On Wed, 15 Jan 2003, Professional Software Engineering wrote:
Date: Wed, 15 Jan 2003 11:19:33 -0800
From: Professional Software Engineering
<PSE-L(_at_)mail(_dot_)professional(_dot_)org>
Reply-To: procmail(_at_)Lists(_dot_)RWTH-Aachen(_dot_)DE
To: procmail(_at_)Lists(_dot_)RWTH-Aachen(_dot_)DE
Subject: Re: HELP! How can I decrypt encrypted messages?
At 10:41 2003-01-15 -0800, Chuck Harding did say:
Thanks for all the help. I was able to get it to work just fine.
Great. Now, post the scripts so the next guy trying to do this will be
able to. <g>
Still working on making multiple passes on the message body, but I suppose
I could post what I have so far. I have also incorporated some of your
suggestions for which I will be giving you credit in the copyleft and
documentation. So see at the bottom. Also everyone please remember that this
is a discussion list for procmail, not a perl discussion list B-)
The purpose of what I am trying to do is to make a modification to
Majordomo so that it can support encrypted email lists
I take it that users send encrypted messages to the list, the list decrypts
them, then re-encrypts them with it's own key?
Yes, that's the idea, although I was also considering having Majordomo encrypt
the message with the key of each subscriber which would either be supplied
in the subscribe message from the potential subscriber, or obtained from a
public key server based on the email address in the subscribe message, rather
than a generic Majordomo key. I plan on doing some tests on which would be more
efficient and more secure.
Problem: Multiple begin and end markers, as well as begins and ends which
are encapsulated within signed text (for instance).
The script can deal with this situation by perhaps making multiple passes
over the message body.
Well, uh, I wasn't talking so much of text which would appear AFTER a
section was decrypted, but rather, something that might appear like so:
***opening tag***
so and so said:
***opening tag***
blah
***closing tag***
so I ignored him.
***closing tag***
Your problem is in needing to match tag pairs appropriatley, rather than
locating the first open and grabbing to the first close (which in the above
example, is really paired to the SECOND open). Nor can you simply match
the first open and the last close (two crypted bodies in one message will
boff this up for you). Also, you need to contend with the possibility
(nay, PROBABILITY) that someone may quote something and trim it such that
only one of the tags is there, rather than both:
***opening tag***
so and so said:
***opening tag***
blah
so I ignored him.
***closing tag***
It's the _signed_ content, rather than _crypted_ content which will cause
you grief if not handled properly -- the crypted content won't have
plaintext in the midst of it.
[snip]
I'm not the .sig police - I was just commenting that the massiveness of
your .sig could be uncomfortable for some recipients. <g>
I'm spoiled, I guess, from having such a fat pipe here at the lab and having
a broadband (cable) connection at home and forgot to consider those that still
pay for email download by the byte. Mea culpa...
----------------- mail_decrypt script follows --------------------------
#!/usr/local/bin/perl
#
# decrypt a gpg encrypted message maintaining the headers
# except the Content-Type gets changed to text/plain but
# the original Content-Type gets changed to X-Original-Content-Type
#
# input is from STDIN, output is to STDOUT
#
while (<STDIN>) {
chomp;
if (/^Content-type: application\/pgp/) { # maybe is encrypted
print "X-Original-$_\n"; # modify headers
print "Content-type: text/plain; charset: us-ascii\n";
while (<STDIN>) {
last if (/^-----BEGIN PGP MESSAGE-----/);
print;
}
if (/^-----BEGIN/) {
$tf = "/tmp/decrypt.$$";
open TF,">$tf" or die "Could not open temporary file $tf for
writing: $!";
print TF;
while ($_ = <STDIN>) {
print TF;
last if (/^-----END PGP MESSAGE-----/);
}
if (! /^-----END PGP MESSAGE-----/) {
print TF "-----END PGP MESSAGE-----\n";
}
close TF;
@rtnmsg = `cat $tf | gpg --decrypt --batch`;
print "-----BEGIN DECRYPTED MESSAGE-----\n";
foreach (@rtnmsg) {
print;
}
print "-----END DECRYPTED MESSAGE-----\n";
} else {
exit 1; # no encrypted text in body in spite of what the
# Content-type header says
}
} else {
print "$_\n";
}
}
exit 0;
-------------------End of mail_decrypt script---------------------------
--
Charles D. (Chuck) Harding <charding(_at_)llnl(_dot_)gov> Voice: 925-423-8879
Senior Computer Associate Fax: 925-422-8920
Computation Directorate, Lawrence Livermore National Laboratory
Livermore, CA USA http://www.llnl.gov GPG Public Key ID: B9EB6601
-- Make up a language and ask people for directions. --
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail