why pgp sucks

Eric Hollander hh at xcf.Berkeley.EDU
Fri Feb 10 11:03:28 PST 1995

if i use a command like

	pgp filename

it will automatically figure out the right thing to do with the file.  if
it's encrypted, and i have the key, it will attempt to decrypt it.  if it
contains keys, it will ask if i want to add them to my keyring.  if it's
signed, it checks the signature.

this sucks!

if i'm trying to write a program to automatically process incoming mail (for
instance, to see if it's encrypted with a specific key), i certainly don't
want to have the possibility of people being able to add garbage to my
keyring just by mailing it to me.

is there a way of saying

	pgp -decrypt-with-key user_id filename

and have it return some error code indicating whether or not the file was in
fact encrypted with user_id, and also gauranteeing that it won't do other
fun stuff with the file, like add it to my keyring?

is there a way of using pgp in a diagnostic mode, to just inform me of what
the file contains (is it signed and/or encrypted, from who and to whom?),
without processing it, and without interaction, and without messing around
with the keyring?  has anyone written some scripts to do this kind of thing?

or should i just wait until some of the groups working on the other
encryption software get it out?


More information about the cypherpunks-legacy mailing list