From: Alex Strasheim <alex@omaha.com>
Date: Thu, 1 Dec 94 18:32:45 PST
To: cypherpunks@toad.com
Subject: autodecrypting incoming mail
Message-ID: <199412020224.UAA01009@omaha>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

I've been fooling around with scripts which automatically decrypt incoming
mail, and I'm curious about how others are approaching the problem.  In 
particular, I'm interested in how Mime gets mixed in.

A problem with using a script which acts as a PGP aware pager to display
mail is that it would choke on certain types of Mime data, an attached
binary, for example.  The best solution to this problem would be a PGP
aware Mime mailer, but that's too hard for me, so I've been playing around
with scripts which will transform mail spool files with cyphertext in them
into mail spool files which are all plaintext.

First of all, I'm assuming that premail was used to encrypt the mail
automatically.  To try to get a handle for what's going on with the
headers, I've been sending mail from elm, pine, and /bin/mail and seeing
how they vary as encryption is added.  When encryption is used, premail 
always uses Mime headers, with a Content-Type field that says 
"application/x-pgp; format = mime".  When encryption isn't used, elm 
doesn't use Mime headers, but Pine does.  There are a few other 
differences between the various mail programs as well.  Elm, for example, 
has header fields which say how long the body is, while Pine doesn't.

This makes me wonder if the transformation that premail uses on outgoing 
mail is a reversible process.  Is it possible to transform a mail spool 
file so that it's exactly as it would have been if premail encryption 
hadn't been used?  It's pretty obvious that we don't need it to be 
completely reversible:  all that's needed is a header that will match the 
plaintext body.  But what factors need to be considered when the new 
header is constructed?  Specifically, which header fields would have to 
be modified?

Signatures complicate things further, because they add information to the
letter which has to be included in the plaintext somehow.  If the same
letter is sent twice with the same software, one signed and encrypted by
premail and the other sent normally, it's not good enough to transform the
first into a copy of the second.  Somehow the user has to be told if the
signature checked out.

Is it possible to add a Mime section that would contain this 
information?  Suppose, for example, we use Pine to send a letter.  The 
letter contains normal text and an attached binary.  This would mean that 
it would contain two sections in the body.  Does it make sense to decrypt 
the letter, check the signature, and construct a new three section body, 
with the added section containing the results of the signature check?  If 
we do that, how can we make the mailer display it?

I'm sorry to ask so many basic questions, but I don't know much about 
Mime.  I started using elm a long time ago, and I've stuck with it 
because it's comfortable.  I don't have a lot of experience with Mime 
mailers.  (If anyone could suggest a good cutting edge unix Mime mailer, 
I'd appreciate the pointer:  I think just using the software would help a 
lot.)

Thanks,

==
Alex Strasheim | finger astrashe@nyx.cs.du.edu
alex@omaha.com | for my PGP 2.6.1. public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBLt6FUxEpP7+baaPtAQGbrAQAoWCj9ilFdE59fj+6beOYdv8MGQ3BtlMP
ClfdJkQhbUheJx+vKtlvfw3/Cz8qiHpxy0QHqLbXzpTKrdN36xp1IbnAmFDGoFBz
pjaBZdLMI/Izjein6aeardeKnwnhgVC1X6jgrQUhYfRsa0fHzx1Hl9PXucgckHHn
gkQKsuIauR0=
=82Jv
-----END PGP SIGNATURE-----