Securely Send Attachments via Python

Encrypt attachments to a standard email using the Virtru SDK

Photo by pineapple L on Unsplash

Greetings! Recently someone had a question about sending standard emails but encrypting the attachments. Luckily I was able to offer a solution that required minimal modification of their existing Python mailer script by encrypting just the attachments using the Virtru SDK.

Goal

Send a normal email with an encrypted attachment that the recipient can open with minimal hassle and no additional requirements on their computer. The encrypted file will use the TDF as an HTML wrapper to ensure universal access to the encrypted file.

Requirements

• Python3
• Python3 smtp lib
• Virtru SDK
• Virtru AppId
• Gmail SMTP Relay
• Github Project

Let's Dig Into the Code

Python Import

Import the required libraries to create an email and Virtru TDF.

import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.base import MIMEBase
from email import encoders
from virtru_tdf3_python import Client, Policy, EncryptFileParam, LogLevel, Protocol

Variable Definitions

Define all of the variables at the top of the python file for easy editing.

# SMTP Variables
smtp_from_address = "sender@example.com"
smtp_to_address = "to.recipient@domain.com"
smtp_cc_address = "cc.recipinet@domain.com"
# Virtru Variables
virtru_appid = "appid"
virtru_owner = "sender@example.com"
# File Variables
file_name_tdf = "hello world.txt.tdf3.html"
file_path_plain="/tmp/helloworld.txt"
file_path_tdf="/tmp/helloworld.txt.tdf3.html"

Virtru Encryption

These will:

• Create the Virtru SDK Client
• Create the Virtru Encryption policy
• Attach it to the Virtru SDK Client
• Encrypt the requested File

client = Client(owner=virtru_owner, app_id=virtru_appid)
policy = Policy()
policy.share_with_users([smtp_to_address,smtp_cc_address])
param = EncryptFileParam(in_file_path=file_name_plain,
                         out_file_path=file_name_tdf)
param.set_policy(policy)
client.encrypt_file(encrypt_file_param=param)

SMTP

Using the smtplib library to create a multipart MIME message.

Steps:

• Builds Message object (msg)
• Sets Sender (From)
• Sets Recipients (To, CC)
• Sets Subject
• Sets Body
• Encodes the Body as base64
• Attaches the Encrypted File (TDF)
• Sets Header
• Sets SmartHost
• Enables TLS
• Sends Message

msg = MIMEMultipart()
msg['From'] = smtp_from_address
msg['To'] = smtp_to_address
msg['CC'] = smtp_cc_address
msg['Subject'] = "Test Email"
body = "Message Body"
msg.attach(MIMEText(body, 'plain'))
attachment = open(file_name_tdf, "rb")
p = MIMEBase('application', 'octet-stream')
p.set_payload((attachment).read())
encoders.encode_base64(p)
attachment_disposition = "attachment; filename= {}".format(filename)
p.add_header('Content-Disposition', attachment_disposition)
msg.attach(p)
s = smtplib.SMTP('smtp-relay.gmail.com', 587)
s.starttls()
text = msg.as_string()
s.sendmail(fromaddr, toaddr, text)
s.quit()

Closing

Securing attachments to an already existing process can be a daunting task. Leveraging the Virtru SDK to encrypt just the attachments to existing workflows can be a very simple exercise, just a few lines of code. The encryption policy can later be edited to add users, remove users or revoke access to the file as a whole. Virtru also offers access to the Audit events to see if the file was ever accessed.