-----BEGIN PGP SIGNED MESSAGE----- Hi, I've just released a new version of Privtool, with a large number of bugfixes and new features. It's available from ftp.c2.org as /pub/privtool/privtool-0.85.tar.gz, and in Europe from ftp.dsi.unimi.it in /pub/security/crypt/code, or from ftp.ox.ac.uk in /pub/crypt/pgp/utils. DUE TO US ITAR REGULATIONS, IF YOU ARE OUTSIDE THE US YOU SHOULD DOWNLOAD PRIVTOOL FROM A NON-US SITE. Dumb, but true... Documentation is also available on the WWW at http://www.c2.org/~mark/privtool/privtool.html. Mark Privtool Beta Release @(#)README.1ST 1.34 9/12/95 ----------------------------------------------------- Privtool ("Privacy Tool") is intended to be a PGP-aware replacement for the standard Sun Workstation mailtool program, with a similar user interface and automagick support for PGP-signing and PGP-encryption. Just to make things clear, I have written this program from scratch, it is *not* a modified mailtool (and I'd hope that the Sun program code is much cleaner than mine 8-) !). When the program starts up, it displays a list of messages in your mailbox, along with flags to indicate whether messages are signed or encrypted, and if they have had their signatures verified or have been decrypted. When you double click on a message, it will be decrypted (requesting your passphrase if neccesary), and/or will have the signature checked, and the decrypted message will be displayed in the top part of the display window, with signature information in the bottom part. The mail header is not displayed, but can be read by pressing the 'Header' button to display the header window. In addition, the program has support for encrypted mailing list feeds, and if the decrypted message includes another standard-format message it will replace the original message and be fed back into the display processing chain. When composing a message or replying to one, the compose window has several check-boxes, including one for signature, and one for encryption. If these are selected, then the message will be automatically encrypted and/or signed (requesting your passphrase when neccesary) before it is sent. You may also select a 'Remail' box, which will use the Mixmaster anonymous remailer client program to send the message through one or more remailers. Being an Beta release, there are a number of bugs and nonfeatures : Known Bugs : When you save changes to the mail file, it throws away the signature verification and decrypted messages, so that the next time you view a message it has to be verified or decrypted again. Privtool requires that the /usr/spool/mail directory is world-writable. Some versions of Linux are set up to have mail programs setgid mail, and have write access only to mail and root, causing hangs when saving changes. This will be fixed in the next release. Header window is not updated if left open. Date parsing on Linux is not quite correct. Problem with compose window layout if using Bcc: or extra header lines. Crashes if you tab from the Cc: field to the message body. Known Nonfeatures : Currently if you send encrypted mail to multiple recipients, all must have valid encrpytion keys otherwise you will have to send the message decrypted. Also, the message will be sent encrypted to all users, not just the one who is receiving each copy. Only one display window. Code should be more modular to assist with ports to Xt, Motif, Mac, Windows, etc. Not very well documented ! Encrypted messages are saved to mail files in encrypted form. There is currently no option to save messages in decrypted form. No support for anonymous return addresses. Not very well tested on Solaris 2.x, or Linux. Changes for 0.85: Support for Reply-To: addresses in message headers. If you have PGP Tools, then the passphrase is now stored in MD5 form rather than as ASCII text. This will make it harder to steal your passphrase if you're running on a multi-user machine (which you shouldn't be, but many of us are). Improved documentation. 'New mail' indicator in icon now goes away if you open the window and close it again without reading any messages. Support for multiple compose windows - no more pressing 'Reply' and screaming because you deleted the message you were editing ! Query on exit if any compose windows are open. Show busy cursor for time-consuming operations. Kill-by-name and Kill-by-subject now work correctly. 'Add Key' button now works. Optionally beep on bad signature. Added various changes from Anders Baekgaard (baekgrd@ibm.net), we can how use a more normal icon if preferred, pass arguments on the command line, specify the font to use, support the 'showto' option, allow X-resources to be set up, fix a bug in Linux which showed the message list as a black box, cleaned up some warnings from x.c, support bcc:, and have an option for a simplified, smaller, display layout for machines with small screens. Fixed some memory leaks in deliver_proc (). Anders finally got the scrollbar to go to the right place when opening mail files ! Yay !!!! Fixed bad arguments that were being passed to bzero() in pgplib.c and potentially causing random memory overwrites. Fix for Linux icon corruption from A J Teeder (ajteeder@dra.hmg.gb). Added 'resend' to resend a message that failed the first time. Added Linux-specific Makefile, now that I have my own Linux box to test it on. Fixed SEGV when delivering messages (with some .mailrc files), caused by a bug in the alias-handling code. Privtool can be compiled to either use PGP Tools, or to fork off a copy of PGP whenever it is needed. There are also a number of different security level options for the passphrase, varying from 'read it from PGPPASS and keep it in memory' to 'request it every time and delete it as soon as possible', via 'request it when neccesary and delete it if it's not used for a while'. Unfortunately, PGP Tools (or at least the version that I have) does not appear to work correctly on Linux. See the README file for information on compiling the code, and the user.doc file for user documentation (the little that currently exists). You should also ensure that you read the security concerns section in user.doc before using the program. Mark Grant (mark@unicorn.com) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQEVAgUBMFileFVvaTo9kEQVAQFU6ggAk9MWUkT3b6b6dGpzZSiCR/pGM6SMdXIP ZCcE546a65cOl3esgdVSSUlaw3SDGt1FxuHB/pzPqTJBqaZNsPoSrvZbPSz0Fcl7 GjuDCGFIm4vPYi8tgoTc2WPbj4E0w1O5+vZvZWwvm/TrzfYNeMnlI3wWb18U+TXF hj9tOKbd1rmzx3an/ZGgfFzwlKtidPbLhOPxxv7XWFkpZAXbKAesKPw85sNilxy4 NwerRu9OAXBVNHGgJfM6S6+qfYygCuzIodseMwpOU+7uL1MfvB6LFJ5WL3di3FdA Hnv2CKbqmEVWlFc1TIY0mK6Ze+U/uRlgbM04/GLk1X3qM8r4SQUqwg== =jd5V -----END PGP SIGNATURE-----