Encrypt and sign notifications in OTRS via PGP

Jens Bothe22. Aug 2017 | AdministrationConsultingUse cases

The Security Toolbox in OTRS allows to decrypt tickets in the backend and to sign and encrypt the notifications. Based on an already running PGP setup in the OTRS installation the following steps are needed:

  • verify that the web server (apache) is running as OTRS user (usually otrs)
  • verify that the .gnupg directory and content are owned by otrs
  • verify that the public keys of the agents are stored in the keyring
  • create a PGP key pair for the OTRS Notification sender (via gpg –gen-key)

Now let us start the configuration in the Sysconfig:

This will decrypt encrypted emails in the backend, so the content can be used to be analyzed in the Postmaster Filters or as content in the notifications. If needed you can store the decrypted body in the database which would allow full-text searches on the body.

As next step, you have to alter the settings for all notifications you want to sign and/or encrypt. In my system, the encryption will be used and notifications to agents without a known key will be suppressed.

All notifications will be signed and encrypted. If the original email was encrypted it will be decrypted and newly encrypted with the keys of the agents.

Your email address will not be published. Required fields are marked *