Sending PGP HTML Encrypted e-mail with PHP

Posted on April 30, 2012 by Thomas Gouverneur

While adding the PGP HTML Report feature to WeSunSolve, I first successfully crypted the content of the HTML report to be sent to the user with PGP key. I would have thought that this was gonna be the hardest part, that was without thinking about MIME and HTML support of PGP encrypted mails.

Here is how I finally ended up by creating HTML PGP encrypted Mails using PHP which can be opened using (at least) claws-mail and thunderbird with proper rendering of the HTML report:

Content of the clear message

 To: test@test.com 
 Subject: My HTML crypted report
 X-PHP-Originating-Script: 1000:mlist.obj.php
 From: "We Sun Solve" <admin@wesunsolve.net>
 Reply-to: admin@wesunsolve.net
 X-Sender: WeSunSolve v2.0
 Message-ID: <1335717276@wesunsolve.net>
 Date: Sun, 29 Apr 2012 18:34:36 +0200
 MIME-Version: 1.0
 Content-Type: multipart/encrypted; 
 protocol="application/pgp-encrypted"; 
 boundary="------------enig029BFFF948226050D5D90E10F" 

This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)
 --------------enig029BFFF948226050D5D90E10F 
 Content-Type: application/pgp-encrypted
 Content-Description: PGP/MIME version identification Version: 1
 --------------enig029BFFF948226050D5D90E10F
 Content-Type: application/octet-stream; name="encrypted.asc"
 Content-Description: OpenPGP encrypted message
 Content-Disposition: inline; filename="encrypted.asc"
 -----BEGIN PGP MESSAGE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 ****SNIPPED PGP CRYPTED BASE64 MESSAGE ****
 -----END PGP MESSAGE-----
 --------------enig029BFFF948226050D5D90E10F--

Content of the PGP encrypted part

Content-Type: multipart/alternative; 
 boundary="------------F983FADF500537B8AFDC5E483"
 This is a multi-part message in MIME format.
 --------------F983FADF500537B8AFDC5E483
 Content-Type: text/plain; charset=utf-8
 Content-Transfer-Encoding: quoted-printable
 You need to have a MUA capable of rendering HTML to read the WeSunSolve emails.
 You can consult the website http://wesunsolve.net if you are not able to read this email, the information sent to you should also be on the website...
 --------------F983FADF500537B8AFDC5E483
 Content-Type: text/html; charset="utf-8"
 Content-Transfer-Encoding: quoted-printable
 --------------F983FADF500537B8AFDC5E483--

This is the report in cleartext!





Code Used




$pgpmime = ”;


$mime = ”;


$headers = ”;


$dest = ‘test@test.com’;


$subject = ‘My HTML crypted report’;


$clearContent = ‘<html><p>This is the report in cleartext!</p></html>’;


$clearText = ‘This is the text version of the report’;


/* Prepare the crypted Part of the message */


$bound = ‘————‘.substr(strtoupper(md5(uniqid(rand()))), 0, 25);


$pgpmime .= “Content-Type: multipart/alternative;\r\n boundary=\”$bound\”\r\n\r\n”;


$pgpmime .= “This is a multi-part message in MIME format.\r\n”;


$pgpmime .= “–$bound\r\n”;


$pgpmime .= “Content-Type: text/plain; charset=utf-8\r\n”;


$pgpmime .= “Content-Transfer-Encoding: quoted-printable\r\n\r\n”;


$pgpmime .= $clearText.”\r\n\r\n”;


$pgpmime .= “–$bound\r\n”;


$pgpmime .= “Content-Type: text/html; charset=\”utf-8\”\r\n”;


$pgpmime .= “Content-Transfer-Encoding: quoted-printable\r\n\r\n”;


$pgpmime .= $clearContent.”\r\n”;


$pgpmime .= “–$bound–\r\n”;


$content = GPG::cryptTxt($pgpkey, $pgpmime);


/* Make the email’s headers */


$headers = ”;


$headers = “From: $from\r\n”;


$headers .= “Reply-to: “.$config[‘mailFrom’].”\r\n”;


$headers .= “X-Sender: WeSunSolve v2.0\r\n”;


$headers .= “Message-ID: <“.time().”@”.$_SERVER[‘SERVER_NAME’].”>\r\n”;


$headers .= “Date: ” . date(“r”) . “\r\n”;


$bound = ‘————enig’.substr(strtoupper(md5(uniqid(rand()))), 0, 25);


$headers .= “MIME-Version: 1.0\r\n”;


$headers .= “Content-Type: multipart/encrypted;\r\n”;


$headers .= ” protocol=\”application/pgp-encrypted\”;\r\n”;


$headers .= ” boundary=\”$bound\”\r\n\r\n”;


/* And the cleartext body which encapsulate PGP message */


$mime = ”;


$mime .= “This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)\r\n”;


$mime .= “–$bound\r\n”;


$mime .= “Content-Type: application/pgp-encrypted\r\n”;


$mime .= “Content-Description: PGP/MIME version identification\r\n\r\n”;


$mime .= “Version: 1\r\n\r\n”;


$mime .= “–$bound\r\n”;


$mime .= “Content-Type: application/octet-stream; name=\”encrypted.asc\”\r\n”;


$mime .= “Content-Description: OpenPGP encrypted message\r\n”;


$mime .= “Content-Disposition: inline; filename=\”encrypted.asc\”\r\n\r\n”;


$mime .= $content.”\r\n”;


$mime .= “–$bound–“;




mail($dest, $subject, $mime, $headers);







											


		
						

							This entry was posted in Programming. Bookmark the permalink.													

					


					

					
			



			

			1 Response to Sending PGP HTML Encrypted e-mail with PHP			


	
			
    
						
  1. 
		
    Pingback: html mail encryption from terminal
    
				
    2. 
			


	
	

	

		
Leave a Reply 
Your email address will not be published. Required fields are marked *