1995-02-10 - Re: why pgp sucks

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 4b594fd8e6a8c1f839b132a9959241b423986b6908427810a6d4ea93922afbf5
Message ID: <199502102027.MAA20904@jobe.shell.portal.com>
Reply To: <9502101849.AA21833@xcf.Berkeley.EDU>
UTC Datetime: 1995-02-10 20:27:59 UTC
Raw Date: Fri, 10 Feb 95 12:27:59 PST

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Fri, 10 Feb 95 12:27:59 PST
To: cypherpunks@toad.com
Subject: Re: why pgp sucks
In-Reply-To: <9502101849.AA21833@xcf.Berkeley.EDU>
Message-ID: <199502102027.MAA20904@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Eric Hollander <hh@xcf.Berkeley.EDU> writes:

>if i use a command like

>	pgp filename

>it will automatically figure out the right thing to do with the file.  if
>it's encrypted, and i have the key, it will attempt to decrypt it.  if it
>contains keys, it will ask if i want to add them to my keyring.  if it's
>signed, it checks the signature.

>this sucks!

>if i'm trying to write a program to automatically process incoming mail (for
>instance, to see if it's encrypted with a specific key), i certainly don't
>want to have the possibility of people being able to add garbage to my
>keyring just by mailing it to me.

In my remailer, I use: pgp -f < infile > outfile.  This won't add keys.
If you capture standard error you can parse it (grep is probably good
enough) to see whether the message was signed, encrypted, had a bad
signature, had keys, etc.

Hal





Thread