How to use PGP / GPG with console mail clients
Part 1 PGP / GPG with PINE Félix-Antoine Paradis
1. Introduction
First of all, PGP or GPG are two different encryption/signing utilities. PGP is made by Pretty Good Privacy and GPG is made by GNU. These software are used to encrypt and sign documents and e-mails, and can be used to many other tasks. We will talk here about setting up PGP/GPG and PINE to work together. We assume that you know how to setup PINE, PGP and GPG. We will use also PGP4PINE, which is a program that will be use as interim between encryption programs and mail clients.
2. PGP / GPG
With PGP / GPG, you just need a KeyID that you can use to sign and/or encrypt your e-mails.
3. PGP4PINE
The name, pgp4pine, stand as an interim program between PGP and PINE. But, it also supports GPG. First of all, you need to install the port.
machine# cd /usr/ports/mail/pgp4pine && make all install clean
(NOTE: when this article has been written, there was a problem with this port at FreeBSD. I sent a problem report, but I will give you the "simple" fix. You must be in /usr/ports/mail/pgp4pine and have it extracted)
machine# mv work/pgp4pine-1.76/stamp-h \ work/pgp4pine-1.76/stamp-h.in
Once it's installed, we need to create a .pgp4pinerc.
machine$ cp /usr/local/share/doc/pgp4pine/pgp4pinerc.example \ ~/.pgp4pinerc
I will let you configure the "Global Stuff" section because it is some easy things. The most important thing for us is the "Profile Stuff" section because it will tell PGP4PINE what kind of encryption program we use (and which version, for PGP.)
* profile_list Syntax: profile_list=name:name Examples: profile_list=gpg profile_list=pgp6 profile_list=pgp2:gpg:pgp5:pgp6 * profile_???? Syntaxes: profile_pgp5_version=5 profile_pgp2_version=2 profile_gpg_version=1 profile_pgp6_version=6
For the next part, I will take pgp6 as an example. Just replace the "pgp6" for the one you use.
e.g: profile_pgp6_tmpfile -> profile_gpg_tmpfile
* profile_pgp6_tmpfile (default: ~/pgp4pine.tmp) Syntax: profile_pgp6_tmpfile=/path/to/a/tempfile Example: profile_pgp6_tmpfile=/home/reel/pgp4pinetmp * profile_pgp6_autosign (default: 0) Syntax: profile_pgp6_autosign=[-1=never;0=no;1=yes] Example: profile_pgp6_autosign=1 * profile_pgp6_autoencrypt (default: 0) Syntax: profile_pgp6_autoencrypt=[-1=never;0=no;1=yes] Example: profile_pgp6_autoencrypt=1 * profile_pgp6_encrypt_to_self (default: 1) Syntax: profile_pgp6_encrypt_to_self=[-1=never;0=no;1=yes] Example: profile_pgp6_encrypt_to_self=0 * profile_pgp6_my_address Syntax: profile_pgp6_my_address=[e-mail|keyid] Example: profile_pgp6_my_address=reel@sympatico.ca profile_pgp6_my_address=0x9293016 * profile_pgp6_ascii_armor (default: 1) Syntax: profile_pgp6_ascii_armor=[-1=never;0=no;1=yes] Example: profile_pgp6_ascii_armor=0 * profile_pgp6_universal_text (default: 1) Syntax: profile_pgp6_universal_text=[-1=never;0=no;1=yes] Example: profile_pgp6_universal_text=1
These are to specify where the binaries are.
profile_pgp2_pgp2bin=pgp profile_pgp6_pgp6bin=pgp profile_gpg_gpgbin=gpg
I encourage you to keep the defaults. Now, we go with the final step: adding filters lines to the PINE configuration. We can do it in two ways.
First, by editing your ~/.pinerc and adding (or changing) the lines starting by "display-filters" and "sending-filters" to:
display-filters=_BEGINNING("-----BEGIN PGP")_ \ /usr/local/bin/pgp4pine -d -i _TMPFILE_ sending-filters=/usr/local/bin/pgp4pine -e -i _TMPFILE_ \ -r _RECIPIENTS_
This will auto-verify incoming mail for presence of signatures or encrypted message. The second one will ask you if you want to encrypt or sign any outgoing messages (depending on the settings you put in your .pgp4pinerc.)
The second way is to enter PINE, go in the configuration and change (near the bottom) display-filters to this line:
_BEGINNING("-----BEGIN PGP")_ /usr/local/bin/pgp4pine -d -i _TMPFILE_
And sending-filters to:
/usr/local/bin/pgp4pine -e -i _TMPFILE_ -r _RECIPIENTS_
If you want PINE to offer pgp4pine for sending mail by default, go to Setup -> Configuration, and turn on "compose-send-offers-first-filter". Otherwise, you have to use Ctrl-N / Ctrl-P to access the filter.
Now you are ready to use PINE to encrypt and sign your emails, and decrypt/verify the incoming ones.
Next week, MUTT will be the one being worked on. :>
** This article can't be duplicated without permission from ** ** Félix-Antoine Paradis or the Idemnia Networks. 2001 **
|