more about the usefulness of PGP
-----BEGIN PGP SIGNED MESSAGE----- Here's an idea that I always wanted to implement but never did yet. I thought I'd share and if someone else has already done it let me have a copy. I should be able to execute scripts remotely by sending e-mail to an account. Simple mail-handling scripts at that account should check the PGP signature (and timestamp/counter to prevent replay/delay attacks) and then pass the contents to a full script-language interpreter. Perl is a natural choice of interpreter. Has anybody implemented this (hopefully complete with replay/delay prevention)? Thanks! Bryce P.S. No, actually I can't think of any good use for this trick. But maybe if I had it I would find good uses for it. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMd7FIEjbHy8sKZitAQHhRQMAmZoekRgmUKSYv89/QrkzRFdTUZLZHK8a tlaXLtyJXrOjajxJRVvXWY7Rum6mVXe/4eHTPCGzzWQdXMJB/TJSQeRmTuSiSd9i 0DtWcQSmP4q5AFor48NtNvqAOEonf5Vi =My90 -----END PGP SIGNATURE-----
make sure that you are protected from replay attacks. a good idea would be to make the server to send cookies by request of the remote user (you can limit the number of people to whom the server sends cookies) and make sure that messages without the latest cookie will NOT be executed. igor bryce@digicash.com wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Here's an idea that I always wanted to implement but never did yet. I thought I'd share and if someone else has already done it let me have a copy.
I should be able to execute scripts remotely by sending e-mail to an account. Simple mail-handling scripts at that account should check the PGP signature (and timestamp/counter to prevent replay/delay attacks) and then pass the contents to a full script-language interpreter.
Perl is a natural choice of interpreter. Has anybody implemented this (hopefully complete with replay/delay prevention)?
Thanks!
Bryce
P.S. No, actually I can't think of any good use for this trick. But maybe if I had it I would find good uses for it.
-----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2
iQB1AwUBMd7FIEjbHy8sKZitAQHhRQMAmZoekRgmUKSYv89/QrkzRFdTUZLZHK8a tlaXLtyJXrOjajxJRVvXWY7Rum6mVXe/4eHTPCGzzWQdXMJB/TJSQeRmTuSiSd9i 0DtWcQSmP4q5AFor48NtNvqAOEonf5Vi =My90 -----END PGP SIGNATURE-----
- Igor.
bryce@digicash.com wrote:
Here's an idea that I always wanted to implement but never did yet. I thought I'd share and if someone else has already done it let me have a copy.
I should be able to execute scripts remotely by sending e-mail to an account. Simple mail-handling scripts at that account should check the PGP signature (and timestamp/counter to prevent replay/delay attacks) and then pass the contents to a full script-language interpreter.
Perl is a natural choice of interpreter. Has anybody implemented this (hopefully complete with replay/delay prevention)?
Thanks!
Bryce
P.S. No, actually I can't think of any good use for this trick. But maybe if I had it I would find good uses for it.
I'd been thinking of something along those lines as well, but never got around to actually trying it. But I had some free time yesterday and got a system setup which uses procmail to pass on the message to a perl script which then decrypts the message if necessary and checks the signature. If the signature is good it then executes the scrypt, encrypts the output from the script, and mails it back. I haven't had a chance to do any extensive testing, and it doesn't have any replay/delay prevention yet. I should have some time in a day or two to clean it up though. Just wanted to let you know that someone is working on it. I don't want to distribute it yet, since it is still rather messy and possibly buggy. --Matt -- mcarpent@mailhost.tcs.tulane.edu
-----BEGIN PGP SIGNED MESSAGE----- Cool stuff, Matthew. You've gotta think about replay and delay attacks though. A good start is to include a time-stamp in the authenticated message (I'm not sure if PGP's built-in timestamp is authenticated. Anyone?), save the latest timestamp which you have authenticated, and reject messages unless they have an authenticated time-stamp later than that one. What fun! Keep me informed. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMeORJ0jbHy8sKZitAQF/zgL9EbVUojASbX/TAY6YrS6hzUYR+6sE7bHI x01b12Yt2mQzWq//t636ROO1hzM/in9Co5jWjRhN6pQSnjNVI+OQC8iGw1eZm2c/ /lZ/MCqN+T5UvGgzNc62HyAWBZ9fIm/9 =2MGB -----END PGP SIGNATURE-----
participants (4)
-
bryce@digicash.com -
Derek Atkins -
ichudov@algebra.com -
Matthew Carpenter