-----BEGIN PGP SIGNED MESSAGE----- Privtool Beta Release --------------------- Privtool ("Privacy Tool") is intended to be a PGP-aware replacement for the standard Sun Workstation mailtool program, with a similar user interface and automagick support for PGP-signing and PGP-encryption. Just to make things clear, I have written this program from scratch, it is *not* a modified mailtool (and I hope that the Sun program code is much cleaner than mine 8-) !). It can be compiled using either Motif or the Xview toolkit. When the program starts up, it displays a list of messages in your mailbox, along with flags to indicate whether messages are signed or encrypted, and if they have had their signatures verified or have been decrypted. When you double click on a message, it will be decrypted (requesting your passphrase if neccesary), and/or will have the signature checked, and the decrypted message will be displayed in the top part of the display window, with signature information in the bottom part. The mail header is not displayed, but can be read by pressing the 'Header' button to display the header window. In addition, the program has support for encrypted mailing list feeds, and if the decrypted message includes another standard-format message it will replace the original message and be fed back into the display processing chain. A recent feature is support for decoding nymserver messages using premail. When composing a message or replying to one, the compose window has several check-boxes, including one for signature, and one for encryption. If these are selected, then the message will be automatically encrypted and/or signed (requesting your passphrase when neccesary) before it is sent. You may also select a 'Remail' box, which will use the Mixmaster anonymous remailer client program to send the message through one or more remailers. As a Beta release, it has a number of bugs and unimplemented features. Known Bugs: Mail file menu doesn't work! Don't check trust level or for revoked keys. In-Reply-To: handled incorrectly with multiple compose windows. Many properties updates from the properties window don't take effect until you exit the program and restart. Nym selection should be per-compose window, not global. 'Add Key' button only adds the first key in the message. The code in x.c breaks on versions of GCC if compiled with optimization enabled. If you can't 'save attachments' then recompile x.c without optimization. Unimplemented features: When you save changes to the mail file, it throws away the signature verification and decrypted messages, so that the next time you view a message it must be verified or decrypted again. Currently if you send encrypted mail to multiple recipients, all must have valid encrpytion keys or you will have to send the message decrypted. Also, the message will be sent encrypted to all users, not just the one who is receiving each copy. Code should be more modular to assist with ports to Xt, Motif (under way), Mac, Windows, etc. I may port it to C++ in the near future. Not very well documented! Encrypted messages are saved to mail files in encrypted form. There is currently no option to save messages in decrypted form. No support for anonymous return addresses. Not very well tested on Solaris 2.x, FreeBSD or SunOS. Limited support for attachments (either Sun, uuencode or MIME). Changes for 0.90: Code now compiles on SGI IRIX! Mixmaster code now checks reliability before sending the message. I'm now shipping a modified version of Premail which doesn't verify signatures on decoded messages, but instead leaves them in place for Privtool to process. Fixed failure to strip prepending - marks when clearsigned message has bad signature. Changed scrollbar setting when opening a new mailbox or saving changes; we now display the first unread message if there are no new messages. Moved 'Print' button to reduce accidental printouts. Updating kill filters and pgp key mappings in the properties window now works without restarting the program. Privtool can be compiled to either use PGP Tools, or to fork off a copy of PGP whenever it is needed. There are also a number of different security level options for the passphrase, varying from 'read it from PGPPASS and keep it in memory' to 'request it every time and delete it as soon as possible', via 'request it when neccesary and delete it if it's not used for a while'. I've now patched PGP Tools for Linux. The code is available on utopia.hacktic.nl as pgptools.linux.1.0.tar.gz. The official Privtool Web Page is at http://www.unicorn.com/privtool/privtool.html and the release site ftp://utopia.hacktic.nl/pub/crypto/pgp/utils/privtool/. See the README file for information on compiling the code, and the user.doc file for user documentation (the little that currently exists). You should also ensure that you read the security concerns section in user.doc before using the program. Mark Grant (mark@unicorn.com) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Charset: noconv iQC1AwUBM4stDqrJT5JmwV0FAQFJxAT/WCU8MEEMoFuXLgiqft7gcaf+9lWUpOTY BBBHf2xRGCaaqD1s3ttjtLmj46FFsYhQONZGKHQR5JSQALbqcAwff/rwJW3+xOio hwogSsSvbX3s6u3Pnq+h5WYagJT/RCfyLXa7z+eJTMdyY0HFxSLd/+ZAhyd98n1F eMpYpai+R1r6CWFL7voPuFNhvw5I4b6sTQACHZEOlq/8ZnOnTBdNeg== =qRD7 -----END PGP SIGNATURE-----