In the previous post I ran through the process of setting up a Mailfence account for encrypting emails using asymmetric encryption. In this post I show how Mailfence can be used with the {emayili} package for sending encrypted email from R.
If you want to use Mailfence with {emayili} (or another desktop email client), then you’ll need to have access to the Mailfence SMTP server. Unfortunately this is not available on the Free plan, however, Mailfence are happy to give you a 15 day free trial on the Entry plan to test it out. That should be ample time to decide whether or not this is a good solution for you.
Exporting a Personal Encryption Key
Before you can use Mailfence with {emayili} (or any other local email client) you’ll need to export a private key from Mailfence and import it into your local keychain.
Aside: Importing Private Key
It is possible to use a Mailfence account from
emayili without importing a private key onto your local keychain. But if you want to encrypt messages with the same key that’s being used in your Mailfence account, then this is an indispensable step.
- Go to Settings → Messages → Encryption.
- Click on the link for the key under My personal keys. You will likely only have one key listed here, but in principle there’s no reason why you should not have more. Choose the key that you want to export.
- Click on the Export link.
This will initiate the download of a file with a .asc extension. In my case the file was called Andrew_Collier_priv.asc.
Import into Local Keychain
Now import the contents of this file onto your GPG keychain. You’ll need to provide the passphrase for the key.
gpg --import Andrew_Collier_priv.asc
gpg: key 71B43FBB68FABD19: secret key imported
gpg: Total number processed: 2
gpg: unchanged: 2
gpg: secret keys read: 1
gpg: secret keys imported: 1
Confirm that the key has been added.
gpg --list-keys
/home/wookie/.gnupg/pubring.kbx
-------------------------------
pub rsa4096 2021-11-26 [SC]
1DA3133E8A5AAC95F543443987CC261267801A17
uid [ultimate] Andrew B. Collier <andrew@fathomdata.dev>
sub rsa4096 2021-11-26 [E]
pub rsa4096 2022-04-03 [SC] [expires: 2025-04-02]
F79B34B62B654FD71CC9154871B43FBB68FABD19
uid [ unknown] Andrew Collier <datawookie@mailfence.com>
sub rsa4096 2022-04-03 [E] [expires: 2025-04-02]
Using Mailfence with {emayili}
Right, you’re ready to use Mailfence with {emayili}.
library(emayili)
packageVersion("emayili")
[1] '0.7.9'
Create a server object using the mailfence() function. You don’t have to worry about the DNS name or the port for the server, this is already taken care of. Just provide your Mailfence username and password.
smtp <- smtp <- mailfence(
username = "datawookie",
password = Sys.getenv("MAILFENCE_PASSWORD")
)
Create a message. I’m just going to send a message to my work email address.
msg <- envelope(
to = "andrew@fathomdata.dev",
from = "datawookie@mailfence.com",
subject = "Database Password (keep this safe!)"
) %>%
# You really would not want something like this being sent unsecured!
text("Your database password is pmbZ8BZfrim%K!n9.")
Now encrypt it. It will be encrypted with the private key that you exported from Mailfence (this is the key associated with your Mailfence email address).
msg <- msg %>% encrypt()
Send!
smtp(msg)
That seemed to be successful. I’ll flip over to my email client to check.
Success! The resulting message was signed. encrypted and delivered, as required.
Having gone through this process it became apparent that the service offered by Mailfence is not terribly different from what you can set up for yourself using a desktop email client (like Thunderbird) and a locally installed version of GnuPG. IMHO it really does not solve the primary obstacle to using asymmetric encryption for email, which seems to me to be getting your recipients to install GnuPG and share their public keys.