PGP/Mime

[ravisorg]

Hello!

I have PGP/Mime working in PHPMailer. I'm wondering if there's a preference for a child class containing only the PGP code needed and inheriting the rest from the main PHPMailer class (eg: $mail = new PHPMailerPGP) or if I should submit a pull request with the PGP code added to the main class?

Personally I would think the child class route would be cleaner, but the S/MIME stuff seems to have been added to the main class, so not sure what the preferred method is.

Comments / suggestions?

[ravisorg]

Also (forgot to ask) what is the minimum version of PHP that PHPMailer aims to support? ie: I'd like to know which built in functions I can use, and which I need to avoid.

[Synchro]

Excellent news - I know this has been asked for in the past.

There is really too much stuff in the main class, so the child class route is the way to go - look at how the XOAUTH2 support has been done for an example.

Officially, PHPMailer supports back to PHP 5.0 😱 (to say we have a lot of legacy users is an understatement!), but new features (not causing BC breaks) may be added in subclasses that can require later versions - for example the XOAUTH2 class needs PHP 5.4 because the OAUTH class it uses needs that. Mixing namespaced and non-namespaced classes is not pretty, so for now we're not namespacing anything - if people really need it they can use wrappers.

[ravisorg]

Excellent news - I know this has been asked for in the past.

If anyone is looking to use this, the first commit here beeabb1. It works, but as the comments indicate it's probably not production ready and currently requires the gpg command line client and they keys in the user's keychain. Both of those requirements should be easy to remove, but I wanted to get something up.

Officially, PHPMailer supports back to PHP 5.0 😱

That's actually better than I was expecting :)

There is really too much stuff in the main class, so the child class route is the way to go - look at how the XOAUTH2 support has been done for an example.

Agreed, and done.

new features (not causing BC breaks) may be added in subclasses that can require later versions - for example the XOAUTH2 class needs PHP 5.4 because the OAUTH class it uses needs that

Perfect, in that case I won't worry too much about it :)

Sub-question: would pulling PHPMailer::sign() from the main class and moving it to a child class (eg: PHPMailerSMIME) be a possibility? I suppose it's not a huge deal, but that generic "sign" function name could be used for any method of signing, not just SMIME.

I ask because I'm not sure how recently that functionality was added. If it's been around for awhile perhaps you don't want to mess with it. If it's fairly new, maybe having an SMIME class would be useful (I've been toying with the idea of getting SMIME encryption working once PGP is done).

[ravisorg]

Rewritten and (possibly) useful now. PHPMailerPGP https://github.com/ravisorg/PHPMailer/blob/openpgp/class.phpmailerpgp.php

I'd like to use it for a bit to make sure there are no massively obvious problems in the design of the class before issuing a pull request, but it's been working well for me so far.

Testers / bug reports would be very welcome.

[fabacab]

@ravisorg I am developing a WordPress plugin to encrypt attachments created by other plugins transparently, and have an almost-working experimental branch of my plugin to do this (tracked in fabacab/wp-pgp-encrypted-emails#4). I say "almost working" because while the data gets encrypted, it's not PGP/MIME formatted correctly and so the data needs to be manually decrypted once received. Obviously, it would be preferable if the OpenPGP-compatible email clients could understand the email my plugin sends and treat the encrypted contents appropriately.

As far as I understand it, PHPMailer does not yet support doing this. Your PHPMailerPGP class looks like the perfect solution for me, but to work with my plugin it would need to at least optionally use the singpolyma/openpgp-php OpenPGP implementation instead of the PHP GnuPG extension to work.

So, two questions, similar to your own, above:

1. Am I even barking up the right tree, or is there an alternative approach better suited for what I am trying to do?
2. If I do already have the right idea, then to add support for OpenPGP-PHP to PHPMailerPGP, would you prefer I subclass it or send a pull request adding it as an optional backend to your own class?

Thanks!

[Nertskull]

Thank you so much for this. It is working well for me and exactly what I needed. I would love to see it become part of phpmailer. But it works great for now. The one comment I have is it would be nice to see more documentation. I know I'm a novice, so it took me a while to figure out how to use it. But I'm glad you commented the code, because otherwise I wouldn't have been able to figure it out.

But thanks for making this, its awesome.

[Synchro]

Sorry I've been neglecting this. I don't really want to put this into PHPMailer 5.2, but I'd be very happy for it to go into 6.0. Could you perhaps update your changes for the 6.0 branch and rebase on that? Added bonuses - you get to use PHP 5.5 features and namespaces...

[ravisorg]

Re-opening this (sorry!) just to mention that I've updated it to the current master and added support for Memory Hole protected headers (eg: encrypted subject lines) as well as updated the README.md page in my branch to give some info / examples. https://github.com/ravisorg/PHPMailer/tree/openpgp

I will update it to work off the 6.0 branch if/when I get a moment, but considering you asked that a year and a half ago... :/

It works in the meantime if anyone needs PGP support though

[pavarnos]

Would love to see this as a standard (built in) feature of phpmailer. Protonmail has made pgp email accessible to a lot more people. It would be cool to allow pgp encrypted mail from a server to protonmail accounts...

[heinrich-k]

Will this be integrated into PHPMailer?