Privtool 0.85 Released

Rev. Mark Grant mark at unicorn.com
Thu Sep 14 15:00:55 PDT 1995 

-----BEGIN PGP SIGNED MESSAGE-----


Hi,

I've just released a new version of Privtool, with a large number of
bugfixes and new features. It's available from ftp.c2.org as
/pub/privtool/privtool-0.85.tar.gz, and in Europe from
ftp.dsi.unimi.it in /pub/security/crypt/code, or from ftp.ox.ac.uk
in /pub/crypt/pgp/utils.

DUE TO US ITAR REGULATIONS, IF YOU ARE OUTSIDE THE US YOU SHOULD
DOWNLOAD PRIVTOOL FROM A NON-US SITE. Dumb, but true...

Documentation is also available on the WWW at 
http://www.c2.org/~mark/privtool/privtool.html.

	Mark




	Privtool Beta Release	@(#)README.1ST	1.34 9/12/95
	-----------------------------------------------------

Privtool ("Privacy Tool") is intended to be a PGP-aware replacement 
for the standard Sun Workstation mailtool program, with a similar user 
interface and automagick support for PGP-signing and PGP-encryption. Just 
to make things clear, I have written this program from scratch, it is
*not* a modified mailtool (and I'd hope that the Sun program code
is much cleaner than mine 8-) !). 

When the program starts up, it displays a list of messages in your 
mailbox, along with flags to indicate whether messages are signed 
or encrypted, and if they have had their signatures verified or 
have been decrypted.

When you double click on a message, it will be decrypted (requesting
your passphrase if neccesary), and/or will have the signature checked,
and the decrypted message will be displayed in the top part of the
display window, with signature information in the bottom part. The
mail header is not displayed, but can be read by pressing the 'Header'
button to display the header window. In addition, the program has
support for encrypted mailing list feeds, and if the decrypted
message includes another standard-format message it will replace
the original message and be fed back into the display processing
chain.

When composing a message or replying to one, the compose window has
several check-boxes, including one for signature, and one for
encryption. If these are selected, then the message will be automatically
encrypted and/or signed (requesting your passphrase when neccesary) before
it is sent. You may also select a 'Remail' box, which will use the
Mixmaster anonymous remailer client program to send the message through
one or more remailers.

Being an Beta release, there are a number of bugs and nonfeatures :

Known Bugs :

	When you save changes to the mail file, it throws away the
	signature verification and decrypted messages, so that the
	next time you view a message it has to be verified or decrypted
	again.

	Privtool requires that the /usr/spool/mail directory is
	world-writable. Some versions of Linux are set up to have
	mail programs setgid mail, and have write access only to
	mail and root, causing hangs when saving changes. This will
	be fixed in the next release.

	Header window is not updated if left open.

	Date parsing on Linux is not quite correct.

	Problem with compose window layout if using Bcc: or extra
	header lines.

	Crashes if you tab from the Cc: field to the message body.

Known Nonfeatures :

	Currently if you send encrypted mail to multiple recipients, all must
	have valid encrpytion keys otherwise you will have to send the
	message decrypted. Also, the message will be sent encrypted to all
	users, not just the one who is receiving each copy.

	Only one display window.

	Code should be more modular to assist with ports to Xt, Motif, Mac,
	Windows, etc. 

	Not very well documented !

	Encrypted messages are saved to mail files in encrypted form. There
	is currently no option to save messages in decrypted form.

	No support for anonymous return addresses.

	Not very well tested on Solaris 2.x, or Linux.

Changes for 0.85:

	Support for Reply-To: addresses in message headers.

	If you have PGP Tools, then the passphrase is now stored in
	MD5 form rather than as ASCII text. This will make it harder
	to steal your passphrase if you're running on a multi-user
	machine (which you shouldn't be, but many of us are).

	Improved documentation.

	'New mail' indicator in icon now goes away if you open the
	window and close it again without reading any messages.

	Support for multiple compose windows - no more pressing
	'Reply' and screaming because you deleted the message you
	were editing !

	Query on exit if any compose windows are open.

	Show busy cursor for time-consuming operations.

	Kill-by-name and Kill-by-subject now work correctly.

	'Add Key' button now works.

	Optionally beep on bad signature.

	Added various changes from Anders Baekgaard (baekgrd at ibm.net),
	we can how use a more normal icon if preferred, pass arguments
	on the command line, specify the font to use, support the
	'showto' option, allow X-resources to be set up, fix a bug
	in Linux which showed the message list as a black box, cleaned
	up some warnings from x.c, support bcc:, and have an option
	for a simplified, smaller, display layout for machines with
	small screens.

	Fixed some memory leaks in deliver_proc ().

	Anders finally got the scrollbar to go to the right place
	when opening mail files ! Yay !!!!

	Fixed bad arguments that were being passed to bzero() in
	pgplib.c and potentially causing random memory overwrites.

	Fix for Linux icon corruption from A J Teeder (ajteeder at dra.hmg.gb).

	Added 'resend' to resend a message that failed the first
	time.

	Added Linux-specific Makefile, now that I have my own Linux
	box to test it on.

	Fixed SEGV when delivering messages (with some .mailrc files), 
	caused by a bug in the alias-handling code.

Privtool can be compiled to either use PGP Tools, or to fork off a copy of
PGP whenever it is needed. There are also a number of different security
level options for the passphrase, varying from 'read it from PGPPASS and
keep it in memory' to 'request it every time and delete it as soon as
possible', via 'request it when neccesary and delete it if it's not used
for a while'.

Unfortunately, PGP Tools (or at least the version that I have) does not 
appear to work correctly on Linux.

See the README file for information on compiling the code, and the
user.doc file for user documentation (the little that currently 
exists). You should also ensure that you read the security concerns
section in user.doc before using the program.

		Mark Grant (mark at unicorn.com)



-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAgUBMFileFVvaTo9kEQVAQFU6ggAk9MWUkT3b6b6dGpzZSiCR/pGM6SMdXIP
ZCcE546a65cOl3esgdVSSUlaw3SDGt1FxuHB/pzPqTJBqaZNsPoSrvZbPSz0Fcl7
GjuDCGFIm4vPYi8tgoTc2WPbj4E0w1O5+vZvZWwvm/TrzfYNeMnlI3wWb18U+TXF
hj9tOKbd1rmzx3an/ZGgfFzwlKtidPbLhOPxxv7XWFkpZAXbKAesKPw85sNilxy4
NwerRu9OAXBVNHGgJfM6S6+qfYygCuzIodseMwpOU+7uL1MfvB6LFJ5WL3di3FdA
Hnv2CKbqmEVWlFc1TIY0mK6Ze+U/uRlgbM04/GLk1X3qM8r4SQUqwg==
=jd5V
-----END PGP SIGNATURE-----

More information about the cypherpunks-legacy mailing list