Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Only encrypt the body #53

Open
JoDaBaRo opened this issue Nov 16, 2017 · 5 comments · May be fixed by #54
Open

Only encrypt the body #53

JoDaBaRo opened this issue Nov 16, 2017 · 5 comments · May be fixed by #54

Comments

@JoDaBaRo
Copy link

After playing around with it i noticed that after decoding the message block a bunch of information like the date, to, from headers etc... is also present. I now have working code that adds an extra option (clean) that doesn't affect anything else and allows just the body to be encrypted and i would like to make a pull request for it since my team needs the feature

@JoDaBaRo JoDaBaRo linked a pull request Nov 17, 2017 that will close this issue
@jkraemer
Copy link
Owner

I'm not sure if this is going too far. It would probably be a good idea to at least leave headers like Content-Type and Content-Transfer-Encoding in place?

@jkraemer
Copy link
Owner

jkraemer commented Nov 21, 2017

On a side note - why do additional headers bother you? Can you not just ignore them when parsing the decrypted part?

@JoDaBaRo
Copy link
Author

The emails i want to send have touchy subjects and it only encrypts emails if the user requested to do so. The application is not suppose to decode the message but rather the user himself since if he asked to encrypt some of his emails and provide the public key, he should be able to proccess the message on his own, means i'm not dealing with whatever the decrypted message says. With that in mind I see no purpose on having all the headers inside the encrypted block message since that is essentially garbage for the user.

@jkraemer
Copy link
Owner

If you just want to put encrypted text into the body of an email for your users to decrypt it however they see fit, you could simply do that without using this gem at all. Any PGP/MIME compliant client will not display these headers anyway and PGP/MIME compliant client libraries will allow easy retrieval of the body as well. Definitely the headers aren't 'garbage' - leaving them in means the receiver can trust them since they are part of the encrypted / signed payload.

I'm not sure about how PGP/MIME compliant clients will handle an encrypted email that would be generated using this method. Can you add a test showing that decryption of a body_only encrypted email with this gem still works (also for multipart emails)?

@JoDaBaRo
Copy link
Author

Once i got the complaints about the header i actually considered simply straight up encrypting the text however my team was quite pleased on how simple and clean the code looked like so i was asked to try and look for a workaround, whichlead me to dig into the source code. The code is working just fine in my local environment nevertheless once i have some time i'll write the tests you requested.
Thanks for the hard work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants