From: Mark Grant <mark@unicorn.com>
Date: Mon, 23 Dec 1996 03:44:48 -0800 (PST)
To: alt.security.pgp@news.news.demon.net
Subject: Privtool 0.87
Message-ID: <Pine.3.89.9612221336.A789-0100000@marui>
MIME-Version: 1.0
Content-Type: text/plain



I've finally released a new version of Privtool -- my PGP-aware X-windows
mailreader for Linux, SunOS, FreeBSD and Solaris. Version 0.86 is
available on utopia.hacktic.nl in the incoming directory (and possibly
elsewhere) and I'll be uploading 0.87 shortly. For more details and
screenshots see http://www.c2.org/~mark/privtool/privtool.html. 

	Mark

-----BEGIN PGP SIGNED MESSAGE-----


	Privtool Beta Release 0.87
	--------------------------

Privtool ("Privacy Tool") is intended to be a PGP-aware replacement 
for the standard Sun Workstation mailtool program, with a similar user 
interface and automagick support for PGP-signing and PGP-encryption. Just 
to make things clear, I have written this program from scratch, it is
*not* a modified mailtool (and I'd hope that the Sun program code
is much cleaner than mine 8-) !). 

When the program starts up, it displays a list of messages in your 
mailbox, along with flags to indicate whether messages are signed 
or encrypted, and if they have had their signatures verified or 
have been decrypted.

When you double click on a message, it will be decrypted (requesting
your passphrase if neccesary), and/or will have the signature checked,
and the decrypted message will be displayed in the top part of the
display window, with signature information in the bottom part. The
mail header is not displayed, but can be read by pressing the 'Header'
button to display the header window. In addition, the program has
support for encrypted mailing list feeds, and if the decrypted
message includes another standard-format message it will replace
the original message and be fed back into the display processing
chain.

When composing a message or replying to one, the compose window has
several check-boxes, including one for signature, and one for
encryption. If these are selected, then the message will be automatically
encrypted and/or signed (requesting your passphrase when neccesary) before
it is sent. You may also select a 'Remail' box, which will use the
Mixmaster anonymous remailer client program to send the message through
one or more remailers.

Being an Beta release, there are a number of bugs and unimplemented
features.

Known Bugs:

	None reported.

Unimplmented features:

	When you save changes to the mail file, it throws away the
	signature verification and decrypted messages, so that the
	next time you view a message it has to be verified or decrypted
	again.

	Currently if you send encrypted mail to multiple recipients, all must
	have valid encrpytion keys otherwise you will have to send the
	message decrypted. Also, the message will be sent encrypted to all
	users, not just the one who is receiving each copy.

	Code should be more modular to assist with ports to Xt, Motif
	(under way), Mac, Windows, etc. I may port it to C++ in the near 
	future.

	Not very well documented!

	Encrypted messages are saved to mail files in encrypted form. There
	is currently no option to save messages in decrypted form.

	No support for anonymous return addresses.

	Not very well tested on Solaris 2.x, or SunOS.

	No support for attachments (either Sun, uuencode or MIME).

Changes for 0.87:

	Added support for signature files.

	Solaris patches for 0.86 from Glenn Trigg -- as usual a few
	bugs crept in because I couldn't test it on all operating
	systems.

	Added Vincent Cojot's (coyote@step.polymtl.ca) new icons for
	Linux.

	Some versions of Unix are set up to have mail programs setgid mail, 
	and give write access to /usr/spool/mail only to mail and root. This
	caused hangs when saving changes. I've now incorporated changes
	which allow Linux to run privtool setgid mail, and these should
	work on FreeBSD.

	Fixed a number of compile-time warnings.

	Only display the compose window *after* it's been filled with
	data. This should prevent the time-consuming scrolling update
	which used to occur.

	Allow the user to specify the organization in their header.

Changes for 0.86:

	Optionally use /dev/audio to supplement the random number
	generation code.

	Anders Baekgaard fixed a few bugs that sneaked in at the last
	minute, updating the header window, parsing dates, compose
	window layout, and SEGV when tabbing between fields on the
	compose window.

	Gregory Margo (gmargo@newton.vip.best.com) provided multiple
	display windows.

	Tony Gialluca (tony@hgc.edu) made some of the compose window
	buttons work.

	Fixed some file descriptor leaks in pgplib.c.

	On Linux we now read the contents of a number of files under
	/proc, and use these as an additional source of random
	data (e.g. /proc/interrupts, /proc/meminfo).

	Added 'Reseed Random' menu option, which will reseed the
	random number generator at any time. If possible this will
	come from the audio device and/or the /proc files.

	Added FreeBSD patch from Stuart Arnold (sja@epo.e-mail.com).
	See README.FREEBSD for more information.

	No longer destroy compose windows when you select 'Done'!

	Graphical properties window added. I've lost the address of
	the person who did the original work, so if it was you then
	please contact me! This was expanded and incorporated into
	0.86 by Scott Cannon (rscott@silver.cal.sdl.usu.edu).

	Fixed memory corruption in pgplib.c.

	Limited support for secret keys on floppy disks.

	Allow users to specify their domain name and reply-to: header
	lines.

Privtool can be compiled to either use PGP Tools, or to fork off a copy of
PGP whenever it is needed. There are also a number of different security
level options for the passphrase, varying from 'read it from PGPPASS and
keep it in memory' to 'request it every time and delete it as soon as
possible', via 'request it when neccesary and delete it if it's not used
for a while'.

I've now patched PGP Tools for Linux. The code is available on
utopia.hacktic.nl as pgptools.linux.1.0.tar.gz.

See the README file for information on compiling the code, and the
user.doc file for user documentation (the little that currently 
exists). You should also ensure that you read the security concerns
section in user.doc before using the program.

		Mark Grant (mark@unicorn.com)



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMr0+o1VvaTo9kEQVAQEfiQf6A1ZKDVijf/65NXDTVvsMw9G3nmjqNK4F
mrIJiyoWr3KX66SbC6nSfWKtpjjZFi2R0633BGNA2kVqCpyk5F5UXTZMAXYzVhP6
f9drmWOsThdh07vpVuK2W96W/cpPh3m+Jhzp2pDpUWN0MNgX6ZmNsJzoSng8DmK9
YTERh93ZQ7rrBM6mMsz6ASEzpcu5grH0teAQdbvWHYEguwDn2K2hn1oTcuVXw74C
UFDmx5I86Flfk0nfahldefHO5aSI4fSe+bs7vrZdIRVK60YSxw1dIFYv89bGJAQZ
AfZxchmbMVtTBgI4/B1Lziqr/EJ1QI9+FH+LA7XQSmSWm0QFi5Rz9A==
=6g9Z
-----END PGP SIGNATURE-----


"[Hollywood's] way is so slow and expensive that you'll find yourself
 falling asleep on the set and forgetting to say 'action'."
	- Robert Rodriguez, 'The Ten Minute Film School'

|-----------------------------------------------------------------------|
|Mark Grant M.A., U.L.C.	  	       EMAIL: mark@unicorn.com  |
|WWW: http://www.c2.org/~mark	  	       MAILBOT: bot@unicorn.com	|
|-----------------------------------------------------------------------|