Newsgroups: alt.security.pgp From: rgooch@rp.CSIRO.AU (Richard Gooch) Subject: [ANNOUNCE] PGPsendmail/Unix Suite Keywords: PGP sendmail daemon drop-in wrapper Nntp-Posting-Host: rzmws1.nfra.nl Organization: CSIRO Division of Radiophysics/Australia Telescope National Facility Date: Tue, 5 Jul 1994 21:51:01 GMT -----BEGIN PGP SIGNED MESSAGE----- Greetings, PGP users. I am happy to announce the first public release of the PGPsendmail/Unix Suite. This suite of programmes provides for the transparent encryption, signing and decryption of messages which pass through your mail system. Using this system allows you to forget about manually encrypting outgoing Email messages: PGPsendmail does it for you, automatically. I hope it makes your life easier. Below is the README: Regards, Richard Gooch, rgooch@atnf.csiro.au =============================================================================== The PGPsendmail/Unix Suite Richard Gooch rgooch@atnf.csiro.au 1) What is it? The PGPsendmail/Unix Suite provides for automatic encryption and decryption of Email messages, using PGP. The two main programmes are PGPsendmail and PGPdaemon. There is also a third programme: sendpgppass used for communicating your passphrase to PGPdaemon. 2) PGPsendmail PGPsendmail is a drop-in wrapper for the standard sendmail programme which resides as /usr/lib/sendmail on most Unix systems. It allows the automatic encryption of outgoing messages by using the recipient's PGP public keys. It does *not* provide for automatic decryption of incoming messages: such a feature would necessarily involve compromising your passphrase. PGPsendmail may be installed by your system administrator, allowing everyone on the system to reap the benefits. Alternatively, it may be privately installed by ordinary users. For the latter case, your mailing software (eg. EMACS ViewMail, elm, UCBmail, etc.) must be told to use PGPsendmail to deliver mail rather than the regular sendmail programme. Read the installation instructions before attempting to install. You have been warned. There is another package: PGPSendmail/AmigaOS which does much the same thing as PGPsendmail except it runs on AmigaOS. See the section on getting PGPsendmail/Unix for details of where to get it. 3) PGPdaemon PGPdaemon is a daemon, run by the user, which provides for the automatic signing and decryption of messages. It will also periodically read the users' incoming mail spool directory and will move the contents to another spool file, decrypting any messages that it can. In order to perform these operations, PGPdaemon requires access to the users' passphrase and secret key. On a secure system, this should not pose a problem. On a public system, this may be a cause of concern. However, if you are concerned about PGPdaemon compromising your PGP secret key and passphrase, you should also be concerned about these being compromised even if you are using PGP in the conventional way. PGPdaemon is written based on the approach that if you compromise your secret key and passphrase by using them on a public system, you may as well make it as convenient as possible. Since PGPdaemon does not require the passphrase to be stored in an environment variable, it should be considerably more secure than automatic decryption methods which use that technique. PGPdaemon make a good effort to avoid being compromised. Future versions will provide various features to detect and thwart attempts at tampering. 4) sendpgppass A small programme which reads the passphrase from the user and transmits it to PGPdaemon. 5) More information See the manual pages and the files in the doc directory. The doc/COMPILING file gives hints for compiling. Well worth reading. 6) Getting PGPsendmail/Unix The PGPsendmail/Unix Suite is available for anonymous ftp from: ftp.atnf.csiro.au: pub/people/rgooch ftp.dhp.com: pub/crypto/pgp/PGPsendmail PGPSendmail/AmigaOS is maintained by Peter Simons (simons@peti.gun.de). It is available for anonymous ftp from any Aminet host in: pub/aminet/util/crypt The main Aminet site is: wuarchive.wustl.edu There are two files in the PGPsendmail/Unix distribution: PGPsendmail-vN.n.tar.gz a tar file compressed with gzip which contains all source code for PGPsendmail version N.n PGPsendmail-vN.n.tar.gz.sig my signature on above Inside the compressed tar file, you will find a file: pubkey-rgooch.asc which contains my public keys: my work key, for most everything my home key, for really earth-shattering, die after reading stuff (funny, no-one has ever used this key: guess I'm not important enough:-) My public key is also available by issuing the following incantation: finger rgooch@venice.atnf.csiro.au **** 7) Copyright and Disclaimer PGPsendmail/Unix and associated software is covered by the GNU General Public License. See the files: COPYING and COPYING.LIB for more details. [CYA mode ON] An important extract, the disclaimer: This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. [CYA mode OFF] =============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLhnVjmGddyp8Ve4FAQFmdQP+NyEaIAPlxa9Lq9O6MDqugTIuYujj+ffd QaijU+rSM2qDJv4YO3kJKmYvWn7YXlGgEmBMfo0FXJaoOGQoZDNrMlVo3pEqht6m POImR441IM9dPI+3IPgvTF4Liycg73U80StdxRA8PXpfLfA8ypYMlnCSpAOaj4NN Lfym3cawMuc= =gjVU -----END PGP SIGNATURE----- PGP public key- work: KeyID: rgooch@atnf.csiro.au -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAivYooAAAAEEAMkXv3BWNjZZDH0EvFFpTQt27ux451X2IvPzbaxHuMYc44yE YBvzhJEXfrSB02+S9b75lpl3PY4cbmogKQNw2/jPJfcvsmC+O9Mol6yxQoXMYfvl 7ySJtiBdQz8bYiFu+MuG575q/KJSl3MAND/Lyo3iwp6A0nJe8mGddyp8Ve4FAAUR tCRSaWNoYXJkIEdvb2NoIDxyZ29vY2hAYXRuZi5jc2lyby5hdT6JAJUCBRAuGAv4 D0cvWzTXTcEBAdIEBACaUkm2pfi8QT9TuNJ11b86G6JezmP7oNsRCgEHL7PMJ5Mf 7DHieuKW5hE1LbkRIUfK+i9olA8z8gZl8p5Ys91bVoQY4mNcXSLEIGJ3qVxD4j5k aQCnRJPMnRQ6DRgEQ5jEaeY/g7f88j/RvvlxPnTZT68QM7NvMn9s5MVdoxvDxokA lQIFEC4LAcgkSNAx+2T8swEB6LkD/RN6iNm4ciOXWyjd4grhYlZ+J5v3Kd8JAY+K /DYmlmHN6xsHjM71WetPMP1WPCxTo5vBYfu6tsG5wGRDSRlJxtxonvvORw581WZh NBQ+GBsWj85H9hxB4cfHiElkAYzDKeoStm8aediLJ5UjPuGEO+BfJjaAmyJwJPLV 5m5sey+GiQCVAgUQLVdHqQwvZM2R+pvdAQFTXAQAsXDA7QCSu9gcieiOw5qggClP ZLei/t+t2q53SEeKHfB8XftxvFBF87neBf7C7U3GxLPrr6OIMJxAgaSVZy0hXbmg IP+w9q82HUvBJss83ZIa6P7QEJhNX8lRw5yZB0svf9UsBH92zJPqdfvSsxQqffKg ZA+wpQdjBH8yogR/W8iJAJUCBRAtCspKXIbClvnfAOEBAWFTA/4qJ7tiabMQcR87 Gd5hZFBZidlhPG9iu5K0VdOumJgCeov7KnqG/bH7Jv6+cn7TzhbehDHSx7VHOytb 1pE36qTyQM4zUn0fT4Xcic3YgUuH4zxWZV1KDhv2WBr0Ux4XH33qXnHMmli6dezs MU33nYnpEEbVeH7GXAUZ1qQ7Be2+7YkAlQIFEC0GzY4FbgfK97ROuQEBTkYD/1Zn FHkVyMSCRRNxddtLIFuKIssbrVtrEXrMk/QywB2rqFnFzA5fmIK3KCL+C7ta8rh7 j4dvnIwAK7vbay06eyVrTxyVX60LFnhRJxahvsCSGmr/OSXo4AnhNgaecFDA4g55 nQWWCEscy/0XCxHvMIOur+0Yn10kJO2b9SDtcGYDiQCVAgUQK9oCVyryJYerAMHX AQHuVgP/QMdUMh01TjrQ001noUrhzjzzrc9/TPMQMU63J8qJe4EWLGwY/3t3y9BU XADlRH8bB0xiy7oryNDoJNOjP+H6N7J8exBirPj2v16etr/oK5Z9ycZSyvHiDtcT 9gHlpGBnQll7Uy3ksSmPhgynGL/lSOkF0CmMdg82KcUELvDG7yKJAJUCBRAr8W4u YZ13KnxV7gUBAa4GA/9tjeEd0oQRSM6lofQkw/KMl0ARpbQ+cyogccJgLMGXLTES sGE3+cbgZ5IUqIlAb12zYGrOhBpD79i3fzy+Y9D+cCSlW8/fR8neOfxnL2eK8e42 z6IgGLv+R2xcWAjedD9/nktagistQgglZ0VRCnvmRR9a9AQNkcGbNzbuzKCS9g== =a1Jt -----END PGP PUBLIC KEY BLOCK----- PGP public key- home (secure): KeyID: rgooch@workaholix -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi0KyZcAAAEEAMa7Hq/oTPWIMzurRlGEXMsAsFgcwsQV7VZLjIK92rNFmQXA jBLeOpdB/1PnWtpPUTOxKwF5SXCZdV8Ehph/U4yrx9ZIv2xOmj/Mxj0PFmBehtAP MTjQM9pbvBuqVAsrh5ho5knRr6Vcja1PPIP1Boak8o4zpi9Am1yGwpb53wDhAAUR tChSaWNoYXJkIEdvb2NoIChob21lKSA8cmdvb2NoQHdvcmthaG9saXg+iQCVAgUQ Lhk70Q9HL1s0103BAQG+XgP8CkVFn87mKqD7tDgEgTrMhvuIgSU+KCb6ivuob79C RtDxkwzQi+fH2NY1nIP/+na0TaNfuPpRhiuOkW0UzyjPwrwFNbrvlYnXQKUgVyyf qOXNAmynTJ1cS4OKfZlY8o+xjmLhmOQlpCm15eqd8Qlp54atYzgbPWQciv5BzD/X quOJAJUCBRAuCwEJJEjQMftk/LMBARyvA/sHNieeiNnmUjg5xINNB+ZQoBCoHUTM 175544x2SE3H9N3rmfWjbTSsW09w5Zgvf2lVe9geMqXUnmhaN7HbzkKTIXdx6kKs b3+4wk3Bb9WxIXmU35KrRVtq28+c167xs8U7sURSdVWS0n9SWHE+gbPxN5ZSkWIM w3Cazx+WRrTY+IkAlQIFEC1XRksML2TNkfqb3QEBreAD/1zHD4Fn7/CEudKsaW3y 9qEUs3/Tp0QTZyoznq0hsz2cN4fTEVOQcLiv8M6K6SnmmxQfSp+ZcqhM26S6Lzu6 UODaQAbUWy3XGP6B6HZ4putf10Lv354BUiwQIZDLG5YLAC4JT1TQ+699hNzcWMlS TnchcdFRE9V+EVO0xw550n2KiQCVAgUQLQv73CryJYerAMHXAQEknQQAtxgdN+wE fAGC7gnaQb7r2w8nWTidHyv077H/vhpif4vE2cMULkDomcqvHtY0SmifbqIvJYpb xVfr+0Dbwb1zKr8uYiIS3OqD+ulRDaG7L27oFEECMWSCLfN5oTqcikNKJ/F7OXJv WH7yQQ5y6xb+3VTYdy7JaiyTvlhps5D76yiJAJUCBRAtC5mzBW4Hyve0TrkBAcsX BACAZuNQ1xUiYW/zCNZaM6ep2dX1aNFpouC4jYwD/C4BAKFeaOOFMDjPVyDkrYLd VhBfn3ZRGHAheIAwQc3IhHnG+I/ovL6sK9g1ZefJ80dysNDyM9yQDTt1KqctdZ7Q 6bheQJ9uUkb8ATnoJjPg4HNp+rCaG4pmYRs84tCNKZtErYkAlQIFEC0KyothnXcq fFXuBQEBHWED/3SrgSPkBFmJFWDrHYFg5/uV4hFo/kJ7rZLynXJ7WBIwT0FyyAz2 apedjT812AcxGO+autcKOjtiuJvpT8dRnWX8g+WJ2M1N3rUSN0CURTBm9DFOe+Iq KhOMmvbKj9EGDMyWllHSLXCdM3Y9cFwmk+K/RFZO8hVb7+A4GDl3YHLXiQCVAgUQ LQrKHFyGwpb53wDhAQGWkwQAxX7MN1Vbl5kO7DNAxSZzZ8uaQW0ID430vAKjrJUs oo+qP5l23MnutLf7mvZ0ZDNY1VzXulHSAkU22JF4JgxWrzkvJ24CF2wblM54FBqR Ua2/mlUqhLN3vqz/MIDosL2H4Pj6o+GFkCwP/uDXdayoH6oAtagb88mzIsfx4g7b d2M= =npLs -----END PGP PUBLIC KEY BLOCK----- -- Regards, Richard Gooch, rgooch@atnf.csiro.au ----------------------------------------------------------------------------- Want computer privacy/ security? Use PGP: public key encryption. Don't know what it is? Ask me. PGP Public Key available on request, or: finger rgooch@venice.atnf.csiro.au PGP fingerprint (work): 34 29 30 4D F4 79 C7 F7 6A 45 B7 F7 74 59 39 9D PGP fingerprint (home): F0 70 2B 1D 9D 43 8C 8E CF 68 FA BE 43 71 FC F7