Plugin Author
Meitar
(@meitar)
That is a good question. The previous library I was using did not support this, but I have just switched to using OpenPGP-PHP and I’m unsure if that library can do this, so I have asked on their project’s issue tracker. I will let you know what I find out.
Plugin Author
Meitar
(@meitar)
Encrypted attachments are not yet supported by the library but there is a possibility that this will be added in the future. Since I am homeless and do not have a reliable income, I cannot prioritize adding this at the moment but it is a good feature request, so I’ve added it to my own issue tracker.
Thanks, Meitar. I’ll disable file upload in my contact forms until there is support for encrypted attachments.
Plugin Author
Meitar
(@meitar)
Sounds prudent. FWIW, we are making progress on both automatic signing using a key your website can generate for itself, and encrypted/signed attachment support, and will hopefully have both features ready in the next minor point release. 🙂
Nice… Thanks for your great work!
Plugin Author
Meitar
(@meitar)
Stefan, can you give me more information about what your attachments are? It turns out this may be possible but will be tricky because WordPress does not support adding “string attachments” directly using PHPMailer (which is what wp_mail() uses under the hood).
I am trying to get encrypted attachments to work anyway, but in order to make them work reliably for other plugins, too, I need more information about what the other plugins’ calls to wp_mail() look like.
Thanks!
Plugin Author
Meitar
(@meitar)
Hi again Stefan. We have made some more progress and now have an experimental branch that has (very rudimentary) support for automatically-encrypted attachments. Please have a look at the comments on this GitHub issue for an update.
Also, can you please manually install the patched code from the experimental branch, replacing your current WP PGP Encrypted Emails plugin with it, and let me know if the attachments your Contact Form 7 plugin get encrypted before transit?
Thanks for your help.
Meitar, sorry for my late reply. The website is for a textile printing workshop, so people usually want to attach pictures (usually PNG, JPG, sometimes PDF, EPS or SVG).
I’m really sorry but I have no time for testing right now.
OK, I wanted to test the experimental branch, but it turned out that the plugin (version 0.4.1) doesn’t work for me anymore.
I can’t use Contact Form 7 to send E-Mails when the plugin is installed – I always get error messages when I click the submit-button. It makes no difference if I install 0.4.1 or the patched code from the experimental branch…
Plugin Author
Meitar
(@meitar)
I can’t use Contact Form 7 to send E-Mails when the plugin is installed – I always get error messages when I click the submit-button.
Can you be more specific?
I tried using Contact Form 7 on my test install with WP PGP Encrypted Emails and it worked without a problem. :\
With WP PGP Encrypted Emails installed, when I submit a message with Contact Form 7 I get the error message “Sender’s message failed to send” – however I still receive the message.
Plugin Author
Meitar
(@meitar)
Okay, I know why that’s happening, will track it here.
Plugin Author
Meitar
(@meitar)
Stefan, can you try re-installing with this patched version and let me know if the issue persists?
This patch will try to ensure a “success” response is returned to Contact Form 7, but will still encrypt the messages to recipients as before.
With the patched version I get no error message after submitting the message with Contact Form 7. But I get two e-mails to my admin-address:
Before receiving the E-Mail sent with Contact Form 7 I get a “Undelivered Mail Returned to Sender”-Mail which contains the following in the attached Delivery report:
Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.4.4
Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error for name=localhost.invalid type=A: Host not found
Plugin Author
Meitar
(@meitar)
Boo. I was hoping all MTAs would be smart enough to not actually try to send an email to an RFC 2606 .invalid domain.
What does your system’s MTA set up look like?
