What it is for

Django-gpg is a set of utilities for django to easily associate a public GPG key to a django User (or any other model), and provides secure way to mail users, as well as a set of tags for django templates for public key input.

What it is not for

This application is not here for gpg-based authentication (for that, see gpgAuth), it is also not a mechanism for identification based on key trust, as I believe signature verifications and such should be left to humans and for mutual exchange of data.

Why

As everyone should know, plain emails are not in any way secure, going through a number of hops before coming to your mailbox, it can easily be intercepted by any of them, and that is why emails should be considered as postcards by anyone sending them. There is a relative privacy, but all it takes is one relay with malicious intent to destroy that privacy

That is a big problem, as a lot of websites where I purchase things send me:

1. my username
2. invoices
3. tracking numbers
4. download links

There is also the matter of forgotten passwords, when I don’t remember them and select “reset” password”, I get sent a link with unique usage to choose a new password, or a temporary password.

The list above causes concerns for privacy, as I would not like the same things written on a postcard and sent to my address, but the last issue is a big problem for security: what if someone got a hold of the password/reset link before me, and decided to use it? That person (or entity, for all I care) could very well change the email address among other things and cause me harm in many ways.

That’s why I believe a strong mechanism of automated email encryption is needed, to make sure only the targeted entity has access to the information contained in the email. Emails are often the weakest link, and this is sad, because we have efficient mechanisms to make it the strongest, so we might as well fix that.

How

First, this application will add two new templates: {% gpg_fileinput %} and {% gpg_textinput %} ; the file input will allow the user to select the public key as a file, while the text input will allow him to paste it directly into a textarea (of course, special css classes will allow easy customization of those form elements).

Next, it needs to have several utility functions to perform its task: a check_key_validity(key) determining if the given text is a valid gnupg key, an encrypt_data(data, to=None, key=None) function that encrypts the given data using the key (and attempts to get the key of the corresponding field), and, why not, a sign_data(data) that takes the original data and returns it with a signature using the website’s key, so that the user may know if the email is legitimate. And finally, maybe a wrapper around django’s send_mail() that would make things transparent.

Finally, a bunch of settings to configure the application behaviour could be useful, such as the server’s key, and the models to use to get the link model ←→ key field, and an ENABLE_GPG boolean.

Final thoughts

After thinking about it, I searched the web for a similar set of utilities, and did not find it, although I found things that were not far from this (like django-email-extras); but I do not think it is necessary to have your own model with a foreignkey, when you can just let the user add a TextField defaulting to '' in his model.

There is no particular reason for me to choose django, given the simplicity of this set of features, any language/framework could do (even php has a gnupg interface), but I like django, so I will go with django.

I did not code anything yet, I only felt the need to write down my thoughts so that I won’t forget it before it’s done.