``\n for GPG 2.x.\n\n5. Whle it is not required to send encrypted email, it is *highly recommended*\n that you generate a signing key for outgoing mail. Please follow the\n instructions in the `Generate Signing Key`_ section. All nodes that will\n be sending outgoing mail will need to have read access to the directory\n specified by ``SECURE_MAIL_GNUPG_HOME``.\n\nThere are additional configuration options available. Please see the `Options`_\nsection for a complete list.\n\n\nGenerate Signing Key\n--------------------\n\nAdding a private/public signing keypair is different than importing a\npublic encryption key, since the private key will be stored on the\nserver.\n\nThis project ships with a Django management command to generate and\nexport signing keys: ``email_signing_key``.\n\nYou first need to set the ``SECURE_MAIL_SIGNING_KEY_DATA`` option in your\nproject's ``settings.py``. This is a dictionary that is passed as keyword arguments directly to ``GPG.gen_key()``, so please read and understand all of\nthe available `options in their documentation `_. The default settings are:\n\n.. code-block:: python\n\n SECURE_MAIL_SIGNING_KEY_DATA = {\n 'key_type': \"RSA\",\n 'key_length': 4096,\n 'name_real': settings.SITE_NAME,\n 'name_comment': \"Outgoing email server\",\n 'name_email': settings.DEFAULT_FROM_EMAIL,\n 'expire_date': '2y',\n }\n\nYou may wish to change the ``key_type`` to a signing-only type of key,\nsuch as DSA, or the expire date.\n\nOnce you are content with the signing key settings, generate a new\nsigning key with the ``--generate`` option:\n\n.. code-block:: bash\n\n $ python manage.py email_signing_key --generate\n\nTo work with specific keys, identify them by their fingerprint\n\n.. code-block:: bash\n\n $ python manage.py email_signing_key 7AB59FE794A7AC12EBA87507EF33F601153CFE28\n\nYou can print the private key to your terminal/console with:\n\n.. code-block:: bash\n\n $ python manage.py email_signing_key 7AB59FE794A7AC12EBA87507EF33F601153CFE28 --print-private-key\n\nAnd you can upload the public signing key to one or more specified\nkeyservers by passing the key server hostnames with the ``-k`` or\n``--keyserver`` options:\n\n.. code-block:: bash\n\n $ python manage.py email_signing_key 7AB59FE794A7AC12EBA87507EF33F601153CFE28 -k keys.ubuntu.com keys.redhat.com -k pgp.mit.edu\n\nYou can also perform all tasks with one command:\n\n.. code-block:: bash\n\n $ python manage.py email_signing_key --generate --keyserver pgp.mit.edu --print-private-key\n\nUse the ``--help`` option to see the complete help text for the command.\n\nOnce you have generated the signing key, you will need to configure\n``secure_mail`` to use it. Set the ``SECURE_MAIL_KEY_FINGERPRINT`` setting to\nthe fingerprint of the outgoing signing key you wish to use. \n\n\nOptions\n-------\n\nThere are a few settings you can configure in your project's\n``settings.py`` module:\n\n* ``SECURE_MAIL_GNUPG_HOME`` - String representing a custom location\n for the GNUPG keyring. If you are running multiple Django nodes, this should\n be set to a directory shared by all nodes, and the ``gpg`` executable on all\n nodes will need read and write access to it.\n* ``SECURE_MAIL_USE_GNUPG`` - Boolean that controls whether the PGP\n encryption features are used. Defaults to ``True`` if\n ``SECURE_MAIL_GNUPG_HOME`` is specified, otherwise ``False``.\n* ``SECURE_MAIL_GNUPG_ENCODING`` - The encoding the local ``gpg`` executable\n expects. This option is passed through to the ``str.encode`` function. In\n general, it should be set to ``latin-1`` for GPG 1.x and ``utf-8`` for GPG\n 2.x. Check out\n `python-gnupg documentation `_\n for more info.\n* ``SECURE_MAIL_FAILURE_HANDLERS`` - A dictionary that maps failed types to the\n dotted-path notation of error handlers. See the `Error Handling`_ section for\n details and an example.\n* ``SECURE_MAIL_ALWAYS_TRUST_KEYS`` - Skip key validation and assume that used\n keys are always fully trusted. This simply sets ``--always-trust`` (or\n ``--trust-model`` for more modern versions of GPG). See the GPG documentation\n on the ``--trust-model`` option for more detail about this setting.\n* ``SECURE_MAIL_SIGNING_KEY_DATA`` - A dictionary of key options for generating\n new signing keys. See the\n `python-gnupg documentation https://pythonhosted.org/python-gnupg`_ for more\n details.\n\n Default:\n\n .. code-block:: python\n\n {\n 'key_type': \"RSA\",\n 'key_length': 4096,\n 'name_real': settings.SITE_NAME,\n 'name_comment': \"Outgoing email server\",\n 'name_email': settings.DEFAULT_FROM_EMAIL,\n 'expire_date': '2y',\n }\n\n* ``SECURE_MAIL_KEY_FINGERPRINT`` - The fingerprint of the key to use when\n signing outgoing mail, must exist in the configured keyring.\n\n\nSending PGP Encrypted Email\n===========================\n\nOnce the backend is configured and specified by the ``EMAIL_BACKEND`` setting,\nall outgoing mail will be opportunistically signed and encrypted. This means\nthat if a message is being sent to a recipient who has a valid public key in\nthe database and the GPG/PGP keyring, the backend will attempt to sign and\nencrypt outgoing mail to them.\n\n\nError Handling\n==============\n\nThis backend allows users to specify custom error handlers when encryption\nfails for the following objects:\n\n* The plain text message itself\n* Any message attachments\n* Any message alternatives (for instance: HTML mail delivered with a plain text\n fallback)\n\nError handlers are called when an exception is raised and are passed the raised\nexception.\n\n.. code-block:: python\n\n def handle_failed_encryption(exception):\n # Handle errors\n\n def handle_failed_alternative_encryption(exception):\n # Handle errors\n\n def handle_failed_attachment_encryption(exception):\n # Handle errors\n\nThe default error handlers simply re-raise the exception, but this may be\nundesirable for all cases.\n\nTo assist with handling errors, the package provides a few helper functions\nthat can be used in custom error handlers:\n\n* ``force_send_message`` - Accepts the unencrypted message as an argument,\n and sends the message without attempting to encrypt or sign it.\n* ``force_delete_key`` - Accepts the recipient's address as an argument and\n forcibly removes all keys from the database and the GPG/PGP keyring.\n* ``force_mail_admins`` - Accepts the unencrypted message and the failing\n address as arguments. If the address is in the ``ADMINS`` setting, it sends\n the message unencrypted, otherwise, it mails the admins a message containing\n the subject of the original message and the original intended recipient.\n* ``get_variable_from_exception`` - Accepts the exception and a variable name\n as arguments, then digs back through the stacktrace to find the first\n variable with the specified name.\n\nTo specify a custom error handlers, set keys in the\n``SECURE_MAIL_FAILURE_HANDLERS`` setting dictionary in your project's\n``settings.py`` to the dotted-path of your error handler/s:\n\n.. code-block:: python\n\n SECURE_MAIL_FAILURE_HANDLERS = {\n 'message': 'myapp.handlers.handle_failed_encryption',\n 'alternative': 'myapp.handlers.handle_failed_alternative_encryption',\n 'attachment': 'myapp.handlers.handle_failed_attachment_encryption',\n }\n\nYou do not have to override all of the handlers, you can override as many or as\nfew as you wish.\n\n\nDevelopment and Testing\n=======================\n\nThis package provides a backend mixin (``EncryptingEmailBackendMixin``) if you\nwish to extend the backend or create a custom backend of your own:\n\n.. code-block:: python\n\n class EncryptingLocmemEmailBackend(EncryptingEmailBackend, LocmemBackend):\n pass\n\nFor a working, real-world example of using the ``EncryptingEmailBackendMixin``\nin another Django app, check out the\n``emailhub.backends.secure_mail.EncryptingEmailBackendMixin`` from the\n`django-emailhub `_ project:\n\nIn addition to the provided ``EncryptingSmtpEmailBackend``, this package ships\nwith a few more backends that mirror the built-in Django backends:\n\n* ``EncryptingConsoleEmailBackend``\n* ``EncryptingLocmemEmailBackend``\n* ``EncryptingFilebasedEmailBackend``\n\n\nDatabase Models\n---------------\n\n`PGP explanation `_\n\nUsing `python-gnupg`_, two models are defined in ``secure_mail.models`` -\n``Key`` and ``Address`` which represent a PGP key and an email address for a\nsuccessfully imported key. These models exist purely for the sake of importing\nkeys and removing keys for a particular address via the Django\nAdmin.\n\nWhen adding a key, the key is imported into the key ring on\nthe server and the instance of the ``Key`` model is not saved. The\nemail address for the key is also extracted and saved as an\n``Address`` instance.\n\nThe ``Address`` model is then used when sending email to check for\nan existing key to determine whether an email should be encrypted.\nWhen an ``Address`` is deleted via the Django Admin, the key is\nremoved from the key ring on the server.\n\n\nAlternative Django Apps\n=======================\n\nOther Django apps with similar functionality are:\n\n* `django-email-extras `_ -\n Provides two functions for sending PGP encrypted, multipart emails using\n Django's template system. Also provides a mail backend that displays HTML\n mail in the browser during development.\n* `django-gnupg-mails `_ -\n Provides a ``GnuPGMessage`` (subclass of Django's ``EmailMessage``) to send\n PGP/MIME signed email.\n\nBoth of those apps require third party app developers to \"opt-in\" to sending\nencrypted mail. This project automatically encrypts and signs all outgoing mail\nfor all apps.", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/blag/django-secure-mail", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "django-secure-mail", "package_url": "https://pypi.org/project/django-secure-mail/", "platform": "", "project_url": "https://pypi.org/project/django-secure-mail/", "project_urls": { "Homepage": "https://github.com/blag/django-secure-mail" }, "release_url": "https://pypi.org/project/django-secure-mail/1.1.0/", "requires_dist": null, "requires_python": "", "summary": "A Django reusable app providing the ability to send PGP encrypted and multipart emails using the Django templating system.", "version": "1.1.0" }, "last_serial": 3714951, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "a89abe1fd088c45c2f374da54658d83a", "sha256": "a83fa4f56650928db10944f03236af2e9649a204a3da42c8bc21545a6f35797e" }, "downloads": -1, "filename": "django-secure-mail-1.0.0.tar.gz", "has_sig": true, "md5_digest": "a89abe1fd088c45c2f374da54658d83a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 26370, "upload_time": "2017-04-18T15:15:32", "url": "https://files.pythonhosted.org/packages/91/03/7edd19928311c20d4775d50aeb024583e309c3b90862a6a2874c9c4f86e2/django-secure-mail-1.0.0.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "3322de6800e16a30be6af0dbf3184236", "sha256": "3a95dcea31359e596e8c8fcfbc7bf9969047a1bda989e021f99d15ff849df313" }, "downloads": -1, "filename": "django-secure-mail-1.1.0.tar.gz", "has_sig": true, "md5_digest": "3322de6800e16a30be6af0dbf3184236", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 29297, "upload_time": "2018-03-28T19:35:27", "url": "https://files.pythonhosted.org/packages/7b/8e/caf2c3ac885a5e21f0979aa035c5c0d5b20348683ec9d741dccc4ccdff42/django-secure-mail-1.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "3322de6800e16a30be6af0dbf3184236", "sha256": "3a95dcea31359e596e8c8fcfbc7bf9969047a1bda989e021f99d15ff849df313" }, "downloads": -1, "filename": "django-secure-mail-1.1.0.tar.gz", "has_sig": true, "md5_digest": "3322de6800e16a30be6af0dbf3184236", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 29297, "upload_time": "2018-03-28T19:35:27", "url": "https://files.pythonhosted.org/packages/7b/8e/caf2c3ac885a5e21f0979aa035c5c0d5b20348683ec9d741dccc4ccdff42/django-secure-mail-1.1.0.tar.gz" } ] }