why pgp sucks

Hal hfinney at shell.portal.com
Fri Feb 10 12:27:59 PST 1995


Eric Hollander <hh at xcf.Berkeley.EDU> writes:

>if i use a command like

>	pgp filename

>it will automatically figure out the right thing to do with the file.  if
>it's encrypted, and i have the key, it will attempt to decrypt it.  if it
>contains keys, it will ask if i want to add them to my keyring.  if it's
>signed, it checks the signature.

>this sucks!

>if i'm trying to write a program to automatically process incoming mail (for
>instance, to see if it's encrypted with a specific key), i certainly don't
>want to have the possibility of people being able to add garbage to my
>keyring just by mailing it to me.

In my remailer, I use: pgp -f < infile > outfile.  This won't add keys.
If you capture standard error you can parse it (grep is probably good
enough) to see whether the message was signed, encrypted, had a bad
signature, had keys, etc.

Hal






More information about the cypherpunks-legacy mailing list