Defcon1-Header
Tool-BarfreeBSD ArticlesSearch Our SiteHOMEfreeBSD LinksContribute to FreeBSD HelpFreeBSD FilesFreeBSD Script Corner

How to use PGP / GPG with console mail clients

Part 1           PGP / GPG with PINE
Félix-Antoine Paradis   

1. Introduction

  First of all, PGP or GPG are two different encryption/signing
utilities. PGP is made by Pretty Good Privacy and GPG is made
by GNU. These software are used to encrypt and sign documents and
e-mails, and can be used to many other tasks. We will talk here
about setting up PGP/GPG and PINE to work together. We assume
that you know how to setup PINE, PGP and GPG. We will use also
PGP4PINE, which is a program that will be use as interim between
encryption programs and mail clients.

2. PGP / GPG

  With PGP / GPG, you just need a KeyID that you can use to sign
and/or encrypt your e-mails.

3. PGP4PINE

  The name, pgp4pine, stand as an interim program between PGP
and PINE. But, it also supports GPG. First of all, you need to
install the port.

  machine# cd /usr/ports/mail/pgp4pine && make all install clean

  (NOTE: when this article has been written, there was a problem
     with this port at FreeBSD. I sent a problem report, but
     I will give you the "simple" fix. You must be in
     /usr/ports/mail/pgp4pine and have it extracted)

     machine# mv work/pgp4pine-1.76/stamp-h \
           work/pgp4pine-1.76/stamp-h.in

  Once it's installed, we need to create a .pgp4pinerc.

  machine$ cp /usr/local/share/doc/pgp4pine/pgp4pinerc.example \
      ~/.pgp4pinerc

  I will let you configure the "Global Stuff" section because it
is some easy things. The most important thing for us is the
"Profile Stuff" section because it will tell PGP4PINE what kind
of encryption program we use (and which version, for PGP.)

* profile_list
  Syntax:  profile_list=name:name
  Examples: profile_list=gpg
       profile_list=pgp6
       profile_list=pgp2:gpg:pgp5:pgp6
* profile_????
  Syntaxes: profile_pgp5_version=5
       profile_pgp2_version=2
       profile_gpg_version=1
       profile_pgp6_version=6

For the next part, I will take pgp6 as an example. Just replace the
"pgp6" for the one you use.

e.g: profile_pgp6_tmpfile -> profile_gpg_tmpfile

* profile_pgp6_tmpfile (default: ~/pgp4pine.tmp)
  Syntax: profile_pgp6_tmpfile=/path/to/a/tempfile
  Example: profile_pgp6_tmpfile=/home/reel/pgp4pinetmp
* profile_pgp6_autosign (default: 0)
  Syntax: profile_pgp6_autosign=[-1=never;0=no;1=yes]
  Example: profile_pgp6_autosign=1
* profile_pgp6_autoencrypt (default: 0)
  Syntax: profile_pgp6_autoencrypt=[-1=never;0=no;1=yes]
  Example: profile_pgp6_autoencrypt=1
* profile_pgp6_encrypt_to_self (default: 1)
  Syntax: profile_pgp6_encrypt_to_self=[-1=never;0=no;1=yes]
  Example: profile_pgp6_encrypt_to_self=0
* profile_pgp6_my_address
  Syntax: profile_pgp6_my_address=[e-mail|keyid]
  Example: profile_pgp6_my_address=reel@sympatico.ca
      profile_pgp6_my_address=0x9293016
* profile_pgp6_ascii_armor (default: 1)
  Syntax: profile_pgp6_ascii_armor=[-1=never;0=no;1=yes]
  Example: profile_pgp6_ascii_armor=0
* profile_pgp6_universal_text (default: 1)
  Syntax: profile_pgp6_universal_text=[-1=never;0=no;1=yes]
  Example: profile_pgp6_universal_text=1

  These are to specify where the binaries are.

  profile_pgp2_pgp2bin=pgp
  profile_pgp6_pgp6bin=pgp
  profile_gpg_gpgbin=gpg

  I encourage you to keep the defaults. Now, we go with the
final step: adding filters lines to the PINE configuration. We
can do it in two ways.

  First, by editing your ~/.pinerc and adding (or changing) the
lines starting by "display-filters" and "sending-filters" to:

  display-filters=_BEGINNING("-----BEGIN PGP")_ \
      /usr/local/bin/pgp4pine -d -i _TMPFILE_
  sending-filters=/usr/local/bin/pgp4pine -e -i _TMPFILE_ \
      -r _RECIPIENTS_

  This will auto-verify incoming mail for presence of signatures
or encrypted message. The second one will ask you if you want to
encrypt or sign any outgoing messages (depending on the settings
you put in your .pgp4pinerc.)

  The second way is to enter PINE, go in the configuration and
change (near the bottom) display-filters to this line:

_BEGINNING("-----BEGIN PGP")_ /usr/local/bin/pgp4pine -d -i _TMPFILE_

  And sending-filters to:

/usr/local/bin/pgp4pine -e -i _TMPFILE_ -r _RECIPIENTS_

  If you want PINE to offer pgp4pine for sending mail by default,
go to Setup -> Configuration, and turn on
"compose-send-offers-first-filter". Otherwise, you have to use
Ctrl-N / Ctrl-P to access the filter.

  Now you are ready to use PINE to encrypt and sign your emails,
and decrypt/verify the incoming ones.

  Next week, MUTT will be the one being worked on. :>

** This article can't be duplicated without permission from **
** Félix-Antoine Paradis or the Idemnia Networks.   2001 **

© 1997 - 20013 Defcon1, www.defcon1.org , Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission of www.defcon1.org and the content's original author.

Defcon1-Header2
Tool-Bar-2Defcon1  Webmail