### ## Start of lengthy commentary about `pine', `pgp', and some other issues # by LeRoy N. Eide 28-Nov-96 through 05-Dec-96 # related to pine-3.95 and its display/sending filtering capabilities ... # ... 09-Jan-97 Additional and updated commentary. # ... 27-Jan-97 Minor corrections. # ... 27-Feb-97 Additional filter commentary. # ... 06-Mar-97 Clarifications about `pine's variable interpolation. # ... 02-Apr-97 Musings about future script enhancements. # ... 03-Apr-97 Clarifications for some `pgp' option descriptions. # ... 26-May-97 More clarifications and summary of all `pgp' options. # ... 21-Jun-97 Comments concerning the new `perl' filter script. # ... 25-Jun-97 Comments concerning new `perl' filter script features. # ... 05-Aug-97 Filter redefinitions to exploit the new `perl' script. ## # The display-filters variable defines a list of programs that message text # may be piped into after MIME decoding but prior to display. # # The following filter definitions assume that there are (symbolic) links # in your ~/bin directory that simply invoke `pgp' (wherever that is!). # [Note that absolute path names are required here for security reasons.] # The sundry display filter names are not really needed here (just plain # 'pgp' would suffice in almost all cases), but there's hope that some of # these filters might be replaced in the future by some "smart" scripts # that are sensitive to the name(s) by which they are invoked ... # [My current ~/bin/pgp is a `sh' script that does little more than just # invoke `pgp ${1+"$@"}' and then wait for the user to view the results; # it will eventually be replaced by a `perl' script that honors whatever # arguments it is given but supplements (or replaces some of) them with # arguments that are implied by the invoked-script-name. Stay tuned!] # [Thanks for staying tuned -- that new `perl' script is now here!] # # A trigger may be just a string, "string" (required if string contains # whitespace), or one of the following specially recognized tokens: # _CHARSET(string)_ Invoke this display filter if the message text # is in a character set matching "string". # _LEADING(string)_ Invoke this display filter if the first (non- # whitespace) text of the message is "string" # [this is extremely efficient!]. # _BEGINNING(string)_ Invoke this display filter if "string" occurs # at the beginning of any line in the message # [whether this is after whitespace is unclear]. # Any other trigger "string" may match anywhere within the message text # (very inefficient since failure requires scanning the entire message!); # "" may be used to unconditionally match and invoke a display filter # (this is a very efficient match, but it always invokes a filter -- # and invoking a filter is always more-or-less inefficient!). # # Common `pgp' triggers are the following: # "-----BEGIN PGP MESSAGE-----" From `pgp -a[t]' (armor [text]) # or `pgp -a{ce}[s]' (encrypt) # "-----BEGIN PGP MESSAGE, PART " From `pgp -a[t]' (a multi-part # or `pgp -a{ce}[s]' message) # "-----BEGIN PGP SIGNED MESSAGE-----" From `pgp -ast' (not encrypted) # "-----BEGIN PGP SIGNATURE-----" From `pgp -ast' (signature, but # useless without a MESSAGE blk!) # "-----BEGIN PGP PUBLIC KEY BLOCK-----" From `pgp -akx' (a public key) # # Note: ONLY the first matching trigger is used to invoke a display filter -- # but it's ALWAYS used (for viewing, extracting, etc. -- for everything # except saving a message into another folder!). You are warned ... # 0) Any of the following `pgp' display filters may be omitted, and any # message can be manually piped (|) through `pgp -f' (with other options # as appropriate and as needed). These filters are for "convenience" -- # if they offend thee, cast them out! # If any `pgp' MESSAGE (or PUBLIC KEY) blocks are present in (probably) # prefixed (e.g., by '> ') reply text, all bets are off here -- you'll # need to write you own extraction script(s)! Or maybe some day I'll ... # 1) For all MESSAGE blocks, `pgp' ignores any preceding or following text # (i.e., `pgp -f' only returns the (decrypted and uncompressed) contents # of the MESSAGE block and discards everything else); consequently, a # MESSAGE block trigger should require a match on initial text only # (otherwise, you'll never see any introductory comments -- but you'll # never get to see any final commentary in any case!). The expectation # here is that if a `pgp' MESSAGE header is the first line in the message # then the entire message has been encrypted, base-64'ed, or whatever ... # If you need to (temporarily) disable a display filter, try `pine's # main menu (M) setup (S) config (C) and prepend some nonsense string to # the offending display-filter trigger (it's easy to edit it back out!). # 2) Multi-part MESSAGE blocks should be presented to `pgp -f' all-at-once # (so we can't -- and don't -- automagically filter these here!). # Try selecting (;) the appropriate messages and then apply (A) pipe (|) # `pgp -f' to the entire selection; to save the resulting message, try # print (Y) and then enter a custom (C) command like `cat > filename' # [`pine' DOES invoke a shell to handle its pipe and print commands!]. # Or be truly clever and pipe the entire selection through something like # `pgp -f | tee filename' (but be sure to keep `pine's Viewer happy!) ... # 3) A SIGNED MESSAGE block is handled like a regular (encrypted) MESSAGE # block, but it requires a (following) SIGNATURE block -- any SIGNATURE # block without an immediately preceding SIGNED MESSAGE block confuses # `pgp' (actually, it causes `pgp' to ask you for the name of the file # to which this SIGNATURE applies -- and I bet ya don't have it, do ya?). # 4) A PUBLIC KEY BLOCK is usually deeply embedded within the message body; # as such, the trigger must be searched for throughout the entire message # (this may be unsatisfactorily inefficient -- if so, toss the filter!). # In any case, if a `pgp -ka' filter (or any of its ilk) is invoked, then # `pgp' must be given a file to read-but-return-unmodified so that `pine' # remains happy (no actual message-decryption is being done here!) -- # hence the use of the special `pine' _TMPFILE_ token in such a filter. # Note: The special `pine' tokens for display filter arguments are the same as # those for the sending filters (see below for details). # Note: Useful `pgp' (config.txt) arguments for display filters include # INTERACTIVE, PAGER, TMP, and VERBOSE (again, see below for details); # it is often advisable to override some of these in display filters ... # Note: The new `perl' script for these `pine' display filters generally # defaults all of the requisite arguments (these may be overridden by # specifying your own) but the special `pine' tokens (e.g., _TMPFILE_) # must still be specified as needed. # Note: The paths in the following filters should be adjusted as necessary, # but please note that `pine' requires an explicit path here! # # The following schemata are used in naming the `pine' display filters # (invoked by matching certain patterns in the message): # pgp-decrypt # -----BEGIN PGP MESSAGE----- # [-to-view|-to-name] # [-from-SECRING][-using-PUBRING] # or pgp-verify # -----BEGIN PGP SIGNED MESSAGE----- # [to-view] # [-using-PUBRING] # or pgp-glean # -----BEGIN PGP PUBLIC KEY BLOCK----- # [-using-PUBRING] # where the first two ought to be run as filters but the last one not # (i.e., `pgp-glean' should specify a filename for the message text # which will be scanned but not otherwise modified). # #display-filters=_LEADING("-----BEGIN PGP MESSAGE-----")_ ~/bin/pgp.sh/pgp-decrypt +INTERACTIVE=ON +PAGER=/bin/cat +VERBOSE=0 -f, # _LEADING("-----BEGIN PGP SIGNED MESSAGE-----")_ ~/bin/pgp.sh/pgp-verify +INTERACTIVE=ON +PAGER=/bin/cat +VERBOSE=0 -f, # _BEGINNING("-----BEGIN PGP PUBLIC KEY BLOCK-----")_ ~/bin/pgp.sh/pgp-glean +INTERACTIVE=ON +PAGER=/bin/cat +VERBOSE=0 -ka _TMPFILE_ # display-filters=_LEADING("-----BEGIN PGP MESSAGE-----")_ ~/bin/pgp.perl/pgp-decrypt, _LEADING("-----BEGIN PGP SIGNED MESSAGE-----")_ ~/bin/pgp.perl/pgp-verify, _BEGINNING("-----BEGIN PGP PUBLIC KEY BLOCK-----")_ ~/bin/pgp.perl/pgp-glean _TMPFILE_ # The sending-filters variable defines a list of programs that message text # may be piped into before MIME encoding but prior to sending. # # The following filter definitions assume that there are (symbolic) links # in your ~/bin directory that simply invoke `pgp' (wherever that is!). # [Note that absolute path names are required here for security reasons.] # These links are used (required!) so that pine (3.95) displays something # "semantically meaningful" while whiffling through these filters ... # [The pine composer only displays `basename FILTER` -- and that is all!] # The following filters are arranged so that ^N (forward cycling) reveals # increasingly interesting levels of public-key encryption, while ^P just # offers increasing levels of private-key (i.e., pass-phrase) encryption # -- for sending to those recipients without any published public-key(s)! # If the `pine' configuration feature 'compose-send-offers-first-filter' # is set, it seems best to offer 'pgp-sign' as the default filter ... # Your mileage may, of course, vary -- rearrange the following to your # liking (but 'tis best to use your favorite editor here rather than just # trying to do all of this with `pine's Main_Menu.Setup.Config tools!). # Don't forget to place the appropriate (symbolic) links in your personal # ~/bin directory ... or their moral equivalents (however you do it). # And don't forget to place a ',' after each filter but the last! # # The following sending filters assume the possible personal signing keys # (in secring.pgp) of $USER, , and -- # again, your mileage may vary, but it's IMPORTANT to specify the signing # key (-u userid) if there is more than a single key in your secring.pgp # (`pgp' assumes the most recent one -- which is almost always wrong!). # # Some relevant `pgp' config parameters (with their default values) # are described below: # ARMOR=OFF (default, unless otherwise specified in config.txt) # Nonetheless, we force it ON (-a) here because of RFC822 considerations. # Note that ARMOR=ON (-a) is sensitive to TEXTMODE=ON (-t) and is also # required for CLEARSIG=ON to work as advertized (see below for details). # If ARMOR=OFF, then `pgp' will never generate multipart output files. # ARMORLINES=720 (default [~64KB], unless otherwise specified in config.txt) # Note that `pgp' likes to split long messages into multiple pieces when # applying ASCII-armor (-a); we inhibit that here (ARMORLINES=0) because # `pine' won't have a clue as to what's going on otherwise! # ARMORLINES is ignored if the conditions for a "clear signature" are # met (i.e., ARMOR=ON (-a), CLEARSIG=ON, TEXTMODE=ON (-t), -s option # and neither -c nor -e option); a "clear-signed" file will never exist # in multiple parts! # BAKRING="" (no default, unless otherwise specified in config.txt) # Location of a secure and valid backup copy of the secret key ring. # Mostly a key-maintenance parameter. Not used here ... # CERT_DEPTH=4 (default, unless otherwise specified in config.txt) # Mostly a decrypt parameter (depth of "trust"). Not forced ... # CHARSET="noconv" (default, unless otherwise specified in config.txt) # Mostly a decrypt parameter. Not forced ... # CLEARSIG=ON (default, unless otherwise specified in config.txt) # The default is to separate an ASCII-armored `pgp -ats' signature block # from the body of a plain unencrypted ASCII-text message (for which a # "hash-value" or "check-sum" has been computed and encrypted within the # signature block) -- this allows reading of the plaintext message even # if the signature (or the message's hash-value) cannot be verified. # If CLEARSIG=OFF, the signature is included in the (compressed) message # block; this is necessary for some "brain-damaged" mailers that # unnecessarily munge the message body (which alters the hash value!). # Note that CLEARSIG is ignored whenever any encryption occurs # and that for CLEARSIG=ON to be effective, both ARMOR=ON (-a) and # TEXTMODE=ON (-t) are also required -- otherwise `pgp' buries everything # in a compressed (and possibly encrypted) message block! # Consequently, CLEARSIG=ON should probably be forced in contexts where # signing but no encryption occurs ... but it's not because of the # aforementioned "brain-damaged" mailers! The choice is yours ... # Note that if TEXTMODE=OFF is forced, CLEARSIG is ignored (see below). # COMMENT="" (no default, unless otherwise specified in config.txt) # Comment placed in every ASCII-armored file. Not forced ... # COMPLETES_NEEDED=1 (default, unless otherwise specified in config.txt) # Mostly a decrypt parameter; number of "completely trusted" signatures # needed to make a key valid (also see CERT_DEPTH and MARGINALS_NEEDED). # Not forced ... # COMPRESS=ON (default, unless otherwise specified in config.txt) # The default is to compress before encrypting (`pgp -c' or `pgp -e'); # this is recommended (it more-or-less compensates for the ASCII-armor # expansion in file-size -- and it makes cryptanalysis a lot harder!). # The choice is yours ... it's not forced! # ENCRYPTTOSELF=OFF (default, unless otherwise specified in config.txt) # The default is NOT to encrypt (`pgp -e') for oneself (i.e., MYNAME in # in `pgp's config.txt file). If OFF, the downside is that you can't # read encrypted messages sent to others (so saving these messages in # the 'sent-mail' folder is useless!); the upside is that you can't be # forced to read (or expose) these messages! Your choice -- not forced! # [Note that ALL recipients are encrypted for, so if you Cc: yourself...] # INTERACTIVE=OFF (default, unless otherwise specified in config.txt) # Used mostly by `pgp -ka'. ON is probably better ... should be forced! # KEEPBINARY=OFF (default, unless otherwise specified in config.txt) # Recommended, but not forced in the following `pine' sending filters. # The default is to delete any intermediate encrypted '*.pgp' file after # producing the ASCII-armored file from it. [Mostly used for debugging!] # LANGUAGE="en" (default is "english", unless specified in config.txt) # Language of query/error messages. Not forced ... # MARGINALS_NEEDED=2 (default, unless otherwise specified in config.txt) # Mostly a decrypt parameter; number of "marginally trusted" signatures # needed to make a key valid (also see CERT_DEPTH and COMPLETES_NEEDED). # Not forced ... # MYNAME="" (no default, but may be specified in config.txt) # Specifies the default userid (-u userid) for signing (and also for # ENCRYPTTOSELF -- see above). Generally overridden by the consistent # specification of '-u userid' in the following `pine' sending filters # that perform the `pgp -s' (signing) function. Your choice ... # NOMANUAL=OFF (default, and cannot be otherwise specified in config.txt!) # Normally, `pgp' won't run unless it determines that its documentation # is currently available! If this is a problem, add the '+NOMANUAL' # option to all of the `pgp'-filter commands ... # [Current documentation states that this restriction applies ONLY to the # `pgp -kg' command; this seems to be true ... at least for pgp-2.6.2] # PAGER="" (default is $PAGER, unless otherwise specified in config.txt) # The "pager" used for viewing a file encrypted via `pgp -m'. Not very # useful for mail except for the displayed "For Your Eyes Only" warning. # Using the $PAGER environment variable is dangerous (a "Trojan Horse"?); # in any case, paging within a filter is useless, so this is forced # (as needed) to be just "/bin/cat". # PGPPASS [environment variable, contains your "private-key-pass-phrase"] # NOT RECOMMENDED! EXTREMELY NOT RECOMMENDED!! PLEASE DON'T DO IT!!! # If specified, you won't need to specify the pass-phase for your # personal encryption key every time you need to use it; the downside # is that your "environment" is visible to anyone who uses `ps' # (with the appropriate options)! Don't do this ... just say "NO"! # PGPPASSFD [environment variable, contains a file-descriptor that can # be read to obtain your "private-key-pass-phrase"] # NOT RECOMMENDED! Better than PGPPASS, but AVOID THIS IF POSSIBLE!! # It has its uses, but it's not used here ... # PGPPATH [environment variable, (absolute) path to config.txt and keyrings] # The default is '~/.pgp' but any specified variant is honored here ... # PKCS_COMPAT=1 (obsolete) # Used only with old versions of `pgp'. # PUBRING="$PGPPATH/pubring.pgp" (default, unless defined in config.txt) # This might be useful to specify in some specific `pine' display filters # (for gleaned public keys) or sending filters (for encryption keys); # nothing is forced here ... but see the new `perl' filter script! # RANDSEED="$PGPPATH/randseed.bin" (default, unless defined in config.txt) # Location of the random-number seed file. Nothing is forced here ... # SECRING="$PGPPATH/secring.pgp" (default, unless defined in config.txt) # This might be useful to specify in some specific `pine' display filters # (for decryption keys) or sending filters (for signing keys); # nothing is forced here ... but see the new `perl' filter script! # SHOWPASS=OFF (default, unless otherwise specified in config.txt) # If ON, a pass-phrase is `echo'ed as it is entered; NOT recommended! # Useful for the keyboard-impaired and any random onlookers ... # TEXTMODE=OFF (default for unix, unless otherwise specified in config.txt) # Forced ON (-t) in most of the sending filters below because it's the # right thing to do for mail (and generally harmless on unix systems). # And it also allows CLEARSIG=ON to work as advertised and expected ... # However, for sending filters that are specifically designed to ARMOR # the message, TEXTMODE=OFF is forced (and CLEARSIG is ignored!) so that # all message lines conform to RFC822 (with the exception that the 64KB # message-size limit might still be exceeded because ARMORLINES=0 is # also forced unconditionally to keep `pgp -a' from generating multiple # ASCII-armored transport files -- this needs to be handled in one of # those "smart" scripts alluded to above -- `pine' can't handle this!). # TMP="" (default is $TMP, unless otherwise specified in config.txt) # Path of a directory for temporary files. # If not specified (and if there is no $TMP environment variable), # `pgp' uses your current directory. For optimal security, this should # be a (non-network) directory readable and writable only by you # (but, in any case, it must be writable!). Should we force this? # [Note that `pgp' uses $TMP rather than the more standard $TMPDIR] # VERBOSE=n (default is 1, unless otherwise specified in config.txt) # Setting this to 2 causes `pgp' to display debugging information. # Forced to be 0 (no advertising!) in the `pine' sending filters below; # this reduces the amount of extraneous intermediate output to a minimum. # [If you feel different about this, feel free to remove the +VERBOSE=0 # arguments from any of these filters (the value from your config.txt # file -- or `pgp's default -- will then be used). Note that `pgp' # always uses its default VERBOSE=1 whenever it thinks its arguments # are incomplete or inconsistent! This is probably a "feature" ...] # # Config parameters may be passed as options to `pgp' if preceded with # a '+' (e.g., `pgp -ef +ARMORLINES=0'). Parameter values are of 3 types: # Boolean: value is either ON or OFF (and '=ON' is assumed if omitted). # Note that +ARMOR and +ARMOR=ON are equivalent; # both +ARMOR= and +ARMOR=1 are unacceptable (syntax error). # Numeric: value is an integer (which must be specified). # Note that both +ARMORLINES and +ARMORLINES= are unacceptable. # String: value is a character string (which must be specified but # which may be nil). # Note that +COMMENT= and +COMMENT="" are equivalent (assuming # shell-processing of quoted strings); +COMMENT is unacceptable. # # Environment variables, of course, need to be set in the environment! # Note: The new `perl' filter script handles environment variables like other # configuration variables (e.g., +PGPPATH=~/foo) and will set these # before invoking the underlying `pgp' program. It's magical! # # Some relevant (but somewhat obscure) `pgp' options are described below: # -a Same as '+ARMOR=ON' (see above); an encryption-only option which # should probably always be forced for mail. # -f Filter from STDIN to STDOUT (or '-o filename', if specified); # an input filename argument is neither expected nor honored # (attempting to do # pgp -ef message recipient ... # will cause "message" to be interpreted as the first recipient!). # -m "For Your Eyes Only" -- the `more'-only option; # decryption: force the decrypted output through a PAGER (see above) # and is honored even if the '-f' option is specified # or if the file is merely armored and/or signed; # encryption: cause the encrypted file to force the '-m' option when # it is decrypted (ignoring any '-o' option at that time) # and is honored even if the file is merely armored and/or # signed! # -o filename -- alternate output filename; # decryption: write decrypted output to "filename"; # encryption: write encrypted output to "filename.asc" (if '-a..' option) # or to "filename.sig" (if '-sb' options) # or to "filename.pgp" (otherwise). # -p Preserve original (plaintext) filename; # decryption: assume '-o original_filename' unless '-o' is specified; # encryption: cause the encrypted file to assume '-o original_filename' # when it is decrypted. # Note that encryption ALWAYS records an original plaintext # filename in the encrypted file -- the '-p' option simply # causes this to be the default output filename when decrypting). # [Ignore the rather confused descriptions of the '-o' and '-p' options # in O'Reilly's "PGP" book (and its removable quick-reference card) -- # '-o filename' works for both decryption AND encryption; # '-p' takes NO argument (and may even be bundled!). # Note that both '-m' and '-p' are options that just ultimately affect # the output when decrypting a file.] # -t Same as '+TEXTMODE=ON' (see above); converts to local text conventions # and should probably always be forced for mail unless there are really # good reasons to do otherwise. # -u username -- The default is MYNAME (see above) from the config.txt file # (if not defined there, the default is the most recent key in SECRING); # this is an encryption-only option (and only used for signatures and # the ENCRYPTTOSELF feature -- see above); a better default is probably # either "$USER" or "$USER@$HOST" (but perhaps Phil has his reasons ...). # -w Scrub and then delete the original plaintext file after encrypting # (ignored if decrypting or if '-f' option). # # A summary of ALL `pgp' options is presented below; # a number of options have different meanings in different contexts # (options without argument may be bundled, an option with argument may # snuggle, e.g. # -esufoo # is equivalent to # -e -s -u foo # but argument snuggling is deprecated, option bundling is tolerated): # Note: If using the new `perl' filter script, option bundling and argument # snuggling both require the Author's new-and-improved Getopt::Long # options-processing package; if you don't have this, separate all # bundled options and snuggled arguments -- or just let the `perl' # script apply the (usually appropriate) defaults. You are warned! # # Option Context Meaning # ------ ------- ------- # -a # -kxf. # Key Extract ASCII Filter (from keyring to STDOUT) # # -kx.. # Key Extract ASCII # # -kf.. # Key Add Filter (from STDIN to keyring) # # -k... # Key Add # # ASCII Armor # -b # -s... # Sign By itself (make signature certificate) # -c # -kv.. # Key View and Check # # -k... # Key Check # # Crypt with pass-phrase (conventional encryption) # -d # -k... # Key Disable (or Revoke) # -e # -k... # Key Edit # # Encrypt with public key(s) of recipient(s) # -f # -kxa. # Key Extract ASCII Filter (from keyring to STDOUT) # # -kx.. # Key Extract Filter (from keyring to STDOUT) # # -ka.. # Key Add Filter (from STDIN to keyring) # # Filter (from STDIN to STDOUT or '-o filename') # -g # -k... # Key Generate # -h # Help (general) # -k # -.... # Key management # # Key help # -m # More ("for my/your eyes only") # -o filename # Output (output filename) # -p # Preserve (restore original filename when decrypting) # -r # -ks.. # Key Remove Signature # # -k... # Key Remove # -s # -kr.. # Key Remove Signature # # -k... # Key Sign # # Sign message # -t # Text (use local conventions for text files) # -u userid # User (selects private key for signature) # -v # -kc.. # Key View and Check # # -k... # Key View (Verbose, if repeated) # -w # Wipe (erase plaintext file after encryption) # -x # -kfa. # Key Extract ASCII Filter (from keyring to STDOUT) # # -kf.. # Key Extract Filter (from keyring to STDOUT) # # -k... # Key Extract # # Note: Pine does NOT pass any of its filter commands through a shell -- # it more-or-less `exec's them directly after some minimal processing # [useful documentation about filters is extremely lacking -- even at # http://www.washington.edu/pine/ # so some experimentation has been done but much more is needed here!]: # 0) Shell meta-characters (except as noted below) are left intact as # (part of the) text argument(s); consequently, it's perfectly all right # to use a "focused" email address as an argument (e.g., ). # 1) An initial ~ in the command name is replaced by the value of the $HOME # environment variable; in arguments use $HOME (or ${HOME}) instead. # 2) Environment variable references of the form $VAR (or ${VAR}) are # interpolated in ALL contexts except where preceded by a \ character # (in which case the \ character is removed and the following $ remains # as text); the ${VAR} form is required if there is any trailing text # (which would otherwise be taken as part of the variable name -- even # if it's punctuation!). Examples: # If the environment variable $VAR is set to `foo', then: # '$VAR' == '${VAR'} => ' [if ${VAR'} is undefined -- usually the case!]; # '${VAR}' => 'foo' ; "${VAR}" => "foo" ; ${VAR} => foo ; $VAR => foo ; # \$VAR => $VAR # 3) A \ character may be used in only 2 contexts: # \\ => \ ; \$ => $ # All other occurrences of a \ character are simply left intact as text. # 4) Some special `pine' tokens of the form _VAR_ are interpolated # (these mostly enable/disable some special cases of I/O-redirection): # _DATAFILE_ A `pine'-created (once-per-session) temporary file and # not used by `pine' (but deleted when `pine' exits); # for use by the filter(s) to record "state" information. # _PREPENDKEY_ Replaced by nil, but indicates that a once-per-session # random number (a "session key") be prepended to the # filter's usual input stream [it is unclear whether # this is always the filter's STDIN even if _TMPFILE_ is # specified? or even whether this prepended text is # newline-terminated? -- testing needs to be done here!]. # _RECIPIENTS_ Replaced by a list of email addresses for the current # recipients (To:, Cc:, Bcc:, Lcc:); needed by `pgp' to # find the (public) encryption key (from pubring.pgp) # for each of the recipients. # _RESULTFILE_ A `pine'-created temporary file that is expected to # contain a (one-line) status message from the filter; # `pine' displays this text in its message status field. # _TMPFILE_ Replaced by the name of a `pine'-created temporary file # and becomes both the input to the filter and the output # back to `pine' (the filter sees nothing on STDIN and # its STDOUT is ignored); if specified, don't do `pgp -f' # -- but `pgp -e -o _TMPFILE_ _TMPFILE_' probably won't # do what you want/need here either! # Note: I don't really know the actual order of the above nor the facts about # when tokenization actually occurs for the final `exec' arguments ... # much more experimentation is needed (or more detailed documentation # about `pine's innards from www.washington.edu). Alas ... # Note: The new `perl' script for these `pine' display filters generally # defaults all of the requisite arguments (these may be overridden by # specifying your own) but the special `pine' tokens (e.g., _TMPFILE_) # must still be specified where needed. # Note: The paths in the following filters should be adjusted as necessary, # but please note that `pine' requires an explicit path here! # # The following schemata are used in naming the `pine' sending filters # (the expectation is that it's all very obvious, no?): # pgp-sign[-image][-clearly|-opaquely|-with[out]-armor] # [-to-view|-with-name] # [-by-itself][-as-USER][-from-SECRING] # or pgp-armor[-image] # [-to-view|-with-name] # [-and-sign[-as-USER][-from-SECRING]] # or pgp-encrypt[-image][-with[out]-armor] # [-to-view|-with-name] # [-by-phrase|[-with[out]-self][-using-PUBRING]] # [-and-sign[-as-USER][-from-SECRING]] # where PUBRING is a mnemonic for a "public keyring" (the default is # $PGPPATH/pubring.pgp) to use for the encryption, SECRING is a mnemonic # for a "private/secret keyring" (the default is $PGPPATH/secring.pgp) # to use for the signature, and USER is a mnemonic for a string that # selects one of the private keys in the specified (or default) SECRING # (the default is the most recently added private key in SECRING or the # key selected by MYNAME in the user's config.txt file). # [Note that ASCII armor is tacitly assumed when encrypting and that # none of the "-with[out]-self", "-using-PUBRING", or "-from-SECRING" # phrases is currently used in the sending filters defined below -- # these are ideas to be implemented in a "smart" sending-filter script! # Similarly, the "-clearly" and "-opaquely" signing modifiers are not # honored here -- these are also left to that "smart" script!] # # Note: But see the new `perl' filter script that honors all of the above! # This `perl' script handles the '-clearly|-opaquely|[-with[out]]-armor' # phrases as follows: # -clearly -- sets +CLEARSIG=ON and forces the -a and -t options # -opaquely -- sets +CLEARSIG=OFF # -with-armor -- sets +CLEARSIG=OFF and forces the -a option # -without-armor -- sets +ARMOR=OFF and inhibits the -a option # [pgp-]armor -- sets +CLEARSIG=OFF and forces the -a option # Note: If none on the above phrases is present, the default is to apply ASCII # armor "covertly" (+ARMOR=ON); if armor is forced (or required), it is # applied "overtly" (-a); if armor is inhibited, it is denied "overtly" # (by setting +ARMOR=OFF and inhibiting any -a option). # Overtly forcing or inhibiting ASCII armor always implies +CLEARSIG=OFF # (a convention adopted by the `perl' script, not by `pgp' itself!). # ### The rationale for the above needs to be elaborated on here! ### # # Note that the unadorned filter name `pgp' is actually included # in the set of filter names below -- this should probably be one of: # 1) a (symbolic) link to /bin/pgp (or wherever the real `pgp' resides); # 2) an (executable) script in ~/bin (which invokes the real `pgp'); or # 3) an (executable) program in ~/bin ( ... ditto ... ). # Note that some systems have problems `exec'ing a script or can't/won't # pass the original "program name" to a script that is pointed to by a # symbolic link (at least under some conditions); in such cases you may # have to resort to (3) even if you would rather just have (2). # Read on! # #sending-filters=~/bin/pgp.sh/pgp-sign -u ${USER} +ARMORLINES=0 +VERBOSE=0 -fast, # ~/bin/pgp.sh/pgp-armor +ARMORLINES=0 +TEXTMODE=OFF +VERBOSE=0 -fa, # ~/bin/pgp.sh/pgp-armor-and-sign -u ${USER} +ARMORLINES=0 +TEXTMODE=OFF +VERBOSE=0 -fas, # ~/bin/pgp.sh/pgp-encrypt +ARMORLINES=0 +VERBOSE=0 -feat _RECIPIENTS_, # ~/bin/pgp.sh/pgp-encrypt-and-sign -u ${USER} +ARMORLINES=0 +VERBOSE=0 -feast _RECIPIENTS_, # ~/bin/pgp.sh/pgp-encrypt-to-view +ARMORLINES=0 +VERBOSE=0 -mfeat _RECIPIENTS_, # ~/bin/pgp.sh/pgp-encrypt-to-view-and-sign -u ${USER} +ARMORLINES=0 +VERBOSE=0 -mfeast _RECIPIENTS_, # ~/bin/pgp.sh/pgp-sign-as-root -u +ARMORLINES=0 +VERBOSE=0 -fast, # ~/bin/pgp.sh/pgp-armor-and-sign-as-root -u +ARMORLINES=0 +TEXTMODE=OFF +VERBOSE=0 -fas, # ~/bin/pgp.sh/pgp-encrypt-and-sign-as-root -u +ARMORLINES=0 +VERBOSE=0 -feast _RECIPIENTS_, # ~/bin/pgp.sh/pgp-encrypt-to-view-and-sign-as-root -u +ARMORLINES=0 +VERBOSE=0 -mfeast _RECIPIENTS_, # ~/bin/pgp.sh/pgp-sign-as-ph -u +ARMORLINES=0 +VERBOSE=0 -fast, # ~/bin/pgp.sh/pgp-armor-and-sign-as-ph -u +ARMORLINES=0 +TEXTMODE=OFF +VERBOSE=0 -fas, # ~/bin/pgp.sh/pgp-encrypt-and-sign-as-ph -u +ARMORLINES=0 +VERBOSE=0 -feast _RECIPIENTS_, # ~/bin/pgp.sh/pgp-encrypt-to-view-and-sign-as-ph -u +ARMORLINES=0 +VERBOSE=0 -mfeast _RECIPIENTS_, # ~/bin/pgp.sh/pgp-encrypt-by-phrase-to-view-and-sign-as-ph -u +ARMORLINES=0 +VERBOSE=0 -mfacts, # ~/bin/pgp.sh/pgp-encrypt-by-phrase-and-sign-as-ph -u +ARMORLINES=0 +VERBOSE=0 -facts, # ~/bin/pgp.sh/pgp-encrypt-by-phrase-to-view-and-sign-as-root -u +ARMORLINES=0 +VERBOSE=0 -mfacts, # ~/bin/pgp.sh/pgp-encrypt-by-phrase-and-sign-as-root -u +ARMORLINES=0 +VERBOSE=0 -facts, # ~/bin/pgp.sh/pgp-encrypt-by-phrase-to-view-and-sign -u ${USER} +ARMORLINES=0 +VERBOSE=0 -mfacts, # ~/bin/pgp.sh/pgp-encrypt-by-phrase-and-sign -u ${USER} +ARMORLINES=0 +VERBOSE=0 -facts, # ~/bin/pgp.sh/pgp-encrypt-by-phrase-to-view +ARMORLINES=0 +VERBOSE=0 -mfact, # ~/bin/pgp.sh/pgp-encrypt-by-phrase +ARMORLINES=0 +VERBOSE=0 -fact # sending-filters=~/bin/pgp.perl/pgp-sign -u ${USER}, ~/bin/pgp.perl/pgp-armor, ~/bin/pgp.perl/pgp-armor-and-sign -u ${USER}, ~/bin/pgp.perl/pgp-encrypt _RECIPIENTS_, ~/bin/pgp.perl/pgp-encrypt-and-sign -u ${USER} _RECIPIENTS_, ~/bin/pgp.perl/pgp-encrypt-to-view _RECIPIENTS_, ~/bin/pgp.perl/pgp-encrypt-to-view-and-sign -u ${USER} _RECIPIENTS_, ~/bin/pgp.perl/pgp-sign-as-root -u , ~/bin/pgp.perl/pgp-armor-and-sign-as-root -u , ~/bin/pgp.perl/pgp-encrypt-and-sign-as-root -u _RECIPIENTS_, ~/bin/pgp.perl/pgp-encrypt-to-view-and-sign-as-root -u _RECIPIENTS_, ~/bin/pgp.perl/pgp-sign-as-ph -u , ~/bin/pgp.perl/pgp-armor-and-sign-as-ph -u , ~/bin/pgp.perl/pgp-encrypt-and-sign-as-ph -u _RECIPIENTS_, ~/bin/pgp.perl/pgp-encrypt-to-view-and-sign-as-ph -u _RECIPIENTS_, ~/bin/pgp.perl/pgp-encrypt-by-phrase-to-view-and-sign-as-ph -u , ~/bin/pgp.perl/pgp-encrypt-by-phrase-and-sign-as-ph -u , ~/bin/pgp.perl/pgp-encrypt-by-phrase-to-view-and-sign-as-root -u , ~/bin/pgp.perl/pgp-encrypt-by-phrase-and-sign-as-root -u , ~/bin/pgp.perl/pgp-encrypt-by-phrase-to-view-and-sign -u ${USER}, ~/bin/pgp.perl/pgp-encrypt-by-phrase-and-sign -u ${USER}, ~/bin/pgp.perl/pgp-encrypt-by-phrase-to-view, ~/bin/pgp.perl/pgp-encrypt-by-phrase # # Note: For the conceptually-challenged, please observe that creating links # with "interesting" names does NOT create the indicated functionality; # these names must be associated with the appropriate commands, programs, # and/or scripts before anything interesting and useful will happen! # Note: For the shell-challenged, the following is offered as a way of setting # up all of those names for the `pine' filters: # # cd $HOME/bin # [Make private links in ~/bin] # # Something like the following needs to be done ... # ln -s /usr/uucc/exec/pgp pgp # [... or wherever `pgp' might reside] # or # cp /home/lneide/bin/pgp pgp # [... script to invoke `pgp' and wait] # chmod u+rx pgp # to set up something as ~/bin/pgp that hard-links can be attached to ... # # ln pgp pgp-decrypt # For " ... PGP MESSAGE ... " # ln pgp pgp-verify # " ... PGP SIGNED MESSAGE ... " # ln pgp pgp-glean # " ... PGP PUBLIC KEY BLOCK ... " # # ln pgp pgp-sign # `pgp -u $USER -fast` # ln pgp pgp-armor # `pgp -fa` # ln pgp pgp-armor-and-sign # `pgp -u $USER -fas` # ln pgp pgp-encrypt # `pgp -u $USER -feat ... ` # ln pgp pgp-encrypt-and-sign # `pgp -u $USER -feast ... ` # ln pgp pgp-encrypt-to-view # `pgp -u $USER -mfeat ... ` # ln pgp pgp-encrypt-to-view-and-sign # `pgp -u $USER -mfeast ... ` # ln pgp pgp-sign-as-root # `pgp -u root -fast` # ln pgp pgp-armor-and-sign-as-root # `pgp -u root -fas` # ln pgp pgp-encrypt-and-sign-as-root # `pgp -u root -feast ... ` # ln pgp pgp-encrypt-to-view-and-sign-as-root #-u root -mfeast ... # ln pgp pgp-sign-as-ph # `pgp -u ph -fast` # ln pgp pgp-armor-and-sign-as-ph # `pgp -u ph -fas` # ln pgp pgp-encrypt-and-sign-as-ph # `pgp -u ph -feast ... ` # ln pgp pgp-encrypt-to-view-and-sign-as-ph #-u ph -mfeast ... # # ln pgp pgp-encrypt-by-phrase-to-view-and-sign-as-ph # -mfacts # ln pgp pgp-encrypt-by-phrase-and-sign-as-ph #-u ph -facts # ln pgp pgp-encrypt-by-phrase-to-view-and-sign-as-root # -mfacts # ln pgp pgp-encrypt-by-phrase-and-sign-as-root #-u root -facts # ln pgp pgp-encrypt-by-phrase-to-view-and-sign #-u $USER -mfacts # ln pgp pgp-encrypt-by-phrase-and-sign # `pgp -u $USER -facts` # ln pgp pgp-encrypt-by-phrase-to-view # `pgp -mfact` # ln pgp pgp-encrypt-by-phrase # `pgp -fact` # # Yes, "hard" links to a "soft" link work perfectly well, and they're # quite efficient. Thanks for noticing ... # Note: The filter names above of the form "...-as-root" and "...-as-ph" # simply represent a way of selecting one of many signing keys for us # schizophrenics with multiple identities! If you also have multiple # identities (i.e., secret signing keys), change the names of these # filters to accommodate your personal situation (you will also need to # change the associated "-u " filter arguments appropriately). # Otherwise, just delete all of the above "...-as-..." filters. ################################################# # # # Comments Concerning Planned Future Features # # -- 02-Apr-97 # # # ################################################# # # It's a real pain to everyone that wants to use this `pgp' scheme within # `pine' to have to copy a script (~lneide/bin/pgp) in his personal bin # directory (or wherever) and then set up a bunch of links (soft or hard) # to that script so that the above-described functionality is available. # # It would be much more convenient for such a script to be generally available # to everyone (along with commonly used links or "aliases") so that only # link names (if any) peculiar to each user would have to be locally defined # in the user's bin directory (or wherever). It would also be convenient if # very few arguments (preferably none!) would need to be specified in the # `pine' filter definitions -- the link or "alias" name should indicate what # needs to be done and generate the required `pgp' arguments as necessary # (unless otherwise explicitly specified). # # The author's current thinking goes something like this: # # A `perl' script that: # 1) accepts any arguments (in the style) that `pgp' would accept, # 2) generates missing arguments from the name by which it was invoked # and having predefined links (or "aliases") for all meaningful `pgp' # functions that do not depend on user-specific parameters (but see the # environment-variable proposal below for some generally possible exceptions). # # In "decrypt"ing environments, the script should: # 0) force the '-f' option if no filename is present; # 1) force '+INTERACTIVE=ON' (unless explicitly specified); # 2) force '+PAGER=/bin/cat' (unless explicitly specified); # 3) force '+VERBOSE=0' (unless explicitly specified otherwise). # Link: pgp-decrypt[-and-verify] => pgp # pgp-[decrypt-and-]verify => pgp # pgp-glean => pgp -ka [_file_] # # A filename is really expected here! # # In "encrypt"ing environments, the script should: # 0) force the '-f' option if no filename is present; # 1) force '+ARMOR=YES' (the '-a' option) unless explicitly specified; # 2) force '+ARMORLINES=0' (unconditionally?); # 3) force '+TEXTMODE=OFF' if the "-armor" phrase is present, otherwise # force '+TEXTMODE=ON' (the '-t' option) unless explicitly specified; # 4) force the '-c' option if "-encrypt-by-phrase" is present, otherwise # force the '-e' option if "-encrypt" or "encrypt-with-PUBRING" is # present (in the latter case also force '+PUBRING="PUBRING"'); # 5) force the '-m' option if "-to-view" is present; # 6) force the '-s' option if "[-and]-sign" is present # (if "-sign-clearly" then also force '+CLEARSIG=ON', # if "-sign-opaquely" then also force '+CLEARSIG=OFF'); # 7) force '-u "USER"' if "-as-USER" is present; # 8) force '+SECRING="SECRING"' if "-from-SECRING" is present; # 9) force '+VERBOSE=0' (unless explicitly specified otherwise). ## # End of lengthy commentary about `pine', `pgp', and some other issues # by LeRoy N. Eide 28-Nov-96 through 05-Dec-96 ## related to pine-3.95 and its display/sending filtering capabilities ... ###