1994-05-22 - Re: “Email-Firewalls” / Instant Corporate PGP

Header Data

From: Vincent.Cate@FURMINT.NECTAR.CS.CMU.EDU
To: outnews+netnews.alt.security.pgp@andrew.cmu.edu
Message Hash: a1dd9b9efe9690d2e689f4a770e424e6629a227b9a2f0e54d31863572316f79b
Message ID: <769636657/vac@FURMINT.NECTAR.CS.CMU.EDU>
Reply To: N/A
UTC Datetime: 1994-05-22 20:05:42 UTC
Raw Date: Sun, 22 May 94 13:05:42 PDT

Raw message

From: Vincent.Cate@FURMINT.NECTAR.CS.CMU.EDU
Date: Sun, 22 May 94 13:05:42 PDT
To: outnews+netnews.alt.security.pgp@andrew.cmu.edu
Subject: Re: "Email-Firewalls" / Instant Corporate PGP
Message-ID: <769636657/vac@FURMINT.NECTAR.CS.CMU.EDU>
MIME-Version: 1.0
Content-Type: text/plain



ecarp@netcom.com (Ed Carp):
>I thought stdin was 0, and stdout was 1...

That works much better!!!!    Thanks.

I also made an outgoing "pgp-send" and renamed the incoming to
"pgp-receive".  The pgp-send can be used for many users but does need a
new line in your .maildelivery for each.  

They are both FTPable from:

     ftp://furmint.nectar.cs.cmu.edu/security 

I also include them below.

   -- Vince


#!/bin/csh -f
#
#  pgp-send
#
#  This lets you set up mail addresses like "vac+eric" so you
#  can send that you send encrypted mail without any extra work.
#  To use this add lines like the following to your .maildelivery
#  file:
#
#  Addr vac+tovince      pipe ? /usr/vac/pgp/pgp-send vac+pgp@cs.cmu.edu
# 
#  The "vac+tovince" is your own alias for this person.  The 
#  vac+pgp@cs.cmu.edu is both the mailing address and what PGP uses 
#  to find the key.
# 
#  This assumes PGPPATH is set and pgp is on your PATH.
#  If not either fix that, or add a "cd" to that directory.
#
#  Note that the unecrypted mail will be on your machine a little 
#  longer this way so this is a bit less secure than encrypting the 
#  mail by hand.  However, this is a short period, and if your 
#  machine's security is broken they could have read your mail as you 
#  wrote it. 
#
#  With this, someone would need to do some "breaking and entering" 
#  to get at your mail.  
#
#  Vince Cate
#  vac@cs.cmu.edu
#
#  cd /usr/vac/pgp


set TO = $1

cat > sendtmp.txt
pgp -fe $TO < sendtmp.txt | /usr/ucb/mail -s "encrypted mail" $TO

/bin/rm sendtmp.txt

exit 0



#!/bin/csh -f
#
#  pgp-receive
#
#  The idea is to have an email address like "vac+pgp" that causes
#  this script to be run which decrypts the mail and then sends it
#  to your normal address.  
#
#  This lets you receive encrypted mail on a Unix machine without
#  having to do anything extra.  It will work with any Unix machine
#  that supports .maildelivery files using any mail reader.  It
#  could even be used to forward mail to non-Unix machines if you
#  thought you were on a reasonably secure net.  The entry in the
#  .maildelivery file should be something like:
#
#  Addr vac+pgp          pipe ? /usr/vac/pgp/pgp-receive
#
#  This would be safe if your host machine were safe.  In any case,
#  someone has to do some "breaking and entering" to get your mail.
#  So this is much better than no encryption at all.
#
#  This file is ftp://furmint.nectar.cs.cmu.edu/security/pgp-receive
#     Vince Cate
#     vac@cs.cmu.edu
#
#  For me the pgp directory is protected, so is a good to be in
#  that directory both to drop the temporary file.
#  The setenve PGPPASSFD 1 tells PGP to get the passphrase from
#  the standard input.  To install this you need to edit the 3
#  places with a "vac".

setenv PGPPATH /usr/vac/pgp
setenv PGPPASSFD 1

cd $PGPPATH

cat > mailtmp.asc

egrep 'Date:|From:|Subject:|To:' mailtmp.asc >  mailtmp
echo " "                                     >> mailtmp

# This is less secure since some Unix ps commands can show other 
# user's environemnts.
#
# setenv PGPPASS "not really vacs passphrase"
# pgp -f < mailtmp.asc >> mailtmp

setenv PGPPASSFD 0
(echo "not really vacs passphrase" ; cat mailtmp.asc) | pgp -f >> mailtmp


/usr/ucb/mail -s "Was encrypted" vac < mailtmp

exit 0









Thread