paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-07-28 18:24:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

Enhancement: mail message preprocessor for gpg encrypted mails (#7456)

Browse Source 
---------

Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com>
This commit is contained in:
Daniel Bankmann
2024-08-29 02:22:44 +02:00
committed by GitHub
parent f5ec6de047
commit ce663398e6
8 changed files with 695 additions and 217 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
docs/advanced_usage.md
View File

@@ -690,3 +690,57 @@ More details about configuration option for various providers can be found in th
Once external auth is set up, 'regular' login can be disabled with the [PAPERLESS_DISABLE_REGULAR_LOGIN](configuration.md#PAPERLESS_DISABLE_REGULAR_LOGIN) setting and / or users can be automatically
redirected with the [PAPERLESS_REDIRECT_LOGIN_TO_SSO](configuration.md#PAPERLESS_REDIRECT_LOGIN_TO_SSO) setting.
## Decryption of encrypted emails before consumption {#gpg-decryptor}
Paperless-ngx can be configured to decrypt gpg encrypted emails before consumption.
### Requirements
You need a recent version of `gpg-agent >= 2.1.1` installed on your host.
Your host needs to be setup for decrypting your emails via `gpg-agent`, see this [tutorial](https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages#encrypt-and-decrypt-messages-with-gpg) for instance.
Test your setup and make sure that you can encrypt and decrypt files using your key
```
gpg --encrypt --armor -r person@email.com name_of_file
gpg --decrypt name_of_file.asc
```
### Setup
First, enable the [PAPERLESS_GPG_DECRYPTOR environment variable](configuration.md#PAPERLESS_GPG_DECRYPTOR).
Then determine your local `gpg-agent.extra` socket by invoking
```
gpgconf --list-dir agent-extra-socket
```
on your host. A possible output is `~/.gnupg/S.gpg-agent.extra`.
Also find the location of your public keyring.
If using docker, you'll need to add the following volume mounts to your `docker-compose.yml` file:
```yaml
webserver:
volumes:
- /home/user/.gnupg/pubring.gpg:/usr/src/paperless/.gnupg/pubring.gpg
- <path to gpg-agent.extra socket>:/usr/src/paperless/.gnupg/S.gpg-agent
```
For a 'bare-metal' installation no further configuration is necessary. If you
want to use a separate `GNUPG_HOME`, you can do so by configuring the [PAPERLESS_EMAIL_GNUPG_HOME environment variable](configuration.md#PAPERLESS_EMAIL_GNUPG_HOME).
### Troubleshooting
- Make sure, that `gpg-agent` is running on your host machine
- Make sure, that encryption and decryption works from inside the container using the `gpg` commands from above.
- Check that all files in `/usr/src/paperless/.gnupg` have correct permissions
```shell
paperless@9da1865df327:~/.gnupg$ ls -al
drwx------ 1 paperless paperless 4096 Aug 18 17:52 .
drwxr-xr-x 1 paperless paperless 4096 Aug 18 17:52 ..
srw------- 1 paperless paperless 0 Aug 18 17:22 S.gpg-agent
-rw------- 1 paperless paperless 147940 Jul 24 10:23 pubring.gpg
```