home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Ian & Stuart's Australian Mac: Not for Sale
/
Another.not.for.sale (Australia).iso
/
hold me in your arms
/
PGP Info
/
PGPFAQ6.ZIP
/
PGPFAQ-2.ASC
< prev
next >
Wrap
PGP Signed Message
|
1994-01-26
|
37KB
|
821 lines
-----BEGIN PGP SIGNED MESSAGE-----
6. Key Signatures
6.1. What is key signing?
OK, you just got a copy of John Smith's public encryption key. How do you
know that the key really belongs to John Smith and not to some impostor?
The answer to this is key signatures. They are similar to message
signatures in that they can't be forged. Let's say that you don't know
that you have John Smith's real key. But let's say that you DO have a
trusted key from Joe Blow. Let's say that you trust Joe Blow and that he
has added his signature to John Smith's key. By inference, you can now
trust that you have a valid copy of John Smith's key. That is what key
signing is all about. This chain of trust can be carried to several
levels, such as A trusts B who trusts C who trusts D, therefore A can
trust D. You have control in the PGP configuration file over exactly how
many levels this chain of trust is allowed to proceed. Be careful about
keys that are several levels removed from your immediate trust.
6.2. How do I sign a key?
From the command prompt, execute the following command:
PGP -ks [-u userid] <keyid>
A signature will be appended to already existing on the specified key.
Next, you should extract a copy of this updated key along with its
signatures using the "-kxa" option. An armored text file will be created.
Give this file to the owner of the key so that he may propagate the new
signature to whomever he chooses.
Be very careful with your secret keyring. Never be tempted to put a copy
in somebody else's machine so you can sign their public key - they could
have modified PGP to copy your secret key and grab your pass phrase.
It is not considered proper to send his updated key to a key server
yourself unless he has given you explicit permission to do so. After all,
he may not wish to have his key appear on a public server. By the same
token, you should expect that any key that you give out will probably
find its way onto the public key servers, even if you really didn't want
it there, since anyone having your public key can upload it.
6.3. Should I sign my own key?
Yes, you should sign each personal ID on your key. This will help to
prevent anyone from placing a phony address in the ID field of the key
and possibly having your mail diverted to them. Anyone changing a user
id to your key will be unable to sign the entry, making it stand out like
a sore thumb since all of the other entries are signed. Do this even if
you are the only person signing your key. For example, my entry in the
public key ring now appears as follows if you use the "-kvv" command:
Type bits/keyID Date User ID
pub 1024/90A9C9 1993/09/13 Gary Edstrom <gbe@netcom.com>
sig 90A9C9 Gary Edstrom <gbe@netcom.com>
Gary Edstrom <72677.564@compuserve.com>
sig 90A9C9 Gary Edstrom <gbe@netcom.com>
6.4. Should I sign X's key?
Signing someone's key is your indication to the world that you believe
that key to rightfully belong to that person, and that person is who he
purports to be. Other people may rely on your signature to decide
whether or not a key is valid, so you should not sign capriciously.
Some countries require respected professionals such as doctors or
engineers to endorse passport photographs as proof of identity for a
passport application - you should consider signing someone's key in the
same light. Alternatively, when you come to sign someone's key, ask
yourself if you would be prepared to swear in a court of law as to that
person's identity.
6.5. How do I verify someone's identity?
It all depends on how well you know them. Relatives, friends and
colleagues are easy. People you meet at conventions or key-signing
sessions require some proof like a driver's license or credit card.
6.6. How do I know someone hasn't sent me a bogus key to sign?
It is very easy for someone to generate a key with a false ID and send e-
mail with fraudulent headers, or for a node which routes the e-mail to
you to substitute a different key. Finger servers are harder to tamper
with, but not impossible. The problem is that whilst public key exchange
does not require a secure channel (eavesdropping is not a problem) it
does require a tamper-proof channel (key-substitution is a problem).
If it is a key from someone you know well and whose voice you recognize
then it is sufficient to give them a phone call and have them read their
key's fingerprint (obtained with PGP -kvc <userid>).
If you don't know the person very well then the only recourse is to
exchange keys face-to-face and ask for some proof of identity. Don't be
tempted to put your public key disk in their machine so they can add
their key - they could maliciously replace your key at the same time. If
the user ID includes an e-mail address, verify that address by exchanging
an agreed encrypted message before signing. Don't sign any user IDs on
that key except those you have verified.
7. Revoking a key
7.1. My secret key ring has been stolen or lost, what do I do?
Assuming that you selected a good solid random pass phrase to encrypt
your secret key ring, you are probably still safe. It takes two parts to
decrypt a message, the secret key ring, and its pass phrase. Assuming you
have a backup copy of your secret key ring, you should generate a key
revocation certificate and upload the revocation to one of the public key
servers. Prior to uploading the revocation certificate, you might add a
new ID to the old key that tells what your new key ID will be. If you
don't have a backup copy of your secret key ring, then it will be
impossible to create a revocation certificate under the present version
of pgp. This is another good reason for keeping a backup copy of your
secret key ring.
7.2. I forgot my pass phrase. Can I create a key revocation certificate?
YOU CAN'T, since the pass phrase is required to create the certificate!
The way to avoid this dilemma is to create a key revocation certificate
at the same time that you generate your key pair. Put the revocation
certificate away in a safe place and you will have it available should
the need arise. You need to be careful how you do this, however, or you
will end up revoking the key pair that you just generated and a
revocation can not be reversed. After you have generated your key pair
initially, extract your key to an ASCII file using the -kxa option. Next,
create a key revocation certificate and extract the revoked key to
another ASCII file using the -kxa option again. Finally, delete the
revoked key from your public key ring using the -kr option and put your
non-revoked version back in the ring using the -ka option. Save the
revocation certificate on a floppy so that you don't lose it if you crash
your hard disk sometime.
8. Public Key Servers
8.1. What are the Public Key Servers?
Public Key Servers exist for the purpose of making your public key
available in a common database where everybody can have access to it for
the purpose of encrypting messages to you. While a number of key servers
exist, it is only necessary to send your key to one of them. The key
server will take care of the job of sending your key to all other known
servers. As of 06-Dec-93 there are about 2,600 keys on the key servers.
The rate of growth is increasing rapidly.
8.2. What public key servers are available?
The following is a list of all of the known public key servers active as
of the publication date of this FAQ. I try to keep this list current by
requesting keys from a different server every few days on a rotating
basis. Any changes to this list should be posted to alt.security.pgp and
a copy forwarded to me for inclusion in future releases of the PGP FAQ.
Changes:
24-Jan-94 Added message announcing WWW access to public keyserver
on martigny.ai.mit.edu
24-Jan-94 Verified the existance of pgp-public-keys@sw.oz.au and
corrected its address.
21-Jan-94 Added pgp-public-keys@ext221.sra.co.jp to list.
20-Jan-94 Added pgp-public-keys@kub.nl to list.
17-Jan-94 Added pgp-public-keys@jpunix.com to key servers no longer
operational.
Internet sites:
pgp-public-keys@demon.co.uk
Mark Turner <mark@demon.co.uk>
FTP: ftp.demon.co.uk:/pub/pgp/pubring.pgp
Verified: 19-Jan-94
pgp-public-keys@fbihh.informatik.uni-hamburg.de
Vesselin V. Bontchev <bontchev@fbihh.informatik.uni-hamburg.de>
FTP: ftp.informatik.uni-hamburg.de:/pub/virus/misc/pubkring.pgp
Verified: 03-Jan-94
public-key-server@martigny.ai.mit.edu
Brian A. LaMacchia <public-key-server-request@martigny.ai.mit.edu>
FTP: None
Verified: 16-Jan-94
pgp-public-keys@pgp.ox.ac.uk
Paul Leyland <pcl@ox.ac.uk>
FTP: None
Verified: 18-Jan-94
pgp-public-keys@dsi.unimi.it
David Vincenzetti <vince@dsi.unimi.it>
FTP: ghost.dsi.unimi.it:/pub/crypt/public-keys.pgp
Verified: 18-Jan-94
pgp-public-keys@kub.nl
Teun Nijssen <teun@kub.nl>
FTP: None
Verified: 18-Jan-94
pgp-public-keys@ext221.sra.co.jp
Hironobu Suzuki <hironobu@sra.co.jp>
FTP: None
Verified: 20-Jan-94
pgp-public-keys@sw.oz.au
Jeremy Fitzhardinge <jeremy@sw.oz.au>
FTP: Unknown
Verified: 24-Jan-94
I have previously verified the existance of the following key server, but
have been unable to reach it since the date indicated. If anyone has any
information concerning it, please forward it to me so that I can update
this list.
pgp-public-keys@kiae.su
FTP: Unknown
Last Attempt: 19-Jan-94
Last Verified: 11-Dec-93
The following key servers are no longer in operation:
pgp-public-keys@junkbox.cc.iastate.edu
pgp-public-keys@toxicwaste.mit.edu
pgp-public-keys@phil.utmb.edu
pgp-public-keys@pgp.iastate.edu
pgp-public-keys@jpunix.com
BBS sites:
Unknown
===============
From: bal@zurich.ai.mit.edu (Brian A. LaMacchia)
Newsgroups: alt.security.pgp
Subject: Announcing WWW access to public keyserver on martigny.ai.mit.edu
Date: 22 Jan 94 00:19:37
Announcing a new way to access public keyservers...
The public keyserver running on martigny.ai.mit.edu may now be accessed
via a World Wide Web client with forms support (such as Mosaic). In your
favorite WWW client, open the following URL to start:
http://martigny.ai.mit.edu/~bal/pks-toplev.html
Access to keys on the server is immediate. You can also submit new keys
and/or signatures in ASCII-armored format to the server. New keys are
processed every 10 minutes (along with server requests that arrive by e-
mail).
The martigny.ai.mit.edu keyserver currently syncs directly with these
other keyservers:
pgp-public-keys@demon.co.uk
pgp-public-keys@pgp.ox.ac.uk
pgp-public-keys@ext221.sra.co.jp
pgp-public-keys@kub.nl
NOTE! This service is experimental, and has limited options at present.
I expect to be making changes to the server over the next few weeks to
make it more useful. I would appreciate any bug reports, comments or
suggestions you might have.
--Brian LaMacchia
bal@martigny.ai.mit.edu
public-key-server-request@martigny.ai.mit.edu
===============
8.3. What is the syntax of the key server commands?
The remailer expects to see one of the following commands placed in the
subject field. Note that only the ADD command uses the body of the
message.
-------------------------------------------------------------
ADD Your PGP public key (key to add is body of msg) (-ka)
INDEX List all PGP keys the server knows about (-kv)
VERBOSE INDEX List all PGP keys, verbose format (-kvv)
GET Get the whole public key ring (-kxa *)
GET <userid> Get just that one key (-kxa <userid>)
MGET <userid> Get all keys which match <userid>
LAST <n> Get all keys uploaded during last <n> days
-------------------------------------------------------------
If you wish to get the entire key ring and have access to FTP, it would
be a lot more efficient to use FTP rather than e-mail. Using e-mail, the
entire key ring can generate a many part message, which you will have to
reconstruct into a single file before adding it to your key ring.
9. Bugs
> Where should I send bug reports?
Post all of your bug reports concerning PGP to alt.security.pgp and
forward a copy to me for possible inclusion in future releases of the
FAQ. Please be a aware that the authors of PGP might not acknowledge bug
reports sent directly to them. Posting them on USENET will give them the
widest possible distribution in the shortest amount of time. The
following list of bugs is limited to version 2.2 and later. For bugs in
earlier versions, refer to the documentation included with the program.
> Version 2.3 for DOS has a problem with clear signing messages. Anyone
using version 2.3 for DOS should upgrade to version 2.3a.
> Version 2.2 for DOS has a problem of randomly corrupting memory, which
can (and sometimes does) make DOS trash your hard disk.
10. Related News Groups
alt.privacy.clipper Clipper, Capstone, Skipjack, Key Escrow
alt.security general security discussions
alt.security.index index to alt.security
alt.security.pgp discussion of PGP
alt.security.ripem discussion of RIPEM
alt.society.civil-liberty general civil liberties, including privacy
comp.compression discussion of compression algorithms
comp.org.eff.news News reports from EFF
comp.org.eff.talk discussion of EFF related issues
comp.patents discussion of S/W patents, including RSA
comp.risks some mention of crypto and wiretapping
comp.society.privacy general privacy issues
comp.security.announce announcements of security holes
misc.legal.computing software patents, copyrights, computer laws
sci.crypt methods of data encryption/decryption
sci.math general math discussion
talk.politics.crypto general talk on crypto politics
11. Recommended Reading
> The Code Breakers
The Story of Secret Writing
By David Kahn
The MacMillan Publishing Company (1968)
866 Third Avenue, New York, NY 10022
Library of Congress Catalog Card Number: 63-16109
ISBN: 0-02-560460-0
This has been the unofficial standard reference book on the history of
cryptography for the last 25 years. It covers the development of
cryptography from ancient times, up to 1967. It is interesting to read
about the cat and mouse games that governments have been playing with
each other even to this day. I have been informed by Mats Lofkvist <d87-
mal@nada.kth.se> that the book has been reissued since its original
printing. He found out about it from the 'Baker & Taylor Books'
database. I obtained my original edition from a used book store. It is
quite exhaustive in its coverage with 1164 pages. When I was serving in
the United States Navy in the early 1970's as a cryptographic repair
technician, this book was considered contraband and not welcome around my
work place, even though it was freely available at the local public
library. This was apparently because it mentioned several of the pieces
of secret cryptographic equipment that were then in use in the military.
> The following list was taken from the PGP documentation:
Dorothy Denning, "Cryptography and Data Security", Addison-Wesley, Reading,
MA 1982
Dorothy Denning, "Protecting Public Keys and Signature Keys", IEEE
Computer, Feb 1983
Martin E. Hellman, "The Mathematics of Public-Key Cryptography,"
Scientific American, Aug 1979
Steven Levy, "Crypto Rebels", WIRED, May/Jun 1993, page 54. (This is a
"must-read" article on PGP and other related topics.)
Ronald Rivest, "The MD5 Message Digest Algorithm", MIT Laboratory for
Computer Science, 1991
Availible from the net as RFC1321.
----------------
Also avalible at ghost.dsi.unimi.it and it's mirror at
nic.funet.fi:/pub/crypt/ghost.dsi.unimi.iti is: IDEA_chapter.3.ZIP, a
postscript text from the IDEA designer about IDEA.
Xuejia Lai, "On the Design and Security of Block Ciphers", Institute for
Signal and Information Processing, ETH-Zentrum, Zurich, Switzerland, 1992
Xuejia Lai, James L. Massey, Sean Murphy, "Markov Ciphers and
Differential Cryptanalysis", Advances in Cryptology- EUROCRYPT'91
Philip Zimmermann, "A Proposed Standard Format for RSA Cryptosystems",
Advances in Computer Security, Vol III, edited by Rein Turn, Artech
House, 1988
Bruce Schneier, "Applied Cryptography: Protocols, Algorithms, and Source
Code in C", John Wiley & Sons, 1993 (coming in November)
Paul Wallich, "Electronic Envelopes", Scientific American, Feb 1993, page
30. (This is an article on PGP)
12. General Tips
> Some BBS sysops may not permit you to place encrypted mail or files on
their boards. Just because they have PGP in their file area, that
doesn't necessarily mean they tolerate you uploading encrypted mail or
files - so *do* check first.
> Fido net mail is even more sensitive. You should only send encrypted net
mail after checking that:
a) Your sysop permits it.
b) Your recipient's sysop permits it.
c) The mail is routed through nodes whose sysops also permit it.
> Get your public key signed by as many individuals as possible. It
increases the chances of another person finding a path of trust from
himself to you.
> Don't sign someone's key just because someone else that you know has
signed it. Confirm the identity of the individual yourself. Remember,
you are putting your reputation on the line when you sign a key.
========================================================================
Appendix I - PGP add-ons and Related Programs
========================================================================
Much of this section was taken from an old FAQ supplied to me for the
development of this list. This section will hopefully grow to contain a list
of every utility that has been written. I would appreciate it if the authors
of the various utilities could send me mail about their latest version, a
description, if source code is available, and where to get it. I will then
include the information in the next release of the FAQ.
If you have a utility, but don't know how to make it widely available, send
mail to David Vincenzetti <vince@dsi.unimi.it> who is crypto collection
maintainer at ghost.dsi.unimi.it. That ftp-site is weekly mirrored at
nic.funet.fi in area: /pub/crypt/ghost.dsi.unimi.it
========================================================================
> There are utilities in the source code for PGP. Get pgp23srcA.zip and
unpack with 'pkunzip -d pgp23srcA.zip' to get them all come up nicely
sorted in subdirectories.
Archimedes
> PGPwimp
From: Peter Gaunt
Current Version: 0.12
Where Available: ftp.demon.co.uk:/pub/archimedes
Information Updated: 21-Dec-93
A multi-tasking WIMP front-end for PGP (requires RISC OS 3). Operates on
files - it has no hooks to allow integration with mailers/newsreaders.
> RNscripts4PGP
From: pla@sktb.demon.co.uk (Paul L. Allen)
Current Version: 1.1
Where Available: ftp.demon.co.uk:/pub/archimedes
Information Updated: 12-Dec-93
A collection of scripts and a small BASIC program which integrate PGP
with the ReadNews mailer/newsreader. Provides encryp, decrypt, sign
signature-check, add key.
DOS / MS Windows
> HPACK79 PGP-compatible archiver
114243 Nov 20 07:08 garbo.uwasa.fi:/pc/arcers/hpack79.zip
146470 Dec 3 01:01 garbo.uwasa.fi:/pc/doc-soft/hpack79d.zip
511827 Dec 3 14:46 garbo.uwasa.fi:/pc/source/hpack79s.zip
667464 Dec 5 16:43 garbo.uwasa.fi:/unix/arcers/hpack79src.tar.Z
Where hpack79.zip is the MSDOS executable, hpack79d.zip is the Postscript
documentation, hpack79s.zip is the source code, and hpack79src.tar.Z is
the source code again but in tar.Z format (note that the latter is a tiny
bit more recent that hpack79s.zip and contains changes for the NeXT).
There is a (rather primitive) Macintosh executable somewhere on garbo as
well, possibly /mac/arcers/hpack79mac.cpt. OS/2 32-bit versions of
HPACK available for anonymous FTP from the UK. `ftp.demon.co.uk'
[158.152.1.65] in ~/pub/ibmpc/pgp
pgut1@cs.aukuni.ac.nz
p_gutmann@cs.aukuni.ac.nz
gutmann_p@kosmos.wcc.govt.nz
peterg@kcbbs.gen.nz
peter@nacjack.gen.nz
peter@phlarnschlorpht.nacjack.gen.nz
(In order of preference - one of 'ems bound to work)
> MENU.ZIP
Menushell for MSDOS. (Requires 4DOS or Norton's NDOS) You can customize
the menu for your own preferences. The name 'MENU' violates file naming
conventions on ftp-sites, so I guess it's hard to find this program
somewhere else. Exists at ghost.dsi.unimi.it area: /pub/crypt/ (ask
archie about 4DOS, a comand.com replacement)
> PBBS (Scheduled for release summer 1994)
Public Bulletin Board System (PBBS) ver 1.0 is a privacy-oriented host
BBS application designed with the "anonymous movement's" diverse needs in
mind. PBBS is a compact application at 75K, allowing it to be run off of
a floppy disk if desired, and requires no telecommunications experience
to operate. Installation of PBBS takes about 2 minutes flat, and is easy
to set up and maintain. Don't let the size fool you however, it packs a
powerful set of Zmodem, Ymodem, and Xmodem assembly-language protocols,
supports speeds up to 57,600 bps, door support, full ANSI-emulation, and
many more features!
Public BBS is an eclectic and powerful BBS and also the first bulletin
board system designed to work with Pretty Good Privacy (PGP), the public-
key encryption program. A unique Post Office within PBBS allows users to
send each other private "postcards" or to upload and download PGP-
encrypted messages to other user's mail boxes. PBBS also contains a
comprehensive public message base with "anonymous" read, write, and reply
options. PBBS has a built in emergency self-destruct sequence for the
sysop that desires an extra level of security. The ESD option will
completely shred all PBBS-related files on disk, assuring the sysop that
his or her BBS will not be compromised in any way. Look for Public BBS
to be released on all Internet sites and FidoNet BBS's as PBBS10.ZIP.
PBBS will change the face of cyber-fringe telecommunications forever!
Questions or comments please e-mail James Still at
<still@kailua.colorado.edu>.
> PGP-Front
From: Walter H. van Holst <121233@pc-lab.fbk.eur.nl>
Current Version:
Where Available: ghost.dsi.unimi.it:/pub/crypt
nic.funet.fi:/pub/crypt
Information Updated: 09-Jan-94
"PGP-Front is an interactive shell for Phill Zimmerman's Pretty Good
Privacy and is available since November 1993 on some of the biggest FTP-
sites. It features an easy to use interface for those who don't want to
learn all PGP flags by heart but still want to make use of its
versatility. The most used options of PGP are supported, including most
key-management options. An improved version is under development and
will feature support for some of the advanced options of PGP and a lot of
extra configuration options for PGP-Front itself. System requirements for
this beta-version:
- 80286 or better (will be lifted in version 1.00)
- MS/PC-DOS 3.11 or better
- Enough memory to run PGP plus an extra 512 bytes for PGP-Front, thanks
to Ralph Brown.
Any feedback on this project will be appreciated,
Walter H. van Holst <121233@pc-lab.fbk.eur.nl>"
> PGP-NG.ZIP
At nic.funet.fi; /pub/crypt/pgp-ng.zip. A norton Guide database for PGP
ver 2.0. Easy to find info for programmers about all the functions in the
source code, and users can more easily find their subject. Is any update
for the current version planned? Ask archie about the 2 Norton guide
clones that are out on the net.
> PGPSHELL
Date: 12-Jan-94
From: James Still <still@kailua.colorado.edu>
Subject: PGPShell Version 3.0
--------------------------------------------------------------------
FOR IMMEDIATE RELEASE
--------------------------------------------------------------------
PGPSHELL VERSION 3.0 PROGRAM RELEASE
PGPShell, a front-end DOS program for use with Philip Zimmermann's Pretty
Good Privacy (PGP) public-key encryption software, has just been upgraded
and released as version 3.0.
PGPShell incorporates easy to use, mouse-driven menus and a unique Key
Management Screen to easily display all public key ring information in a
flash. PGP encryption will never be the same again! Breeze through PGP
UserID's, KeyID's, Fingerprints, E-mail addresses, Signature's, Trust
Parameter's, and PGP's Validity ratings all in one screen, at one place,
and with a single mouse-click.
PGPShell is archived as pgpshe30.zip at many Internet sites including
garbo.uwasa.fi:/pc/crypt and oak.oakland.edu:/pub/msdos/security and has
been posted to the FidoNet Software Distribution Network (SDN) and should
be on all nodes carrying SDN in a week or so.
To immediately acquire version 3.0 by modem you can call the Hieroglyphic
Voodoo Machine BBS at +1 303 443 2457 or the GrapeVine BBS at +1 501 791
0124.
Questions or comments? Ping me at --> still@kailua.colorado.edu
> PGPUTILS.ZIP at ghost.dsi.unimi.it /pub/crypt/ is a collection of BAT-
files, and PIF-files for windows.
> PGPWinFront (PFW20.ZIP)
Date: Thu, 13 Jan 1994 11:06:31 -0500 (EST)
From: Ross Barclay <RBARCLAY@TrentU.ca>
Subject: FAQ addition
To: gbe@netcom.com
Hello,
I have a program called PGPWinFront that is a Windows front-end for PGP.
It is really quite good and has things like automatic message creation,
key management, editable command line, one button access to PGP
documentation, etc...
It is almost out in its second revision. It will be out on FTP sites very
soon, and is available currently, and will always be available, by my
automatic mail system.
If people send me (rbarclay@trentu.ca) a message with the subject GET
PWF it will be sent to them, in PGP's radix-64 format. Like I said, it
will also be available within the week on FTP sites. by the way my
program is FREEWARE. Check it out if you like. If you use Windows, I
think you'll find it very useful.
----------------------------------------------------------------------
Ross Barclay Internet: Barclay@TrentU.Ca
Ontario, Canada CI$ (rarely): 72172,31
Send me a message with the subject GET KEY to get my PGP public key.
----------------------------------------------------------------------
> Subject: Front End Announcement: PGP with TAPCIS
Sender: usenet@ttinews.tti.com (Usenet Admin)
Reply-To: 72027.3210@compuserve.com
Date: Tue, 3 Aug 1993 00:58:17 GMT
TAPCIS is a popular navigator/offline message reader used on PCs to
access CompuServe. An add-on program, TAPPKE (TAPcis Public Key
Encryption), has been uploaded to the CompuServe TAPCIS Support Forum
library under "scripts and tools;" this program is an interface between
TAPCIS message-writing facilities and PGP.
When you compose messages in TAPCIS, they get collected into a batch in a
.SND file along with some control information about where and how the
messages are to be posted or mailed; next time you go on-line to
CompuServe, TAPCIS processes any messages waiting in its .SND files. The
TAPPKE add-on can be run before you do this transmission step. TAPPKE
scans messages in a .SND file, and any message that contains a keyword
(##PRIVATE## or ##SIGNATURE##) is extracted and just that message is
handed to PGP for encryption or signature, then reinserted into the .SND
file for transmission.
All this is a simplified interface to make it more convenient to
encrypt/sign messages while still using the normal (and familiar)message
composition features of TAPCIS. TAPPKE doesn't do any encryption itself,
it merely invokes an external encryption engine to perform the indicated
tasks; you can even use it with encryption programs other than PGP if you
set up a few environment variables so TAPPKE will know what encryption
program to run and what command-line arguments to feed it. The default
configuration assumes PGP.
I don't see any point in posting TAPPKE anywhere besides on CompuServe,
since the only people who would have any use for it are TAPCIS users, and
they by definition have access to the CompuServe TAPCIS forum libraries.
However, it's free (I released it to the public domain, along with source
code), so anyone who wants to propagate it is welcome to do so.
Some mailers apparently munge my address; you might have to use
bsmart@bsmart.tti.com -- or if that fails, fall back to
72027.3210@compuserve.com. Ain't UNIX grand? "
> PWF12 A Windows front end for PGP
For all those MS Windows users who want a point and click PGP front end,
PGP WinFront 1.2 (PWF12) is for you. This program is an easy to use
Windows front end for PGP. You can access main PGP features more easily
than from DOS. This program features:
> A simple file management system
> The ability to create plaintext files to encrypt very easily using the
editor of your choice
> A quick way to shell to DOS to access esoteric PGP features
> Allows you to edit the command line to access the more specialised
features of PGP
> Plus more
Check it out; IT'S FREE and available by email.
TO GET THIS PROGRAM (PWF12.ZIP):
1) Send an email message to rbarclay@trentu.ca
2) The subject MUST READ: GET PWF
3) The body can be left blank.
You will be sent a two part signed Radix-64 ASCII Armoured zip file. Use
PGP to de-armour it. Read the document file fully. This program has a
number of features not mentioned here and you wouldn't want to miss them.
--
ross barclay
MAC
Unix
> Emacs Auto-PGP 1.02
===================
This is a bunch of Elisp, Perl and C to allow you to integrate PGP2
(version 2.2 or later) into your Emacs mailreader (and perhaps also your
newsreader).
Features:
o Scans the header of a message to be encrypted to determine the
recipients and thus the keys to use to encrypt.
o Incoming encrypted messages can be decrypted once and then stored in
plaintext, but ...
o Information about the recipient keys of an incoming encrypted message
is preserved.
o Incoming signed and encrypted messages are turned into clearsigned
messages (modulo some bugs/misfeatures in PGP).
o Signatures on incoming messages can be verified in place.
o You only have to type your passphrase once, but ...
o Your passphrase is not stored in your Emacs but in a separate small
program which can easily be killed, or replaced (e.g. by an X client
which pops up a window to confirm whether to supply the passphrase -
though no such program exists yet (-:).
o The stored passphrase can easily be used when using pgp from the Unix
command line by using the small wrapper program (which works just like
normal pgp) which the scripts themselves use.
o No modification to the PGP sources necessary.
WARNING: You should probably not use this software if it is likely that
an attacker could gain access to your account, for example because you
are not the sysadmin or the security on your system is dubious (this is
true of most networked Unix systems).
To install it:
Edit the file EDITME to reflect your situation, ie where you want stuff
installed, whether you want to pick up a version from your PATH or run it
via the explicit pathname, etc.
Type `make install'.
This should compile ringsearch and install the programs (using the
scripts included) as you specified in EDITME.
Edit the `dir' file in the Emacs Info directory - add a menu item for
Auto-PGP potining to the file `auto-pgp.info'.
Now read auto-pgp.info if you haven't done so already.
If you find a bug please READ THE SECTION ON REPORTING BUGS!
Ian Jackson <ijackson@nyx.cs.du.edu>
31st August 1993
> mailcrypt.el
From: jsc@mit.edu (Jin S Choi)
Current Version: 1.3
Where Available: gnu.emacs.sources
Info Updated: 21-Dec-93
This is an elisp package for encrypting and decrypting mail. I wrote
this to provide a single interface to the two most common mail encryption
programs, PGP and RIPEM. You can use either or both in any combination.
Includes:
VM mailreader support.
Support for addresses with spaces and <>'s in them.
Support for using an explicit path for the encryption executables.
Key management functions.
The ability to avoid some of the prompts when encrypting.
Assumes mc-default-scheme unless prefixed.
Includes menubar support under emacs 19 and gnus support.
> PGPPAGER ver. 1.1
Newsgroups: alt.security.pgp
From: abottone@minerva1.bull.it (Alessandro Bottonelli)
Subject: pgppager 1.1 sources
Date: Tue, 6 Jul 1993 11:37:06 GMT
pgppager, designed to be possibly integrated with elm mail reader. This
programs reads from a specified file or from stdin if no file is
specified and creates three temporary files i(header, encrypted, and
trailer) as needed, in order to store the header portion in clear text,
the encrypted portion still in cipher text, and the trailer portion of
the clear text. Then, if applicable, the clear text header is outputted,
the encrypted portion is piped through pgp as needed, then the trailer
(if any) is outputted. THIS PROCESS IS TRANSPARENT TO NON PGP ENCRYPTED
TEXTS
> rat-pgp.el
rat-pgp.el is a GNU Emacs interface to the PGP public key system. It
lets you easily encrypt and decrypt message, sign messages with your
secret key (to prove that it really came from you). It does signature
verification, and it provides a number of other functions. The
package is growing steadily as more is added. It is my intention that it
will eventually allow as much functionality as accessing PGP directly.
The most recent version of rat-pgp.el is always available via anonymous
FTP at ftp.ccs.neu.edu, directory /pub/ratinox/emacs-lisp/rat-pgp.el.
VAX/VMS
> ENCRYPT.COM is a VMS mail script that works fine for
joleary@esterh.wm.estec.esa.nl (John O'Leary)
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLUS7UEHZYsvlkKnJAQHGugQAh/sJfJ1+3lFsXqheI92RnWqG4enE4uu0
givRwbV0CsQdwifxw/TjUIoC4Q1pdb9DeUZBtoeMcSJVahNeQZKY/dnF1Rud9914
TMi963AHVuS1uQ6DMgNJlHxLEB19oxvFQ6IEREkmGHtata6XK/w5tK5au7K6M1WU
LscCpmEqVYU=
=f7aR
-----END PGP SIGNATURE-----