![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to appnote.doc CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp|
Return to appnote.doc CVS log | Up to [PGP] / pgp |
1.1 root 1: PGP 2.2 Application Note: Integrating PGP with mailers
2: Derek Atkins <[email protected]>
3: 6-Mar-93
4:
5: This document will try to describe how to create an
6: application around PGP version 2.2, in order to incorporate PGP into
7: mailers and news readers. There are a number of changes in 2.2 which
8: make it easier to write wrappers for PGP. In writing this, I may have
9: inadvertantly left out some functionality, some mailers, or some
10: machine types. I should warn readers now that I am a UNIX person, and
11: that most of this document will probably be in UNIX terms.
12:
13: This document references scripts which are in the contrib
14: directory of PGP. Within the contrib area are scripts contributed to
15: the release. A lot of these scripts were written for PGP 2.1, so they
16: do not handle multiple recipients, or some of the new PGP features.
17:
18: The first thing to remember is that PGP usually needs to have
19: a controlling TTY in order to gather information, like the password,
20: or for the user to answer questions, like to whether to add or sign
21: keys. This is useful for text-based mail agents. In fact, it is most
22: useful for agents which use files for messages, like MH.
23:
24: One example for this is in the emacs directory. The e-lisp
25: pgp.el1 winds up saving the buffer to encrypt or decrypt to a file,
26: and then runs pgp on that file using the emacs interactive mode. It
27: looks the same as if you type "pgp filename" at the shell.
28:
29: However, this is not very interesting. While it is easy to to
30: this, it means that there are extra files being created on the disk.
31: This can be a security risk, since wiping files off disk is not always
32: successful, and by having the plain-text go to a file means more time
33: for a possible attacker to get ahold of the plain-text of the message.
34: A better way to accomplish this is to use filter_mode, which is the -f
35: option. This tells PGP to read the message from stdin, and to put the
36: output onto stdout. Unfortunately, in this manner, the signature
37: information is output onto stderr, so you will either lose it, or it
38: and all other PGP output will be put in the same stream with the
39: message, but this depends on your piping ability.
40:
41: An example of how to use this is the mailx script. This
42: script is supposed to run in place of the UNIX /bin/mail program. It
43: reads from stdin and will do the proper encryption and then execute
44: /bin/mail. This works by specifying a special user for the recipient
45: to encrypt and signature. This works by calling PGP with the
46: following arguments, and uses stdin and stdout for the mail input and
47: output. However, this script only is useful for sending mail, not
48: reading it.
49:
50: To just sign the message, in clear-text mode:
51: pgp -fast +clearsig=on
52: or to sign and encrypt:
53: pgp -feast user1 user2 user3...
54:
55: This works well when dealing with a command-line mailer, or a
56: mailer that is run in a terminal. There are problems, however, if you
57: do not have a TTY in which to get a password to decrypt or sign
58: messages. I'm not sure of a way around this, but then again, PEM is
59: going to have this same problem. (An example that I can think of is
60: integrating with xmh).
61:
62: There is a way around this, however, in some cases. One way,
63: which is not recommended, but can be used, is to use the "-z" option
64: to set the passphrase. Again, this is *NOT* recommended, since some
65: operating systems will not allow the program to erase the process
66: table, and someone can retreive the pass phrase from there. A similar
67: way to get the pass phrase in is to use the PGPPASS environment
68: variable. Again, this has the same problems. An example of this
69: usage is:
70:
71: pgp -sat +clearsig=on -z "This is my pass phrase" inputfile
72:
73: There is a better way of doing this in PGP 2.2, which is an
74: environment variable called "PGPPASSFD". If this is set, it means
75: that the FIRST thing PGP will do is read the pass phrase from this
76: file descriptor. So, for example, one can set PGPPASSFD to "0"
77: (zero), and then PGP will read the pass phrase from stdin as the first
78: thing.
79:
80: For example, an emacs utility could grab the block to be
81: encrypted (or decrypted), ask the user for the pass phrase in the
82: mini-buffer, and then do the equivalent of this shell script, using
83: something like:
84:
85: (send-string PROCESS "PassPhrase")
86: (send-region PROCESS (point-min) (point-max))
87:
88: ---begin---
89: #!/bin/sh
90:
91: PGPPASSFD=0;export PGPPASSFD
92:
93: (echo "PassPhraseHere"; cat ) | pgp -feast recipient1 recipient2...
94: ---end---
95:
96: I must admit, this is a crude script, since it doesn't strip
97: out stderr, which included the bannerlines and error messages, but
98: that is not difficult to do out of band.
99:
100: This is an example perl script that demonstrates the use of PGPPASSFD:
101:
102: ---begin---
103: #!/usr/local/bin/perl
104: #
105: # perl example for PGPPASSFD,
106: # encrypts stream with password 'test'
107: #
108:
109: pipe(READER,WRITER);
110:
111: if (!fork) {
112: close(WRITER);
113: $ENV{'PGPPASSFD'}=fileno(READER);
114: # the $^F (Ctrl-F) variable controls close-on-exec of files
115: $=fileno(READER);
116: exec "pgp -acf";
117: die "can't exec pgp\n";
118: }
119: close(READER);
120: syswrite(WRITER, "test\n", 5);
121: close(WRITER);
122: wait
123: ---end---
124:
125: Another feature of 2.2 which can be utilized in mailer scripts
126: is the batchmode feature. This is used in the key-server software
127: (see key-server.doc), which is not included in the release to allow a
128: process to call PGP, and have it perform without prompting the user
129: for anything. It will take the default answer to most questions,
130: which may not be what the user wants. This is switched by adding
131: "+batchmode" to the command line.
132:
133: One more mailer I should mention, and this is probably the
134: most important of all of them, is MIME compatibility. In order to use
135: MIME, a user needs to create a proper entry for PGP. Unfortunately
136: there hasn't, yet, been a standard MIME content-type created. One
137: possible mailcap entry would be:
138:
139: application/x-pgp: cat %s | pgp -f
140:
141: although there are a lot of possibilities. There is another
142: suggestion given in the mime directory in the contrib area, which I
143: haven't tested.
144:
145: I hope that this document has helped people understand some of
146: the work being done to integrate PGP with mailers. There is some work
147: going on already to integrate it even more. If you have a mailer for
148: which there is no PGP handler, and you want to write one, please let
149: me know, so that we don't duplicate work. In addition, if you have
150: written a mailer application, and its not included here in the
151: release, again let me know.
152:
153: A second contact for this is Colin Plumb <[email protected]>.
154:
155: Have fun!
156:
157: -derek <[email protected]>
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.