![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to appnote.doc CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / doc|
Return to appnote.doc CVS log | Up to [PGP] / pgp / doc |
1.1 root 1: PGP 2.6 Application Note: Integrating PGP with mailers
2: Derek Atkins <[email protected]>
3: 22-May-94
4:
5: This document will try to describe how to create an
6: application around PGP version 2.6, in order to incorporate PGP into
7: mailers and news readers. There are a number of changes in 2.6 which
8: make it easier to write wrappers for PGP. In writing this, I may have
9: inadvertantly left out some functionality, some mailers, or some
10: machine types. I should warn readers now that I am a UNIX person, and
11: that most of this document will probably be in UNIX terms.
12:
13: The first thing to remember is that PGP usually needs to have
14: a controlling TTY in order to gather information, like the password,
15: or for the user to answer questions, like to whether to add or sign
16: keys. This is useful for text-based mail agents. In fact, it is most
17: useful for agents which use files for messages, like MH.
18:
19: One way to use PGP is to just decrypt the message into a file
20: and display that file. This can be a security risk, since wiping
21: files off disk is not always successful, and by having the plain-text
22: go to a file means more time for a possible attacker to get ahold of
23: the plain-text of the message.
24:
25: A better way to accomplish this is to use filter_mode, which
26: is the -f option. This tells PGP to read the message from stdin, and
27: to put the output onto stdout. Unfortunately, in this manner, the
28: signature information is output onto stderr, so you will either lose
29: it, or it and all other PGP output will be put in the same stream with
30: the message, but this depends on your piping ability.
31:
32: PGP tries to send all "interesting" data to standard out, and
33: error messages to standard error. This lets you pick out the
34: interesting information and discard the rest. This also means that
35: you can use PGP in filter-mode as a back-end to some user interface,
36: and obtain the data in the manner. But remember that the current
37: implementation of PGP uses temporary files to store intermediate data,
38: so you are still at a risk, although it is much less of a risk than
39: just decrypting into a file.
40:
41: This works well when dealing with a command-line mailer, or a
42: mailer that is run in a terminal. There are problems with this
43: approach, however, if you do not have a TTY in which to get a password
44: to decrypt or sign messages. It seems that there would not be a good
45: way around this, but then again, PEM is going to have this same
46: problem. (An example that I can think of is integrating with xmh).
47:
48: However, there is a way around this in some cases. PGP has
49: numerous ways to accept the passphrase other than just promping for
50: it. One way, which is not recommended, is to use the "-z" option to
51: set the passphrase. Again, this is *NOT* recommended, since some
52: operating systems will not allow the program to erase the process
53: table, and someone can retreive the pass phrase from there via a "ps"
54: listing of active processes. A similar way to get the pass phrase in
55: is to use the PGPPASS environment variable. Again, this has the same
56: problems as "-z" with regards to an attacker finding the passphrase in
57: the OS kernel memory of the process table.. An example of this usage
58: is:
59:
60: pgp -sat -z "This is my pass phrase" inputfile
61:
62: There is a better way of doing this in PGP 2.6, which is an
63: environment variable called "PGPPASSFD". If this is set, it means
64: that the FIRST thing PGP will do is read the pass phrase from this
65: file descriptor. So, for example, one can set PGPPASSFD to "0"
66: (zero), and then PGP will read the pass phrase from stdin as the first
67: thing. This allows you to send the passphrase to PGP in a manner
68: invisible to someone armed with the process listing.
69:
70: For example, an emacs utility could grab the block to be
71: encrypted (or decrypted), ask the user for the pass phrase in the
72: mini-buffer, and then do the equivalent of this shell script, using
73: something like:
74:
75: (send-string PROCESS "PassPhrase")
76: (send-region PROCESS (point-min) (point-max))
77:
78: ---begin---
79: #!/bin/sh
80:
81: PGPPASSFD=0; export PGPPASSFD
82:
83: (echo "PassPhraseHere"; cat filename ) | pgp -feast recipient1 recipient2...
84: ---end---
85:
86: I must admit, this is a crude script, since it doesn't strip
87: out stderr, which included the bannerlines and error messages, but
88: that is not difficult to do out of band.
89:
90: This is an example perl script that demonstrates the use of PGPPASSFD:
91:
92: ---begin---
93: #!/usr/local/bin/perl
94: #
95: # perl example for PGPPASSFD,
96: # encrypts stream with password 'test'
97: #
98:
99: pipe(READER,WRITER);
100:
101: if (!fork) {
102: close(WRITER);
103: $ENV{'PGPPASSFD'}=fileno(READER);
104: # the $^F (Ctrl-F) variable controls close-on-exec of files
105: $=fileno(READER);
106: exec "pgp -acf";
107: die "can't exec pgp\n";
108: }
109: close(READER);
110: syswrite(WRITER, "test\n", 5);
111: close(WRITER);
112: wait
113: ---end---
114:
115: Another feature of 2.6 which can be utilized in mailer scripts
116: is the batchmode feature. This is used in the key-server software
117: (see keyserv.doc), to allow a process to call PGP and have it perform
118: without prompting the user for anything. It will take the default
119: answer to most questions, which may not be what the user wants. This
120: is switched by adding "+batchmode" to the command line.
121:
122: One more mailer I should mention, and this is probably the
123: most important of all of them, is MIME compatibility. In order to use
124: MIME, a user needs to create a proper entry for PGP. Unfortunately
125: there is not yet a standard MIME content-type for PGP-MIME. However
126: there is a recommended set of mailcap entries which would be useful
127: for using metamail:
128:
129: application/pgp; pgp -f < %s | metamail; needsterminal; \
130: test=test %{encapsulation}=entity
131: application/pgp; pgp %s; needsterminal
132:
133: I hope that this document has helped people understand some of
134: the work being done to integrate PGP with mailers. There is some work
135: going on already to integrate it even more. If you have a mailer for
136: which there is no PGP handler, and you want to write one, please let
137: me know, so that we don't duplicate work. In addition, if you have
138: written a mailer application, and its not included here in the
139: release, again let me know.
140:
141: A second contact for this is Colin Plumb <[email protected]>.
142:
143: Have fun!
144:
145: -derek <[email protected]>
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.