function sign_file($filedata) { $gpg = new Crypt_GPG(); $gpg->addSignKey('*****@*****.**'); $signature = $gpg->sign($filedata, Crypt_GPG::SIGN_MODE_CLEAR); return $signature; }
/** * Sign given string * * @param string $string * @param string $keyPassword * @param string $keyID * @param boolean $mode * @param boolean $armor * @return string */ public static function sign($string, $keyPassword = null, $keyID = null, $mode = null, $armor = true) { $gpg = new Crypt_GPG(); if ($mode === null) { $mode = Crypt_GPG::SIGN_MODE_CLEAR; } if ($keyID === null) { $keyID = ConfigManager::getConfig("Crypto", "GPG")->AuxConfig->defaultKey; } if ($keyPassword === null) { $keyPassword = ConfigManager::getConfig("Crypto", "GPG")->AuxConfig->defaultKeyPasswd; } $gpg->addSignKey($keyID, $keyPassword); return $gpg->sign($string, $mode); }
public function gpgDiagnostics(&$diagnostic_errors) { $gpgStatus = 0; if (Configure::read('GnuPG.email') && Configure::read('GnuPG.homedir')) { $continue = true; try { require_once 'Crypt/GPG.php'; $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'), 'binary' => Configure::read('GnuPG.binary') ? Configure::read('GnuPG.binary') : '/usr/bin/gpg')); $key = $gpg->addSignKey(Configure::read('GnuPG.email'), Configure::read('GnuPG.password')); } catch (Exception $e) { $gpgStatus = 2; $continue = false; } if ($continue) { try { $gpgStatus = 0; $signed = $gpg->sign('test', Crypt_GPG::SIGN_MODE_CLEAR); } catch (Exception $e) { $gpgStatus = 3; } } } else { $gpgStatus = 1; } if ($gpgStatus != 0) { $diagnostic_errors++; } return $gpgStatus; }
public function sendEmail($user, $body, $bodyNoEnc = false, $subject, $replyToUser = false) { $failed = false; $failureReason = ""; // check if the e-mail can be encrypted $canEncrypt = false; if (isset($user['User']['gpgkey']) && !empty($user['User']['gpgkey'])) { $canEncrypt = true; } // If bodyonlencrypted is enabled and the user has no encryption key, use the alternate body (if it exists) if (Configure::read('GnuPG.bodyonlyencrypted') && !$canEncrypt && $bodyNoEnc) { $body = $bodyNoEnc; } $body = str_replace('\\n', PHP_EOL, $body); // Sign the body require_once 'Crypt/GPG.php'; try { $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'), 'binary' => Configure::read('GnuPG.binary') ? Configure::read('GnuPG.binary') : '/usr/bin/gpg')); // , 'debug' => true $gpg->addSignKey(Configure::read('GnuPG.email'), Configure::read('GnuPG.password')); $body = $gpg->sign($body, Crypt_GPG::SIGN_MODE_CLEAR); } catch (Exception $e) { $failureReason = " the message could not be signed. The following error message was returned by gpg: " . $e->getMessage(); $this->log($e->getMessage()); $failed = true; } // If we cannot encrypt the mail and the server settings restricts sending unencrypted messages, return false if (!$failed && !$canEncrypt && Configure::read('GnuPG.onlyencrypted')) { $failed = true; $failureReason = " encrypted messages are enforced and the message could not be encrypted for this user as no valid encryption key was found."; } // Let's encrypt the message if we can if (!$failed && $canEncrypt) { $keyImportOutput = $gpg->importKey($user['User']['gpgkey']); try { $gpg->addEncryptKey($keyImportOutput['fingerprint']); // use the key that was given in the import $body = $gpg->encrypt($body, true); } catch (Exception $e) { // despite the user having a PGP key and the signing already succeeding earlier, we get an exception. This must mean that there is an issue with the user's key. $failureReason = " the message could not be encrypted because there was an issue with the user's PGP key. The following error message was returned by gpg: " . $e->getMessage(); $this->log($e->getMessage()); $failed = true; } } $replyToLog = ''; if (!$failed) { $Email = new CakeEmail(); // If the e-mail is sent on behalf of a user, then we want the target user to be able to respond to the sender // For this reason we should also attach the public key of the sender along with the message (if applicable) if ($replyToUser != false) { $Email->replyTo($replyToUser['User']['email']); if (!empty($replyToUser['User']['gpgkey'])) { $Email->attachments(array('gpgkey.asc' => array('data' => $replyToUser['User']['gpgkey']))); } $replyToLog = 'from ' . $replyToUser['User']['email']; } $Email->from(Configure::read('MISP.email')); $Email->to($user['User']['email']); $Email->subject($subject); $Email->emailFormat('text'); $result = $Email->send($body); $Email->reset(); } $this->Log = ClassRegistry::init('Log'); $this->Log->create(); if (!$failed && $result) { $this->Log->save(array('org' => 'SYSTEM', 'model' => 'User', 'model_id' => $user['User']['id'], 'email' => $user['User']['email'], 'action' => 'email', 'title' => 'Email ' . $replyToLog . ' to ' . $user['User']['email'] . ' sent, titled "' . $subject . '".', 'change' => null)); return true; } else { if (isset($result) && !$result) { $failureReason = " there was an error sending the e-mail."; } $this->Log->save(array('org' => 'SYSTEM', 'model' => 'User', 'model_id' => $user['User']['id'], 'email' => $user['User']['email'], 'action' => 'email', 'title' => 'Email ' . $replyToLog . ' to ' . $user['User']['email'] . ', titled "' . $subject . '" failed. Reason: ' . $failureReason, 'change' => null)); } return false; }
private function __sendProposalAlertEmail($id) { $this->loadModel('Event'); $this->Event->recursive = -1; $event = $this->Event->read(null, $id); // If the event has an e-mail lock, return if ($event['Event']['proposal_email_lock'] == 1) { return; } else { $this->_setProposalLock($id); } try { $this->loadModel('User'); $this->User->recursive = -1; $orgMembers = array(); $temp = $this->User->findAllByOrg($event['Event']['orgc'], array('email', 'gpgkey', 'contactalert', 'id')); foreach ($temp as $tempElement) { if ($tempElement['User']['contactalert'] || $tempElement['User']['id'] == $event['Event']['user_id']) { array_push($orgMembers, $tempElement); } } $body = ""; $body .= "Hello, \n"; $body .= "\n"; $body .= "A user of another organisation has proposed a change to an event created by you or your organisation. \n"; $body .= "\n"; $body .= "To view the event in question, follow this link:"; $body .= ' ' . Configure::read('MISP.baseurl') . '/events/view/' . $id . "\n"; $body .= "\n"; $body .= "You can reach the user at " . $this->Auth->user('email'); $body .= "\n"; // sign the body require_once 'Crypt/GPG.php'; $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'), 'binary' => Configure::read('GnuPG.binary') ? Configure::read('GnuPG.binary') : '/usr/bin/gpg')); $gpg->addSignKey(Configure::read('GnuPG.email'), Configure::read('GnuPG.password')); $bodySigned = $gpg->sign($body, Crypt_GPG::SIGN_MODE_CLEAR); // Add the GPG key of the user as attachment // LATER sign the attached GPG key if (null != !$this->User->getPGP($this->Auth->user('id'))) { // save the gpg key to a temporary file $tmpfname = tempnam(TMP, "GPGkey"); $handle = fopen($tmpfname, "w"); fwrite($handle, $this->User->getPGP($this->Auth->user('id'))); fclose($handle); // attach it $this->Email->attachments = array('gpgkey.asc' => $tmpfname); } foreach ($orgMembers as &$reporter) { if (!empty($reporter['User']['gpgkey'])) { // import the key of the user into the keyring // this isn't really necessary, but it gives it the fingerprint necessary for the next step $keyImportOutput = $gpg->importKey($reporter['User']['gpgkey']); // say what key should be used to encrypt try { $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'), 'binary' => Configure::read('GnuPG.binary') ? Configure::read('GnuPG.binary') : '/usr/bin/gpg')); $gpg->addEncryptKey($keyImportOutput['fingerprint']); // use the key that was given in the import $bodyEncSig = $gpg->encrypt($bodySigned, true); } catch (Exception $e) { // catch errors like expired PGP keys $this->log($e->getMessage()); // no need to return here, as we want to send out mails to the other users if GPG encryption fails for a single user } } else { $bodyEncSig = $bodySigned; // FIXME should I allow sending unencrypted "contact" mails to people if they didn't import they GPG key? } // prepare the email $this->Email->from = Configure::read('MISP.email'); $this->Email->to = $reporter['User']['email']; $this->Email->subject = "[" . Configure::read('MISP.org') . " MISP] Proposal to event #" . $id; $this->Email->template = 'body'; $this->Email->sendAs = 'text'; // both text or html $this->set('body', $bodyEncSig); // Add the GPG key of the user as attachment // LATER sign the attached GPG key if (null != $this->User->getPGP($this->Auth->user('id'))) { // attach the gpg key $this->Email->attachments = array('gpgkey.asc' => $tmpfname); } // send it $result = $this->Email->send(); // If you wish to send multiple emails using a loop, you'll need // to reset the email fields using the reset method of the Email component. $this->Email->reset(); } } catch (Exception $e) { return false; } return true; }
/** * * Sends out an email to all people within the same org * with the request to be contacted about a specific event. * @todo move __sendContactEmail($id, $message) to a better place. (components?) * * @param unknown_type $id The id of the event for wich you want to contact the org. * @param unknown_type $message The custom message that will be appended to the email. * @param unknown_type $all, true: send to org, false: send to person. * * @codingStandardsIgnoreStart * @throws \UnauthorizedException as well. // TODO Exception NotFoundException * @codingStandardsIgnoreEnd * * @return True if success, False if error */ private function __sendContactEmail($id, $message, $all) { // fetch the event $event = $this->Event->read(null, $id); $this->loadModel('User'); if (!$all) { //Insert extra field here: alertOrg or something, then foreach all the org members //limit this array to users with contactalerts turned on! $orgMembers = array(); $this->User->recursive = 0; $temp = $this->User->findAllByOrg($event['Event']['org'], array('email', 'gpgkey', 'contactalert', 'id')); foreach ($temp as $tempElement) { if ($tempElement['User']['contactalert'] || $tempElement['User']['id'] == $event['Event']['user_id']) { array_push($orgMembers, $tempElement); } } } else { $orgMembers = $this->User->findAllById($event['Event']['user_id'], array('email', 'gpgkey')); } // The mail body, h() is NOT needed as we are sending plain-text mails. $body = ""; $body .= "Hello, \n"; $body .= "\n"; $body .= "Someone wants to get in touch with you concerning a MISP event. \n"; $body .= "\n"; $body .= "You can reach him at " . $this->Auth->user('email') . "\n"; if (!$this->Auth->user('gpgkey')) { $body .= "His GPG/PGP key is added as attachment to this email. \n"; } $body .= "\n"; $body .= "He wrote the following message: \n"; $body .= $message . "\n"; $body .= "\n"; $body .= "\n"; $body .= "The event is the following: \n"; // print the event in mail-format // LATER place event-to-email-layout in a function $appendlen = 20; $body .= 'URL : ' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $event['Event']['id'] . "\n"; $body .= 'Event : ' . $event['Event']['id'] . "\n"; $body .= 'Date : ' . $event['Event']['date'] . "\n"; if ('true' == Configure::read('CyDefSIG.showorg')) { $body .= 'Reported by : ' . $event['Event']['org'] . "\n"; } $body .= 'Risk : ' . $event['Event']['risk'] . "\n"; $body .= 'Analysis : ' . $event['Event']['analysis'] . "\n"; $relatedEvents = $this->Event->getRelatedEvents($this->Auth->user()); if (!empty($relatedEvents)) { foreach ($relatedEvents as &$relatedEvent) { $body .= 'Related to : ' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $relatedEvent['Event']['id'] . ' (' . $relatedEvent['Event']['date'] . ')' . "\n"; } } $body .= 'Info : ' . "\n"; $body .= $event['Event']['info'] . "\n"; $body .= "\n"; $body .= 'Attributes :' . "\n"; $bodyTempOther = ""; if (!empty($event['Attribute'])) { foreach ($event['Attribute'] as &$attribute) { $line = '- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . "\n"; if ('other' == $attribute['type']) { // append the 'other' attribute types to the bottom. $bodyTempOther .= $line; } else { $body .= $line; } } } $body .= "\n"; $body .= $bodyTempOther; // append the 'other' attribute types to the bottom. // sign the body require_once 'Crypt/GPG.php'; $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'))); // , 'debug' => true $gpg->addSignKey(Configure::read('GnuPG.email'), Configure::read('GnuPG.password')); $bodySigned = $gpg->sign($body, Crypt_GPG::SIGN_MODE_CLEAR); // Add the GPG key of the user as attachment // LATER sign the attached GPG key if ($this->Auth->user('gpgkey') != null) { // save the gpg key to a temporary file $tmpfname = tempnam(TMP, "GPGkey"); $handle = fopen($tmpfname, "w"); fwrite($handle, $this->Auth->user('gpgkey')); fclose($handle); // attach it $this->Email->attachments = array('gpgkey.asc' => $tmpfname); } foreach ($orgMembers as &$reporter) { if (!empty($reporter['User']['gpgkey'])) { // import the key of the user into the keyring // this isn't really necessary, but it gives it the fingerprint necessary for the next step $keyImportOutput = $gpg->importKey($reporter['User']['gpgkey']); // say what key should be used to encrypt try { $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'))); $gpg->addEncryptKey($keyImportOutput['fingerprint']); // use the key that was given in the import $bodyEncSig = $gpg->encrypt($bodySigned, true); } catch (Exception $e) { // catch errors like expired PGP keys $this->log($e->getMessage()); // no need to return here, as we want to send out mails to the other users if GPG encryption fails for a single user } } else { $bodyEncSig = $bodySigned; // FIXME should I allow sending unencrypted "contact" mails to people if they didn't import they GPG key? } // prepare the email $this->Email->from = Configure::read('CyDefSIG.email'); $this->Email->replyTo = $this->Auth->user('email'); $this->Email->to = $reporter['User']['email']; $this->Email->subject = "[" . Configure::read('CyDefSIG.org') . " " . Configure::read('CyDefSIG.name') . "] Need info about event " . $id . " - TLP Amber"; //$this->Email->delivery = 'debug'; // do not really send out mails, only display it on the screen $this->Email->template = 'body'; $this->Email->sendAs = 'text'; // both text or html $this->set('body', $bodyEncSig); // Add the GPG key of the user as attachment // LATER sign the attached GPG key if ($this->Auth->user('gpgkey') != null) { // attach the gpg key $this->Email->attachments = array('gpgkey.asc' => $tmpfname); } // send it $result = $this->Email->send(); // If you wish to send multiple emails using a loop, you'll need // to reset the email fields using the reset method of the Email component. $this->Email->reset(); } // remove the temporary gpg file if ($this->Auth->user('gpgkey') != null) { unlink($tmpfname); } return $result; }
public function admin_email() { if (!$this->_isSiteAdmin()) { throw new MethodNotAllowedException(); } $this->User->recursive = 0; $temp = $this->User->find('all', array('fields' => array('email', 'gpgkey'))); $emails = array(); $gpgKeys = array(); // save all the emails of the users and set it for the dropdown list in the form foreach ($temp as $user) { array_push($emails, $user['User']['email']); array_push($gpgKeys, $user['User']['gpgkey']); } $this->set('recipientEmail', $emails); // User has filled in his contact form, send out the email. if ($this->request->is('post') || $this->request->is('put')) { $message1 = null; $message2 = null; $recipients = array(); $messageP = array(); // Formulating the message and the subject that will be common to the e-mail(s) sent if ($this->request->data['User']['action'] == '0') { // Custom message $subject = $this->request->data['User']['subject']; $message1 .= $this->request->data['User']['message']; } else { // Temp password if ($this->request->data['User']['customMessage']) { $message1 .= $this->request->data['User']['message']; } else { $message1 .= "Dear MISP user,\n\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at "; $message1 .= Configure::read('CyDefSIG.baseurl'); $message1 .= ", where you will be prompted to manually change your password to something of your own choice."; } //$message .= "\n\nYour temporary password: "******"\n\nIf you have any questions, contact us at: " . Configure::read('CyDefSIG.contact') . "."; } $message2 .= "\n\nBest Regards,\n" . Configure::read('CyDefSIG.org') . ' MISP support'; // Return an error message if the action is a password reset for a new user if ($this->request->data['User']['recipient'] == 2 && $this->request->data['User']['action'] == '1') { $this->Session->setFlash(__('Cannot reset the password of a user that doesn\'t exist.')); $this->redirect(array('action' => 'email', 'admin' => true)); } // Setting up the list of recipient(s) based on the setting and creating the final message for each user, including the password // If the recipient is all users, and the action to create a password, create it and for each user and squeeze it between the main message and the signature if ($this->request->data['User']['recipient'] == 0) { $recipients = $emails; $recipientGPG = $gpgKeys; if ($this->request->data['User']['action'] == '1') { $i = 0; foreach ($recipients as $rec) { $password = $this->User->generateRandomPassword(); $messageP = "\n\nYour temporary password: "******"\n\nYour temporary password: " . $password . $message2; $recipientPass[0] = $password; } else { $message[0] = $message1; } } require_once 'Crypt/GPG.php'; $i = 0; foreach ($recipients as $recipient) { if (!empty($recipientGPG[$i])) { $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'))); // , 'debug' => true $gpg->addSignKey(Configure::read('GnuPG.email'), Configure::read('GnuPG.password')); $messageSigned = $gpg->sign($message[$i], Crypt_GPG::SIGN_MODE_CLEAR); $keyImportOutput = $gpg->importKey($recipientGPG[$i]); try { $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'))); $gpg->addEncryptKey($keyImportOutput['fingerprint']); // use the key that was given in the import $encryptedMessage = $gpg->encrypt($messageSigned, true); } catch (Exception $e) { // catch errors like expired PGP keys $this->log($e->getMessage()); // no need to return here, as we want to send out mails to the other users if GPG encryption fails for a single user } } else { $encryptedMessage = $message[$i]; } // prepare the email $this->Email->from = Configure::read('CyDefSIG.email'); $this->Email->to = $recipients[$i]; $this->Email->subject = $subject; //$this->Email->delivery = 'debug'; // do not really send out mails, only display it on the screen $this->Email->template = 'body'; $this->Email->sendAs = 'text'; // both text or html $this->set('body', $encryptedMessage); // send it $result = $this->Email->send(); // if sending successful and action was a password change, update the user's password. if ($result && $this->request->data['User']['action'] == '1') { $this->User->recursive = 0; $temp = $this->User->findByEmail($recipients[$i]); $this->User->id = $temp['User']['id']; $this->User->read(); $this->User->saveField('password', $recipientPass[$i]); $this->User->saveField('change_pw', '1'); } // If you wish to send multiple emails using a loop, you'll need // to reset the email fields using the reset method of the Email component. $this->Email->reset(); $i++; } $this->Session->setFlash(__('E-mails sent.')); } // User didn't see the contact form yet. Present it to him. }
/** * Sign a message (but don't encrypt) * * @param Message $message * @return Message * @throws \Exception */ public function sign(Message $message) : Message { if (!$this->serverKeyFingerprint) { throw new \Exception('No signing key provided'); } $gnupg = new \Crypt_GPG($this->options); $gnupg->addSignKey($this->serverKeyFingerprint); $message->setBody($gnupg->sign($message->getBodyText(), \Crypt_GPG::SIGN_MODE_CLEAR, true)); return $message; }