Annotation of pgp/doc/appnote.doc, revision 1.1
1.1 ! root 1: PGP 2.6 Application Note: Integrating PGP with mailers
! 2: Derek Atkins <[email protected]>
! 3: 22-May-94
! 4:
! 5: This document will try to describe how to create an
! 6: application around PGP version 2.6, in order to incorporate PGP into
! 7: mailers and news readers. There are a number of changes in 2.6 which
! 8: make it easier to write wrappers for PGP. In writing this, I may have
! 9: inadvertantly left out some functionality, some mailers, or some
! 10: machine types. I should warn readers now that I am a UNIX person, and
! 11: that most of this document will probably be in UNIX terms.
! 12:
! 13: The first thing to remember is that PGP usually needs to have
! 14: a controlling TTY in order to gather information, like the password,
! 15: or for the user to answer questions, like to whether to add or sign
! 16: keys. This is useful for text-based mail agents. In fact, it is most
! 17: useful for agents which use files for messages, like MH.
! 18:
! 19: One way to use PGP is to just decrypt the message into a file
! 20: and display that file. This can be a security risk, since wiping
! 21: files off disk is not always successful, and by having the plain-text
! 22: go to a file means more time for a possible attacker to get ahold of
! 23: the plain-text of the message.
! 24:
! 25: A better way to accomplish this is to use filter_mode, which
! 26: is the -f option. This tells PGP to read the message from stdin, and
! 27: to put the output onto stdout. Unfortunately, in this manner, the
! 28: signature information is output onto stderr, so you will either lose
! 29: it, or it and all other PGP output will be put in the same stream with
! 30: the message, but this depends on your piping ability.
! 31:
! 32: PGP tries to send all "interesting" data to standard out, and
! 33: error messages to standard error. This lets you pick out the
! 34: interesting information and discard the rest. This also means that
! 35: you can use PGP in filter-mode as a back-end to some user interface,
! 36: and obtain the data in the manner. But remember that the current
! 37: implementation of PGP uses temporary files to store intermediate data,
! 38: so you are still at a risk, although it is much less of a risk than
! 39: just decrypting into a file.
! 40:
! 41: This works well when dealing with a command-line mailer, or a
! 42: mailer that is run in a terminal. There are problems with this
! 43: approach, however, if you do not have a TTY in which to get a password
! 44: to decrypt or sign messages. It seems that there would not be a good
! 45: way around this, but then again, PEM is going to have this same
! 46: problem. (An example that I can think of is integrating with xmh).
! 47:
! 48: However, there is a way around this in some cases. PGP has
! 49: numerous ways to accept the passphrase other than just promping for
! 50: it. One way, which is not recommended, is to use the "-z" option to
! 51: set the passphrase. Again, this is *NOT* recommended, since some
! 52: operating systems will not allow the program to erase the process
! 53: table, and someone can retreive the pass phrase from there via a "ps"
! 54: listing of active processes. A similar way to get the pass phrase in
! 55: is to use the PGPPASS environment variable. Again, this has the same
! 56: problems as "-z" with regards to an attacker finding the passphrase in
! 57: the OS kernel memory of the process table.. An example of this usage
! 58: is:
! 59:
! 60: pgp -sat -z "This is my pass phrase" inputfile
! 61:
! 62: There is a better way of doing this in PGP 2.6, which is an
! 63: environment variable called "PGPPASSFD". If this is set, it means
! 64: that the FIRST thing PGP will do is read the pass phrase from this
! 65: file descriptor. So, for example, one can set PGPPASSFD to "0"
! 66: (zero), and then PGP will read the pass phrase from stdin as the first
! 67: thing. This allows you to send the passphrase to PGP in a manner
! 68: invisible to someone armed with the process listing.
! 69:
! 70: For example, an emacs utility could grab the block to be
! 71: encrypted (or decrypted), ask the user for the pass phrase in the
! 72: mini-buffer, and then do the equivalent of this shell script, using
! 73: something like:
! 74:
! 75: (send-string PROCESS "PassPhrase")
! 76: (send-region PROCESS (point-min) (point-max))
! 77:
! 78: ---begin---
! 79: #!/bin/sh
! 80:
! 81: PGPPASSFD=0; export PGPPASSFD
! 82:
! 83: (echo "PassPhraseHere"; cat filename ) | pgp -feast recipient1 recipient2...
! 84: ---end---
! 85:
! 86: I must admit, this is a crude script, since it doesn't strip
! 87: out stderr, which included the bannerlines and error messages, but
! 88: that is not difficult to do out of band.
! 89:
! 90: This is an example perl script that demonstrates the use of PGPPASSFD:
! 91:
! 92: ---begin---
! 93: #!/usr/local/bin/perl
! 94: #
! 95: # perl example for PGPPASSFD,
! 96: # encrypts stream with password 'test'
! 97: #
! 98:
! 99: pipe(READER,WRITER);
! 100:
! 101: if (!fork) {
! 102: close(WRITER);
! 103: $ENV{'PGPPASSFD'}=fileno(READER);
! 104: # the $^F (Ctrl-F) variable controls close-on-exec of files
! 105: $�=fileno(READER);
! 106: exec "pgp -acf";
! 107: die "can't exec pgp\n";
! 108: }
! 109: close(READER);
! 110: syswrite(WRITER, "test\n", 5);
! 111: close(WRITER);
! 112: wait
! 113: ---end---
! 114:
! 115: Another feature of 2.6 which can be utilized in mailer scripts
! 116: is the batchmode feature. This is used in the key-server software
! 117: (see keyserv.doc), to allow a process to call PGP and have it perform
! 118: without prompting the user for anything. It will take the default
! 119: answer to most questions, which may not be what the user wants. This
! 120: is switched by adding "+batchmode" to the command line.
! 121:
! 122: One more mailer I should mention, and this is probably the
! 123: most important of all of them, is MIME compatibility. In order to use
! 124: MIME, a user needs to create a proper entry for PGP. Unfortunately
! 125: there is not yet a standard MIME content-type for PGP-MIME. However
! 126: there is a recommended set of mailcap entries which would be useful
! 127: for using metamail:
! 128:
! 129: application/pgp; pgp -f < %s | metamail; needsterminal; \
! 130: test=test %{encapsulation}=entity
! 131: application/pgp; pgp %s; needsterminal
! 132:
! 133: I hope that this document has helped people understand some of
! 134: the work being done to integrate PGP with mailers. There is some work
! 135: going on already to integrate it even more. If you have a mailer for
! 136: which there is no PGP handler, and you want to write one, please let
! 137: me know, so that we don't duplicate work. In addition, if you have
! 138: written a mailer application, and its not included here in the
! 139: release, again let me know.
! 140:
! 141: A second contact for this is Colin Plumb <[email protected]>.
! 142:
! 143: Have fun!
! 144:
! 145: -derek <[email protected]>
unix.superglobalmegacorp.com
This archive runs on limited infrastructure.
Preserving old code on modern bandwidth.
Automated agents are requested to crawl responsibly.
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to appnote.doc CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / doc