前言介紹
- 這款 WordPress 外掛「WP PGP Encrypted Emails」是 2016-01-21 上架。
- 目前有 500 個安裝啟用數。
- 上一次更新是 2021-05-25,距離現在已有 1440 天。超過一年沒更新,安裝要確認版本是否可用。以及後續維護問題!
- 外掛最低要求 WordPress 4.4 以上版本才可以安裝。
- 有 16 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
maymay |
外掛標籤
pgp | email | privacy | security | encryption |
內容簡介
WP PGP Encrypted Emails 能自動簽署和加密 WordPress 發送至網站管理員電子郵件地址或使用者電子郵件地址的任何電子郵件。您提供收件人的 OpenPGP 公鑰和/或 S/MIME 憑證的副本,它便可進行其餘操作。您甚至可以自動生成您站點使用的 OpenPGP 簽署金鑰對。加密發出的電子郵件可確保只有使用者本人能閱讀該郵件,保護使用者的隱私,此外,簽署電子郵件可幫助使用者驗證他們收到的信件確實是由您的服務器發送而非冒名頂替者的偽冒郵件。若您是外掛或主題開發人員,您可以使用本外掛的 OpenPGP 和 S/MIME APIs 對任意數據進行加密和/或簽署,這兩個 APIs 是由常見的標準 WordPress filter hook 構建的。這可讓您開發高度安全的通信和發布工具,完全集成於 WordPress 安裝中。有關加密實現和 API 使用的詳細信息,請參閱README.markdown文件。
捐款對我和其他免費軟件外掛貢獻了不少收入。如果您愉享此外掛,請考慮捐款。感謝您支持!
外掛功能:
自動、透明地處理所有網站生成的電子郵件。
配置發出郵件的簽署:對所有收件人簽名或只對明白門道的收件人簽名。
每個使用者的加密金鑰和憑證,讓使用者管理自己的 OpenPGP 金鑰和 S / MIME 憑證。
與成千上萬的第三方聯繫表單外掛兼容。
完全互通所有符合標準的 OpenPGP 和 S/MIME 實現。
提供進一步的隱私最佳實踐選項(例如,刪除 主題 行)。
完全多站點兼容,無需進一步的配置!
無需安裝或配置二進位文件;您所需要的一切都在外掛本身中。
包括鈴聲和口哨!例如,訪客可以加密對帖子的評論,以便僅有作者能閱讀它們。
與流行的第三方外掛(例如WooCommerce)內置的可定制集成。
永遠免費。取代針對電子郵件加密的付費「升級」,並擺脫年度訂閱費用。(感謝捐款)。
當然還有更多。😉
外掛透明地處理網站生成的所有電子郵件,也會對其他外掛(例如聯繫表單外掛)或內置的 WordPress 通知電子郵件所生成的發送電子郵件進行簽署和加密。您只需在電子郵件加密屏幕(WordPress 管理儀表板→ 設置→ 電子郵件加密)中添加一個或多個 OpenPGP 金鑰或一個 S/MIME 憑證即可。每個使用者都可以選擇刪除信封信息,例如電子郵件主題行,因為加密方式無法保護它們。使用此外掛後,您無需再為「專業版」的升級付費,也不必煩惱年度訂閱費用。
原文外掛簡介
WP PGP Encrypted Emails can automatically sign and encrypt any email that WordPress sends to your site’s admin email address or your users’s email addresses. You give it a copy of the recipient’s OpenPGP public key and/or their S/MIME certificate, and it does the rest. You can even automatically generate an OpenPGP signing keypair for your site to use.
Encrypting outgoing emails protects your user’s privacy by ensuring that emails intended for them can be read only by them, and them alone. Moreover, signing those emails helps your users verify that email they receive purporting to be from your site was actually sent by your server, and not some imposter. If you’re a plugin or theme developer, you can encrypt and/or sign arbitrary data using this plugin’s OpenPGP and S/MIME APIs, which are both built with familiar, standard WordPress filter hooks. This enables you to develop highly secure communication and publishing tools fully integrated with your WordPress install. See the README.markdown file for details on cryptographic implementation and API usage.
Donations for this and my other free software plugins make up a chunk of my income. If you continue to enjoy this plugin, please consider making a donation. 🙂 Thank you for your support!
Plugin features:
Processes all email your site generates, automatically and transparently.
Configure outbound signing: sign email sent to all recipients, or just savvy ones.
Per-user encryption keys and certificates; user manages their own OpenPGP keys and S/MIME certificates.
Compatible with thousands (yes, thousands) of third-party contact form plugins.
Full interoperability with all standards-compliant OpenPGP and S/MIME implementations.
Options to enforce further privacy best practices (e.g., removing Subject lines).
Fully multisite compatible, out of the box. No additional configuration for large networks!
No binaries to install or configure; everything you need is in the plugin itself.
Bells and whistles included! For instance, visitors can encrypt comments on posts so only the author can read them.
Built-in, customizable integration with popular third-party plugins, such as WooCommerce.
Always FREE. Replaces paid email encryption “upgrades,” and gets rid of yearly subscription fees. (Donations appreciated!)
And more, of course. 😉
The plugin works transparently for all email your site generates, and will also sign and encrypt outgoing email generated by other plugins (such as contact form plugins) or the built-in WordPress notification emails. All you have to do is add one or more OpenPGP keys or an S/MIME certificate to the Email Encryption screen (WordPress Admin Dashboard → Settings → Email Encryption). Each user can opt to also remove envelope information such as email subject lines, which encryption schemes cannot protect. With this plugin, there’s no longer any need to pay for the “pro” version of your favorite contact form plugin to get the benefit of email privacy.
Each of your site’s users can supply their own, personal OpenPGP public key and/or X.509 S/MIME certificate for their own email address to have WordPress automatically encrypt any email destined for them. (They merely need to update their user profile.) They can choose which encryption method to use. Once set up, all future emails WordPress sends to that user will be encrypted using the standards-based OpenPGP or S/MIME technologies.
The OpenPGP-encrypted emails can be decrypted by any OpenPGP-compatible mail client, such as MacGPG (macOS), GPG4Win (Windows), Enigmail (cross-platform), OpenKeychain (Android), or iPGMail (iPhone/iOS). For more information on reading encrypted emails, generating keys, and other uses for OpenPGP-compatible encryption, consult any (or all!) of the following guides:
The Electronic Frontier Foundation’s Surveillance Self-Defense guide to PGP
RiseUp.net’s OpenPGP best practices guide
OpenPGP.org
The S/MIME-encrypted emails can be decrypted by any S/MIME-compatible mail client. These include Apple’s Mail on macOS and iOS for iPhone and iPad, Microsoft Outlook, Claws Mail for GNU/Linux, and more.
For developers, WP PGP Encrypted Emails provides an easy to use API to both OpenPGP and S/MIME encryption, decryption, and integrity validation operations through the familiar WordPress plugin API so you can use this plugin’s simple filter hooks to build custom OpenPGP- or S/MIME-based encryption functionality into your own plugins and themes.
Security Disclaimer
Security is a process, not a product. Using WP PGP Encrypted Emails does not guarantee that your site’s outgoing messages are invulnerable to every attacker, in every possible scenario, at all times. No single security measure, in isolation, can do that.
Do not rely solely on this plugin for the security or privacy of your webserver. See the Frequently Asked Questions for more security advice and for more information about the rationale for this plugin.
If you like this plugin, please consider making a donation for your use of the plugin or, better yet, contributing directly to my Cyberbusking fund. Your support is appreciated!
Themeing
Theme authors can use the following code snippets to integrate a WordPress theme with this plugin.
To link to a site’s OpenPGP signing public key:
Plugin hooks
This plugin offers additional functionality intended for other plugin developers or theme authors to make use of. This functionality is documented here.
Filters
`wp_user_encryption_method`
Gets the user’s preferred encryption method (either pgp or smime), if they have provided both an OpenPGP public key and an S/MIME certificate.
Optional arguments:
WP_User $user – The WordPress user object. Defaults to the current user.
`wp_openpgp_user_key`
Gets the user’s saved OpenPGP public key from their WordPress profile data, immediately usable in other openpgp_* filters.
Optional arguments:
WP_User $user – The WordPress user object. Defaults to the current user.
`openpgp_enarmor`
Gets an ASCII-armored representation of an OpenPGP data structure (like a key, or an encrypted message).
Required parameters:
string $data – The data to be armored.
Optional parameters:
string $marker – The marker of the block (the text that follows -----BEGIN). Defaults to MESSAGE, but you should set this to a more appropriate value. If you are armoring a PGP public key, for instance, set this to PGP PUBLIC KEY BLOCK.
string[] $headers – An array of strings to apply as headers to the ASCII-armored block, usually used to insert comments or identify the OpenPGP client used. Defaults to array() (no headers).
Example: ASCII-armor a binary public key.
$ascii_key = apply_filters('openpgp_enarmor', $public_key, 'PGP PUBLIC KEY BLOCK');
`openpgp_key`
Gets a binary OpenPGP public key for use in later PGP operations from an ASCII-armored representation of that key.
Required parameters:
string $key – The ASCII-armored PGP public key block.
Example: Get a key saved as an ASCII string in the WordPress database option my_plugin_pgp_public_key.
$key = apply_filters('openpgp_key', get_option('my_plugin_pgp_public_key'));
`openpgp_sign`
Clearsigns a message using a given private key.
Required parameters:
string $data – The message data to sign.
OpenPGP_SecretKeyPacket $signing_key – The signing key to use, obtained by passing the ASCII-armored private key through the openpgp_key filter.
Example: Sign a short string.
$message = 'This is a message to sign.';
$signing_key = apply_filters('openpgp_key', $ascii_key);
$signed_message = apply_filters('openpgp_sign', $message, $signing_key);
// $signed_message is now a clearsigned message
`openpgp_encrypt`
Encrypts data to one or more PGP public keys or passphrases.
Required arguments:
string $data – Data to encrypt.
array|string $keys – Passphrases or keys to use to encrypt the data.
Example: Encrypt the content of a blog post.
// First, get the PGP public key(s) of the recipient(s)
$ascii_key = '-----BEGIN PGP PUBLIC KEY BLOCK-----
[...snipped for length...]
-----END PGP PUBLIC KEY BLOCK-----';
$encryption_key = apply_filters('openpgp_key', $ascii_key);
$encrypted_post = apply_filters('openpgp_encrypt', $post->post_content, $encryption_key);
// Now you can safely send or display $encrypted_post anywhere you like and only
// those who control the corresponding private key(s) can decrypt it.
`openpgp_sign`
Signs a message (arbitrary data) with the given private key.
Note that if your plugin uses the built-in WordPress core wp_mail() function and this plugin is active, your plugin’s outgoing emails are already automatically signed so you do not need to do anything. This filter is intended for use by plugin developers who want to create custom, trusted communiques between WordPress and some other system.
Required arguments:
string $data – The data to sign.
Optional arguments:
OpenPGP_SecretKeyPacket $privatekey – The private key used for signing the message. The default is to use the private key automatically generated during plugin activation. The automatically generated keypair is intended to be a low-trust, single-purpose keypair for your website itself, so you probably do not need or want to use this argument yourself.
Example: Send a signed, encrypted JSON payload to a remote, insecure server.
$comment_data = get_comment(2); // get a WP_Comment object with comment ID 2
// Create JSON payload
$json = array('success' => true, 'action' => 'new_comment', 'data' => $comment_data);
$url = 'http://insecure.example.com/';
$response = wp_safe_remote_post($url, array(
));
`openpgp_sign_and_encrypt`
A convenience filter that applies openpgp_sign and then openpgp_encrypt to the result.
Required arguments:
string $data – The data to sign and encrypt.
string $signing_key – The signing key to use.
array|string $recipient_keys_and_passphrases – Public key(s) of the recipient(s), or passphrases to encrypt to.
`wp_openpgp_user_key`
Gets the user’s saved S/MIME public certificate from their WordPress profile data, immediately usable in other smime_* filters.
Optional arguments:
WP_User $user – The WordPress user object. Defaults to the current user.
`smime_certificate`
Gets a PHP resource handle to an X.509 Certificate.
Required arguments:
mixed $cert – The certificate, either as a string to a file, or raw PEM-encoded certificate data.
`smime_certificate_pem_encode`
Encodes (“exports”) a given X.509 certificate as PEM format.
Required arguments:
resource $cert
`smime_encrypt`
Encrypts a message as an S/MIME email given a public certificate.
Required arguments:
string $message – The message contents to encrypt.
string|string[] $headers – The message headers for the encrypted part.
resource|array $certificates – The recipient’s certificate, or an array of recipient certificates.
This filter returns an array with two keys, headers and message, wherein the message is encrypted.
Example: send an encrypted email via wp_mail(). (You do not need to do this if the recipient is registered as your site’s user, because this plugin does that automatically. Only do this if you need to send S/MIME encrypted email to an address not stored in WordPress’s own database.)
$cert = apply_filters( 'smime_certificate', get_option( 'my_plugin_smime_certificate' ) );
$body = 'This is a test email message body.';
$head = array(
'From' => get_option( 'admin_email' ),
);
$smime_data = apply_filters( 'smime_encrypt', $body, $head, $cert );
if ( $smime_data ) {
wp_mail(
'[email protected]',
'Test message.',
$smime_data['message'], // message is sent encrypted
$smime_data['headers']
);
}
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「WP PGP Encrypted Emails」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
0.7 | 0.1.1 | 0.1.2 | 0.2.0 | 0.3.0 | 0.4.0 | 0.4.1 | 0.4.2 | 0.4.3 | 0.4.4 | 0.6.0 | 0.6.1 | 0.6.2 | 0.6.3 | 0.7.1 | 0.7.3 | 0.7.4 | 0.7.5 | 0.8.0 | trunk |
延伸相關外掛(你可能也想知道)
wp2pgpmail 》使用 wp2pgpmail,您的访客可以非常容易地向您发送 PGP 加密的消息。一个联系表单将提供加密的功能来发送给您机密信息。, 没有 PGP 密钥吗?试试我们的在线 P...。
PGP Key Generator 》使用 PGP Key Generator 外掛,您的訪問者可以生成自己的私人和公共 PGP 金鑰。此外,也可以使用此外掛加密和解密 PGP 消息。, 更多資訊,請查看 https://wp2...。
OpenPGP Form Encryption for WordPress 》此外掛使用 OpenPGP.js 為提供公鑰加密的功能。當你將的內容透過電子郵件或未加密的網路傳輸時,此外掛尤其有用。, 此外掛的 GitHub 存儲庫位於 https://gith...。
WP PGP email 》WP PGP email 允許您在使用者設定中加入 PGP 金鑰,並對發送給該使用者的任何郵件進行加密。, 基於 Tim Nash 的一個 Gist: https://gist.github.com/timnashc...。
Secure Messaging 》此外掛會自動使用你的 GPG 公鑰加密特定的 WordPress 訊息,以確保只有你可以閱讀該訊息。, 主要用於保護密碼重設電子郵件,這樣即使攻擊者入侵你的電子郵件...。
Cairn 》在網路上出售藝術品。Cairn旨在展示全屏幕下的藝術品,並能夠在多種顯示大小的平台上實現快速且安全的功能。, Cairn速度快,因為模板渲染是客戶端處理的。Cai...。