Alpha testers wanted: GNU Emacs, RMAIL, and PGP
-----BEGIN PGP SIGNED MESSAGE----- I have just finished writing a fancy new package for GNU Emacs (pgpmail). It requires PGP, RMAIL, and sendmail. You must be able to run a program from within Emacs. Pgpmail automaticaly checks message signatures and decrypts messages, it helps automate signing outgoing messages (and strips the signatures a bit too!). Pgpmail also helps fix a known security hole -- it doesn't send you passphrase on the command line, but uses the environment instead. If you would like to be an early alpha tester for my software, *and* feel you would provide lots of testing please reply to me directly. j' - -- O I am Jay Prime Positive jpp@markv.com 1250 bit key fingerprint = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit key fingerprint = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys by `finger jpp@markv.com' or mail to pgp-public-keys@pgp.mit.edu Your feedback is welcome, directly or via symbol JPP on hex@sea.east.sun.com -----BEGIN PGP SIGNATURE----- iQBXAgUBLFTK8NC3U5sdKpFdAQG9bwIJAcsJgRnxpKRPcC9EM1qIsXNvFsK9AiRQ g9IqbsWHi2OIyWvsGrf7YEkZkNojOszgkY3AFlddCZvDueapGMmJHuTx -----END PGP SIGNATURE-----
Date: Mon, 26 Jul 93 23:28:36 PDT From: jpp@markv.com Sender: jpp@markv.com I have just finished writing a fancy new package for GNU Emacs (pgpmail). It requires PGP, RMAIL, and sendmail. You must be able to run a program from within Emacs. Pgpmail automaticaly checks message signatures and decrypts messages, it helps automate signing outgoing messages (and strips the signatures a bit too!). Pgpmail also helps fix a known security hole -- it doesn't send you passphrase on the command line, but uses the environment instead. I may be missing something, but isn't this less secure than using the command line? Anyone on the system can do a "ps -e" whilst you are encrypting to get the environment of the pgp process. If you use the -z option to pass the passphrase to pgp, that argument gets cleared by pgp immedaitely when it executes, so it is not available for very long. An even better way would be to use the file descriptor method of giving the passphrase to pgp. Not sure how you would do this in elisp, but that's how I did it in NXPGP (pgp front end for NeXT). Well, the newest version anyway, which is still being beta tested (anyone want to help?). -Sam
-----BEGIN PGP SIGNED MESSAGE----- Learn something new every day. On *my* (SCO unix) system it is easy to read the command line via ps. On *my* system ps -e reports on every process, not the environment. I can find no reference to 'environment' in the ps man page. Finaly, after talking with a more knowledgeable-than-I unix guru, I felt that the environment was a safer place to put the passphrase. But, since there is at least one place where this is not true (and after reading some BSD man pages, it seems there a quite a few), I will have to *improve* my code. I will offer all three ways (environment, command line, and file-descriptor) to input a passphrase. (And will try to figure out how to read the environment of other processes under Sys V...) I would apreciate input from unix gurus out there about which systems make the environment hard to read, and which easy; and similar stuff about the command line, and pipes. Thanks for your help making pgpmail even better! j' - -- O I am Jay Prime Positive jpp@markv.com 1250 bit key fingerprint = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit key fingerprint = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys by `finger jpp@markv.com' or mail to pgp-public-keys@pgp.mit.edu Your feedback is welcome, directly or via symbol JPP on hex@sea.east.sun.com -----BEGIN PGP SIGNATURE----- iQBXAgUBLFThN9C3U5sdKpFdAQHwmQIMDENppnUL3Y+KeteuUstqklcFD37+zZed p7RY/FExSg1Axi96plNWXTD3UhOV7P0z1LQsaqi6W63HS4O0lkMsO7sf -----END PGP SIGNATURE-----
participants (2)
-
b44729@achilles.ctd.anl.gov -
jpp@markv.com