Thanks for all the help. I was able to get it to work just fine. The purpose
of what I am trying to do is to make a modification to Majordomo so that it
can support encrypted email lists, which could be a hedge against mis-use of
the US government's TIA program.
On Mon, 13 Jan 2003, Professional Software Engineering wrote:
Date: Mon, 13 Jan 2003 18:36:15 -0800
From: Professional Software Engineering
<PSE-L(_at_)mail(_dot_)professional(_dot_)org>
Reply-To: procmail(_at_)Lists(_dot_)RWTH-Aachen(_dot_)DE
To: procmail(_at_)Lists(_dot_)RWTH-Aachen(_dot_)DE
Subject: Re: HELP! How can I decrypt encrypted messages?
At 16:15 2003-01-13 -0800, Chuck Harding wrote:
the marker line with the clear text. I figured out that the patterns
to look for are Content-type: application/pgp; x-action=encrypt; format=text
in the headers or possibly -----BEGIN PGP MESSAGE----- in the body and in
That tagline exists for _signed_ text as well. I'd strongly advise against
auto-extracting a signature, since anyone can send you a message _claiming_
to have already been extracted, and it'll bop right on through and you
won't know the difference.
For that matter, auto-decrypting messages has it's own problems, but I'll
assume you have your reasons. I also presume this is for personal
correspondance not conducted on a government system or that of a
_government_contractor_, since there may be specific laws regulating
handling of encrypted correspondance on such systems, even if the
correspondance itself isn't of an official nature.
The closest I could find was using pgp to do it but the options aren't
quite the same and the action line isn't really doing what I want which
is to preserve all the headers and anything in the message body that isn't
bounded by the BEGIN and END PGP MESSAGE markers.
Problem: Multiple begin and end markers, as well as begins and ends which
are encapsulated within signed text (for instance).
The script can deal with this situation by perhaps making multiple passes over
the message body.
# tweak content-type condition as appropriate - perhaps you need to
# look for it in the body.
:0Wbf
* ^Content-Type:[ ]*application/pgp
| some_script_to_deal_with_gpg
How you write the script is up to you, but as far as procmail goes, this
will match on whatever criteria you specify that identifies the message as
being crypted, and will treat the invoked program as a FILTER, passing it
the BODY of the message (remove the 'b' flag if you want to pass the whole
message in the event that you have to tweak the headers - seeing as you're
changing the message type, this is probable). 'W' says to wait for the
program completion and if it wasn't successful, treat the message as having
not been filtered (i.e. output from the run program won't be used).
Write your script (shell, perl, whatever) to return an error if the data
isn't _really_ encrypted, and otherwise to decrypt the individual bits, and
you're set. You'll need to contend with multipart messages -- procmail
doesn't split attachments - it treats the WHOLE MESSAGE BODY AS ONE
COMPONENT, so expect to either use a MIME library of some sort or call
mimedecode or similar.
Yes, that's what I'm doing.
The gpg list, which I'm sure exists someplace, is the appropriate place to
follow up about how to get the script you need to write working (and for
that matter, what headers they place in a message signifying that it is
encrypted).
[snip]
That's a whopper of a sigline. Are you sure you need to add a random
saying to it, along with the banner for the program that adds it?
Is this more to your liking? ;-)
--
Charles D. (Chuck) Harding <charding(_at_)llnl(_dot_)gov> Voice: 925-423-8879
Senior Computer Associate Fax: 925-422-8920
Computation Directorate, Lawrence Livermore National Laboratory
Livermore, CA USA http://www.llnl.gov GPG Public Key ID: B9EB6601
-- Keep London tidy... Shoot a pigeon. --
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail