Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:kssingvo:server
gpgaddon
gpg-2comp.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gpg-2comp.diff of Package gpgaddon
diff -uNr gpg-2comp/README gpg-2comp.SuSE/README --- gpg-2comp/README Wed May 24 22:59:52 2000 +++ gpg-2comp.SuSE/README Wed May 24 13:31:32 2000 @@ -12,7 +12,7 @@ This directory contains the following files: - README - this file + README.gpg-2comp - this file gpg-2comp - a perl wrapper program for the mutt mail user agent gpg-2comp-steps - a tutorial to encrypt and sign for PGP 2.6.x diff -uNr gpg-2comp/README.SuSE gpg-2comp.SuSE/README.SuSE --- gpg-2comp/README.SuSE Thu Jan 1 01:00:00 1970 +++ gpg-2comp.SuSE/README.SuSE Tue Oct 24 10:57:03 2000 @@ -0,0 +1,109 @@ +GPG-Addon Docu +============== + +the gpgpaddon package contains +(1) additional GnuPG modules which were left out from the standard + GnuPG package for certain reasons +(2) gpg-2comp wrapper to enable using GnuPG for creating and checking PGP2 + compatible messages + +(1) Modules +----------- + +Modules for GnuPG with licensing or security issues. +Useful for interaction with PGP2, see end of file. +Please read the following notes carefully! + +IDEA: + Patented by Ascom Systec Ltd. of CH-5506 Maegenwil. Only freely usable + for certain non-profit purpose: + This software product contains the IDEA algorithm as described and claimed in + US patent 5,214,703, EPO patent 0482154 (covering Austria, France, Germany, + Italy, the Netherlands, Spain, Sweden, Switzerland, and the UK), and Japanese + patent application 508119/1991, "Device for the conversion of a digital block + and use of same" (hereinafter referred to as "the algorithm"). Any use of + the algorithm for commercial purposes is thus subject to a license from Ascom + Systec Ltd. of CH-5506 Maegenwil (Switzerland), being the patentee and sole + owner of all rights, including the trademark IDEA. + +RIJNDAEL: + The winner of the NIST competition for a new free standard crypto algorithm + (as successor of DES). + Rijndael has been integrated into GnuPG-1.0.4 and is therefore not built + into this package any more. + +RSA: + ATTENTION: This code should not have been exported _to_ the United + States without a license agreement with PKP prior to Sept. 20, 2000, as it + was encumbered by U.S. patent #4,405,829. + The RSA support now went into GnuPG-1.0.3 and is therefore not in this + package any more. + +RSAREF: + This module is Copyright (c) 1999 Jason Gunthorpe <jgg@non-us.debian.org> + and is placed into the public domain, do with it what you will. It + comes with no warrenty express or implied. + RSAREF is limited in key size and in the coding of the encrypted data. + This module isn't terribly great as RSAREF has no concept of secure + memory so the secret key and the symmetric cipher are written to + insecure memory in several places in this code and within the RSAREF + lib. + NOT CURRENTLY BUILT. + +SKIPJACK: + GPL - but not recommended for use, as it's unclear whether it's safe. + +3DES: + An alternative 3DES implementation + Requires the openssl or Eric Young's ssleay library. + NOT CURRENTLY BUILT. + + +Authors: + Werner Koch <werner.koch@guug.de> + and others + + +(2) PGP2 interaction +-------------------- +If you are allowed to use IDEA, then there's good news for you: +With these modules, there's a painless migration path from PGP2 to GPG for +you. (PGP5 does not show any problems in this respect.) +I created a wrapper named gpg-compat and placed it into /usr/bin: +#!/bin/sh +exec gpg --load-extension idea --allow-non-selfsigned-uid $* + +However, this simple wrapper only allows to decrypt, check signatures and +encrypt for PGP2. It does not allow automatic encryption for PGP2 nor both +PGP2 encryption and signing. For this the gpg-2comp perl script from Gero +Treuner has been put into /usr/bin/gpg-2comp. Please read the docu +README.gpg-2comp. +You need to configure your gpg-2copm by creating a ~/.gpg-2comprc file. You +may use the sample file for this. + +The following works with both scripts ... + +Now import your PGP2 keys into your GPG keyring: +gpg-compat --import ~/.pgp/pubring.pgp +gpg-compat --import ~/.pgp/secring.pgp + +One caveat: A few keys may not be acceptable to gpg. +You may want to add signatures, e.g. sign your new GPG key with your old PGP2 +key and vice versa. This is possible: + +gpg-2comp --default-key 0x<PGP2KEYID> --edit-key 0x<GPGKEYID> +and vice versa. + +Tell your mutt-0.9xi ot mutt-1.0i to use gpg-2comp: +set pgp_gpg=gpg-2comp +For mutt-1.2i, you may use the gpg.rc distributed with mutt and enable the +gpg-2comp settings. More easily: use the gpg.rc you find here. +A hint: Don't unset pgp_strict_encoding with mutt-1.2i, even if braindead +MUAs fail to display quoted-printable (aka quoted-unreadable) and your +friends complain. + +But please tell your friends to also fully move to GPG and avoid patented +algorithms, even if you consider these patents to be bogus. You don't rule +the world, do you? + + Your SuSE team. diff -uNr gpg-2comp/README.Upgrade gpg-2comp.SuSE/README.Upgrade --- gpg-2comp/README.Upgrade Thu Jan 1 01:00:00 1970 +++ gpg-2comp.SuSE/README.Upgrade Wed May 24 13:20:09 2000 @@ -0,0 +1,10 @@ +Info for users of previous versions of gpgaddon +----------------------------------------------- + +The scripts have been renamed. The gpg-2comp script is now installed by that +name (was: gpg-compat) and the simple wrapper has the name gpg-compat (was: +gpg-compat.old), now. +Please re-read the instructions on how to set up your mutt config. +Sorry about this! + + Your SuSE team. diff -uNr gpg-2comp/gpg-2comp gpg-2comp.SuSE/gpg-2comp --- gpg-2comp/gpg-2comp Sat Oct 30 19:57:55 1999 +++ gpg-2comp.SuSE/gpg-2comp Wed May 24 23:43:34 2000 @@ -30,28 +30,41 @@ - create new temp file the way mutt does - isolate the PGP 2 routines - added --always-trust and --comment to encrypt+sign + 2000-05-24 Kurt Garloff <garloff@suse.de>: + - require user configuration as suggested in Gero's README + file + - disable --comment feature as it causes problems with + gpg-1.0.1e + - use gpg-compat (exec gpg --load-extension ....) instead + of gpg directly, so the needed modules are loaded #; # ------- User configuration # Let this point to your gpg binary -$gpg = '/usr/bin/gpg'; - -# Set to 1 if you want to sign with RSA as default -# (if you don't specify a key explicitly with "sign as" in Mutt's compose menu) -$use_pgp2 = 0; - -# Your RSA key ID -# (to take advantage of this script, you need an RSA key - see the README file) -#$rsa_default_key = '0x766CD151'; - -# Set to 0 if you don't want to encrypt all RSA mails to yourself, too -$rsa_encryptself = 1; +$gpg = '/usr/bin/gpg-compat'; # Comment for PGP 2 compatible encrypt+signing, which is not GnuPG-native # (may be helpful - unset this if you want GnuPG's original comment) $comment = 'Scripting by http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp'; +# READ config from ~/.gpg-2comprc +$config = $ENV{'HOME'} . '/.gpg-2comprc'; +unless (-f $config) +{ + print STDERR $0, <<'MSG'; + : Configuration file needed. + + To create it, copy the sample file + /usr/share/doc/packages/gpgaddon/gpg-2comprc.sample + to ~/.gpg-2comprc and edit it: + 1. insert the key ID of your RSA key + 2. ... +MSG + exit 1; +} +require $config; + # ------- Phase 1: Initialisation; do some checks sub exit_on_gpg_error @@ -218,7 +231,9 @@ { $crypt_keys .= " -r $rsa_default_key"; } - $args = $comment ? "--comment '$comment' " : ''; + # KG: For some reason, GnuPG does not like --comment + $args = ''; + #$args .= $comment ? "--comment '$comment' " : ''; $args .= "--no-verbose --batch -v --no-literal --encrypt --rfc1991 --cipher-algo idea --armor --no-encrypt-to --always-trust $crypt_keys -o - $signedtmp"; } diff -uNr gpg-2comp/gpg-2comprc.sample gpg-2comp.SuSE/gpg-2comprc.sample --- gpg-2comp/gpg-2comprc.sample Thu Jan 1 01:00:00 1970 +++ gpg-2comp.SuSE/gpg-2comprc.sample Wed May 24 13:15:43 2000 @@ -0,0 +1,21 @@ +# ------- gpg-2comp user configuration + +# Let this point to your gpg binary +#$gpg = '/usr/bin/gpg-compat'; + +# Set to 1 if you want to sign with RSA as default +# (if you don't specify a key explicitly with "sign as" in Mutt's compose menu) +$use_pgp2 = 0; + +# Your RSA key ID +# (to take advantage of this script, you need an RSA key - see the README file) +# YOU REALLY NEED TO SET THIS +$rsa_default_key = '0xFFFFFFFF'; + +# Set to 0 if you don't want to encrypt all RSA mails to yourself, too +$rsa_encryptself = 1; + +# Comment for PGP 2 compatible encrypt+signing, which is not GnuPG-native +# (may be helpful - unset this if you want GnuPG's original comment) +#$comment = 'Scripting by http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp'; + diff -uNr gpg-2comp/gpg.rc gpg-2comp.SuSE/gpg.rc --- gpg-2comp/gpg.rc Thu Jan 1 01:00:00 1970 +++ gpg-2comp.SuSE/gpg.rc Thu May 25 23:15:03 2000 @@ -0,0 +1,73 @@ +# -*-muttrc-*- +# +# Command formats for gpg. +# +# This version uses gpg-2comp from +# http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp.tar.gz +# +# $Id: gpg.rc,v 1.5 2000/03/03 16:52:41 roessler Exp $ +# +# %p The empty string when no passphrase is needed, +# the string "PGPPASSFD=0" if one is needed. +# +# This is mostly used in conditional % sequences. +# +# %f Most PGP commands operate on a single file or a file +# containing a message. %f expands to this file's name. +# +# %s When verifying signatures, there is another temporary file +# containing the detached signature. %s expands to this +# file's name. +# +# %a In "signing" contexts, this expands to the value of the +# configuration variable $pgp_sign_as. You probably need to +# use this within a conditional % sequence. +# +# %r In many contexts, mutt passes key IDs to pgp. %r expands to +# a list of key IDs. + +# decode application/pgp +set pgp_decode_command="gpg-compat %?p?--passphrase-fd 0? --no-verbose --batch -o - %f" + +# verify a pgp/mime signature +set pgp_verify_command="gpg-compat --no-verbose --batch -o - --verify %s %f" + +# decrypt a pgp/mime attachment +set pgp_decrypt_command="gpg-compat --passphrase-fd 0 --no-verbose --batch -o - %f" + +# create a pgp/mime signed attachment +# set pgp_sign_command="gpg-2comp --no-verbose --batch -o - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f" +set pgp_sign_command="gpg-2comp --no-verbose --batch -o - --passphrase-fd 0 --textmode --armor --detach-sign %?a?-u %a? %f" + +# create a application/pgp signed (old-style) message +# set pgp_clearsign_command="gpg-2comp --no-verbose --batch -o - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f" +set pgp_clearsign_command="gpg-2comp --no-verbose --batch -o - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f" + +# create a pgp/mime encrypted attachment +# set pgp_encrypt_only_command="pgpewrap gpg-2comp -v --batch -o - --encrypt --textmode --armor --always-trust -- -r %r -- %f" +set pgp_encrypt_only_command="pgpewrap gpg-2comp -v --batch -o - --encrypt --textmode --armor --always-trust -- -r %r -- %f" + +# create a pgp/mime encrypted and signed attachment +# set pgp_encrypt_sign_command="pgpewrap gpg-2comp --passphrase-fd 0 -v --batch -o - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" +set pgp_encrypt_sign_command="pgpewrap gpg-2comp --passphrase-fd 0 -v --batch -o - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" + +# import a key into the public key ring +set pgp_import_command="gpg-compat --no-verbose --import -v %f" + +# export a key from the public key ring +set pgp_export_command="gpg-compat --no-verbose --export --armor %r" + +# verify a key +set pgp_verify_key_command="gpg-compat --no-verbose --batch --fingerprint --check-sigs %r" + +# read in the public key ring +set pgp_list_pubring_command="gpg-compat --no-verbose --batch --with-colons --list-keys %r" + +# read in the secret key ring +set pgp_list_secring_command="gpg-compat --no-verbose --batch --with-colons --list-secret-keys %r" + +# receive key from keyserver: +#set pgp_getkeys_command="wrap.sh -g %r" +#set pgp_getkeys_command="gpg-compat --keyserver wwwkeys.eu.pgp.net --recv-keys '%r'" +# Unfortunatley it does not work, as mutt passes a mail address rather +# than a key ID; which GnuPG can not handle
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor