[Top] [All Lists]

Re: executing PGP-signed commands with procmail

1997-10-11 10:38:15
Hello Era!

 >            # 1. check signed exec command with pgp and strip
 >            #    signature to prevent replay attacks
 >         :B fbw
 >         ^^-----BEGIN PGP SIGNED MESSAGE-----$$exec
 >         | pgp +batchmode -f +pubring=$HOME/.pgp/authorized.pgp
I fail to see how this prevents replays.

Yes, you're right, my comment is misleading, replays are possible if
my messages are intercepted before they reach my procmailrc.  I just
wanted to point out that I strip the signature and replace the signed
message with the signed text instead of operating on a copy so that I
might misplace the original somewhere out in the open later.

my copy of PGP here doesn't even have the
+batchmode switch, does it do something I don't know about?

$ grep -i batchmode /usr/lib/pgp/*
/usr/lib/pgp/pgp.hlp:Use [+batchmode] for errorlevel returns
$ pgp
Pretty Good Privacy(tm) 2.6.3i - Public-key encryption for the masses.
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-01-18
International version - not for use in the USA. Does not use RSAREF.

Perhaps you should consider formail -rt instead?

With proper SMTP return address it boils down to a question of taste. 

Thanks for your input!

<Prev in Thread] Current Thread [Next in Thread>