Re: "Email-Firewalls" / Instant Corporate PGP
From: Vincent.Cate@FURMINT.NECTAR.CS.CMU.EDU
#!/bin/csh -f # # Vince Cate
setenv PGPPATH /usr/vac/pgp setenv PGPPASS "not really vinces passphrase"
cd $PGPPATH
cat > mailtmp.asc
egrep 'Date:|From:|Subject:|To:' mailtmp.asc > mailtmp echo " " >> mailtmp
pgp -f < mailtmp.asc >> mailtmp
/usr/ucb/mail -s "Was encrypted" vac < mailtmp
exit 0
A more secure way is not to setenv PGPPASS but rather: setenv PGPPASSFD 1 and then (echo "vinces passphrase" ; cat mailtmp.asc) | pgp -f >> mailtmp The PGPPASSFD means take the passphrase from file descriptor 1, which is the standard input. This way it never appears in the environment of a process. Many unix systems have a switch to ps to show all processes' environments. Hal
-----BEGIN PGP SIGNED MESSAGE-----
A more secure way is not to setenv PGPPASS but rather: setenv PGPPASSFD 1 and then (echo "vinces passphrase" ; cat mailtmp.asc) | pgp -f >> mailtmp
The PGPPASSFD means take the passphrase from file descriptor 1, which is the standard input. This way it never appears in the environment of a process. Many unix systems have a switch to ps to show all processes' environments.
I thought stdin was 0, and stdout was 1... - -- Ed Carp, N7EKG/VE3 ecarp@netcom.com 519/824-3307 Finger ecarp@netcom.com for PGP 2.3a public key an88744@anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLd9ttCS9AwzY9LDxAQFS8AP/YdcP2+2q/4en/CfOMT1CmiTDNMYHkHre 7r9u3I3wT4kvO525+rEvN5o4/QY0xIlSk1DVgdHI6s+mgthxCQOC+J+2nI22Ojq5 i3pwr+Wkdq9DAmKLVfKqEVxZ2wqnJtE7nZHrio03V6zMFlotyjp3HsQeM5g+uVgY 2k/GraN3P6k= =Trn6 -----END PGP SIGNATURE-----
participants (2)
-
ecarp@netcom.com -
Hal