TEXT   17

appnote

Guest on 15th May 2022 04:12:50 AM

  1.   This document will try to describe how to create an
  2. application around PGP version 2.6, in order to incorporate PGP into
  3. mailers and news readers.  There are a number of changes in 2.6 which
  4. make it easier to write wrappers for PGP.  In writing this, I may have
  5. inadvertantly left out some functionality, some mailers, or some
  6. machine types.  I should warn readers now that I am a UNIX person, and
  7. that most of this document will probably be in UNIX terms.
  8.  
  9.         The first thing to remember is that PGP usually needs to have
  10. a controlling TTY in order to gather information, like the password,
  11. or for the user to answer questions, like to whether to add or sign
  12. keys.  This is useful for text-based mail agents.  In fact, it is most
  13. useful for agents which use files for messages, like MH.
  14.  
  15.         One way to use PGP is to just decrypt the message into a file
  16. and display that file.  This can be a security risk, since wiping
  17. files off disk is not always successful, and by having the plain-text
  18. go to a file means more time for a possible attacker to get ahold of
  19. the plain-text of the message.
  20.  
  21.         A better way to accomplish this is to use filter_mode, which
  22. is the -f option.  This tells PGP to read the message from stdin, and
  23. to put the output onto stdout.  Unfortunately, in this manner, the
  24. signature information is output onto stderr, so you will either lose
  25. it, or it and all other PGP output will be put in the same stream with
  26. the message, but this depends on your piping ability.
  27.  
  28.         PGP tries to send all "interesting" data to standard out, and
  29. error messages to standard error.  This lets you pick out the
  30. interesting information and discard the rest.  This also means that
  31. you can use PGP in filter-mode as a back-end to some user interface,
  32. and obtain the data in the manner.  But remember that the current
  33. implementation of PGP uses temporary files to store intermediate data,
  34. so you are still at a risk, although it is much less of a risk than
  35. just decrypting into a file.
  36.  
  37.         This works well when dealing with a command-line mailer, or a
  38. mailer that is run in a terminal.  There are problems with this
  39. approach, however, if you do not have a TTY in which to get a password
  40. to decrypt or sign messages.  It seems that there would not be a good
  41. way around this, but then again, PEM is going to have this same
  42. problem.  (An example that I can think of is integrating with xmh).
  43.  
  44.         However, there is a way around this in some cases.  PGP has
  45. numerous ways to accept the passphrase other than just promping for
  46. it.  One way, which is not recommended, is to use the "-z" option to
  47. set the passphrase.  Again, this is *NOT* recommended, since some
  48. operating systems will not allow the program to erase the process
  49. table, and someone can retreive the pass phrase from there via a "ps"
  50. listing of active processes.  A similar way to get the pass phrase in
  51. is to use the PGPPASS environment variable.  Again, this has the same
  52. problems as "-z" with regards to an attacker finding the passphrase in
  53. the OS kernel memory of the process table..  An example of this usage
  54. is:
  55.  
  56.         pgp -sat -z "This is my pass phrase" inputfile
  57.  
  58.         There is a better way of doing this in PGP 2.6, which is an
  59. environment variable called "PGPPASSFD".  If this is set, it means
  60. that the FIRST thing PGP will do is read the pass phrase from this
  61. file descriptor.  So, for example, one can set PGPPASSFD to "0"
  62. (zero), and then PGP will read the pass phrase from stdin as the first
  63. thing.  This allows you to send the passphrase to PGP in a manner
  64. invisible to someone armed with the process listing.
  65.  
  66.         For example, an emacs utility could grab the block to be
  67. encrypted (or decrypted), ask the user for the pass phrase in the
  68. mini-buffer, and then do the equivalent of this shell script, using
  69. something like:
  70.  
  71.         (send-string PROCESS "PassPhrase")
  72.         (send-region PROCESS (point-min) (point-max))
  73.  
  74. ---begin---
  75. #!/bin/sh
  76.  
  77. PGPPASSFD=0; export PGPPASSFD
  78.  
  79. (echo "PassPhraseHere"; cat filename ) | pgp -feast recipient1 recipient2...
  80. ---end---
  81.  
  82.         I must admit, this is a crude script, since it doesn't strip
  83. out stderr, which included the bannerlines and error messages, but
  84. that is not difficult to do out of band.
  85.  
  86. This is an example perl script that demonstrates the use of PGPPASSFD:
  87.  
  88. ---begin---
  89. #!/usr/local/bin/perl
  90. #
  91. # perl example for PGPPASSFD,
  92. # encrypts stream with password 'test'
  93. #
  94.  
  95. pipe(READER,WRITER);
  96.  
  97. if (!fork) {
  98.         close(WRITER);
  99.         $ENV{'PGPPASSFD'}=fileno(READER);
  100. # the $^F (Ctrl-F) variable controls close-on-exec of files
  101.         $=fileno(READER);
  102.         exec "pgp -acf";
  103.         die "can't exec pgp\n";
  104. }
  105. close(READER);
  106. syswrite(WRITER, "test\n", 5);
  107. close(WRITER);
  108. wait
  109. ---end---
  110.  
  111.         Another feature of 2.6 which can be utilized in mailer scripts
  112. is the batchmode feature.  This is used in the key-server software
  113. (see keyserv.doc), to allow a process to call PGP and have it perform
  114. without prompting the user for anything.  It will take the default
  115. answer to most questions, which may not be what the user wants.  This
  116. is switched by adding "+batchmode" to the command line.
  117.  
  118.         One more mailer I should mention, and this is probably the
  119. most important of all of them, is MIME compatibility.  In order to use
  120. MIME, a user needs to create a proper entry for PGP.  Unfortunately
  121. there is not yet a standard MIME content-type for PGP-MIME.  However
  122. there is a recommended set of mailcap entries which would be useful
  123. for using metamail:
  124.  
  125.         application/pgp; pgp -f < %s | metamail; needsterminal; \
  126.                 test=test %{encapsulation}=entity
  127.         application/pgp; pgp %s; needsterminal

Raw Paste


Login or Register to edit or fork this paste. It's free.