1994-07-03 - Privtool (“Privacy Tool”) Beta release

Header Data

From: Mark Grant <mark@unicorn.com>
To: cypherpunks@toad.com
Message Hash: e530cba028dfe4dfae473430a76877a790a42f940b10f3f4ddbc338606efe347
Message ID: <Pine.3.89.9407032135.A1196-0100000@unicorn.com>
Reply To: N/A
UTC Datetime: 1994-07-03 20:32:04 UTC
Raw Date: Sun, 3 Jul 94 13:32:04 PDT

Raw message

From: Mark Grant <mark@unicorn.com>
Date: Sun, 3 Jul 94 13:32:04 PDT
To: cypherpunks@toad.com
Subject: Privtool ("Privacy Tool") Beta release
Message-ID: <Pine.3.89.9407032135.A1196-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain



Hi, recently a few people have been asking about PGP-aware mail programs
for X-Windows, and I thought they might be interested in the one that I've
been hacking together over the last nine months. At the moment, the Beta
release is available from ftp.c2.org in /pub/privtool as
privtool-0.80.tar.Z, and I've attached the README.1ST file so that you can
check out the features and bugs before you download it. 

Currently the program requires the Xview toolkit to build, and has only
been compiled on SunOS 4.1 and Solaris 2.1. I don't think that there
should be any ITAR problems as there is no actual cryptography code in the
program (you need a copy of PGP and ideally a copy of PGP Tools to run
it), however as I'm not a lawyer and I'm in Europe anyway, if anyone in
Europe is willing to make it available on an FTP site, contact me and I
can upload it there. 

Also, if anyone wants to collaborate on a port to Xt, Motif, Windows etc,
or knows how to fix some of the Xview funnies, mail me at
mark@unicorn.com. I'm going to be off the net for most of the next two
weeks, so don't expect a fast response in the immediate future. 
 
                        Mark Grant
 
P.S. People wanting to integrate PGP with other programs might be
interested in the pgplib.c and support files in the Privtool source, which
give a high-level C interface to encrypt/decrypt/sign/verify messages,
either calling PGP Tools or (on Unix) forking off a copy of PGP and
examining the messages it prints out (though I haven't tested this with
2.6, only 2.3a). You're free (within the terms of the GPL) to use it in
your own applications if it's of use to you (it only took me a couple of
hours to add decryption/signature verification to Pine, for example). 

--- 
        Privtool Beta Release   @(#)README.1ST  1.9 6/31/94
        -----------------------------------------------------
 
Privtool ("Privacy Tool") is intended to be a PGP-aware replacement 
for the standard Sun Workstation mailtool program, with a similar 
user interface and automagick support for PGP-signing and 
PGP-encryption. Just to make things clear, I have written this 
program from scratch, it is *not* a modified mailtool (and I'd hope 
that the Sun program code is much cleaner than mine 8-) !). 
 
When the program starts up, it displays a list of messages in your 
mailbox, along with flags to indicate whether messages are signed 
or encrypted, and if they have had their signatures verified or 
have been decrypted.
 
When you double click on a message, it will be decrypted (requesting
your passphrase if neccesary), and/or will have the signature checked,
and the decrypted message will be displayed in the top part of the
display window, with signature information in the bottom part. The
mail header is not displayed, but can be read by pressing the 'Header'
button to display the header window. In addition, the program has
support for encrypted mailing list feeds, so that if the decrypted
message includes another standard-format message it will replace
the original message and be fed back into the display processing
chain.
 
When composing a message or replying to one, the compose window has
several check-boxes, including one for signature, and one for
encryption. If these are selected, then the message will be automatically
encrypted and/or signed (requesting your passphrase when neccesary) before
it is sent.

Being an Beta release, there are a number of bugs and nonfeatures :

Known Bugs :
 
        Message list scrollbar often set to stupid position when loading
        a mail file.
 
        When you save changes to the mail file, it throws away the
        signature verification and decrypted messages, so that the
        next time you view a message it has to be verified or decrypted
        again.
 
        'New mail' indicator in icon does not go away if you open the
        window and close it again without reading any messages.
 
Known Nonfeatures :
 
        Currently if you send encrypted mail to multiple recipients, all must
        have valid encrpytion keys otherwise you will have to send the
        message in plaintext. Also, the message will be sent encrypted to all
        users, not just the one who is receiving each copy.
 
        'Add Key' button is enabled and disabled as appropriate, but does
        not do anything ! A number of other buttons and menu items do
        not work either.
 
        Passphrase is stored in ASCII rather than MD5 form, making it
        easier for hackers to find if you're on a multi-user machine (of 
        course, you shouldn't be, but many of us are).
 
        Kill-by-subject does not work.
 
        Ignores Reply-To: lines, and could probably do with an improved
        mail-reading algorithm.
 
        Only one display window, and only one compose window.
 
        Message List window code needs rewrite.
 
        Code should be more modular to assist with ports to Xt, Motif, Mac,
        Windows, etc. 
 
        Not very well documented !
 
        Encrypted messages are saved to mail files in encrypted form. There
        is currently no option to save messages in decrypted form.
 
        No current support for remailers and pseudonyms (this will be added
        for the final release).
 
        Not very well tested on Solaris 2.x.
 
Privtool can be compiled to either use PGPTools, or to fork off a copy of
PGP whenever it is needed. There are also a number of different security
level options for the passphrase, varying from 'read it from PGPPASS and
keep it in memory' to 'request it every time and delete it as soon as
possible', via 'request it when neccesary and delete it if it's not used
for a while'.
 
See the README file for information on compiling the code, and the
user.doc file for user documentation (the little that currently 
exists). You should also ensure that you read the security concerns
section in user.doc before using the program.
 
                Mark Grant (mark@unicorn.com)
 
 






Thread