SafeSend is a small PHP script which provides users with a form where they
can submit message texts and optionally upload files. The data sent via this
form is then automatically (on the server) encrypted via GnuPG and mailed
to the server's administrator. This makes it easy to send sensitive data
(like passwords or files) without the risk of clear-text transfer over the
net, without the need that each sender installs GnuPG. (Yes, I do receive
passwords regularly via plain email!) At least when SafeSend is accessed via
HTTPS, the data should never be in transit unencrypted and thus protected
Originally, this script is written for myself and deployed at
https://safesend.domob.eu/. But I think that it may be useful also
for others, or if not as a whole, then maybe the simple emailing and
GPG routines it includes. (Just take a look at the code if you're developing
in PHP and have to send mails with attachments, and possibly encrypt them.)
What SafeSend does with submitted form data:
* It sends the sender's name, email address, subject and message text
as GnuPG encrypted and signed mail to the recipient address specified
* Uploaded files are also encrypted and signed with GnuPG.
* If the file is "small enough" (yes, I'm a mathematician), it is
sent together with the mail as attachment.
* If the file is too large, it will be stored (still in encrypted form)
on the server in some special "storage directory" and the stored
file name is mentioned in the mail sent. Thus, after receiving
the message, you can SSH to the server and fetch the file from there.
Installation should be straight-forward. Of course, you're welcome to
read and modify the sourcecode (since this is free software); but at a
minimum, you have to:
* Copy all PHP files to the server's document root.
* Edit config.inc.php and adapt the configuration values to your environment.
Here, you can for instance specify to which keys messages should be
encrypted and with what keys to sign; or to which email address
the mails should be sent. And some further stuff.
* Edit index.php, and change it to suit your needs. The version provided
is the one deployed on my system, but you probably want to
edit it. There's not much PHP code involved in this file, though,
so this should be easy to do.
Good luck! If you have any comments or questions, I'd be happy to help you
out; just contact me via email:
Daniel Kraft <email@example.com>
4096R/04F7CF52 2013-02-26 Daniel Kraft (Graz, Austria) <firstname.lastname@example.org>
Fingerprint: 901C 5216 0537 1D2A F071 5A0E 4D94 6EED 04F7 CF52</pre>
Or just use https://safesend.domob.eu/. ;-) Note that the SSL
certificate used by the server is issued by CAcert, which may not be
trusted by your browser; so don't panic if you get a certificate
warning on accessing the site!