pax_global_header00006660000000000000000000000064113461710750014517gustar00rootroot0000000000000052 comment=95987734864d8bec83ded0546c70d9a0fdfa2ec4 mailcrypt-3.5.9/000077500000000000000000000000001134617107500135415ustar00rootroot00000000000000mailcrypt-3.5.9/.cvsignore000066400000000000000000000003351134617107500155420ustar00rootroot00000000000000Makefile config.cache config.log config.status mailcrypt.info* configure mailcrypt.aux mailcrypt.cp mailcrypt.cps mailcrypt.dvi mailcrypt.fn mailcrypt.ky mailcrypt.log mailcrypt.pg mailcrypt.toc mailcrypt.tp mailcrypt.vr mailcrypt-3.5.9/ANNOUNCE000066400000000000000000000052571134617107500147030ustar00rootroot00000000000000 Mailcrypt 3.5.9 is Available for Download 1. Introduction Mailcrypt is an Emacs Lisp package which provides a simple interface to message encryption with PGP (you do use Emacs to handle your mail and news, right?). The current version of Mailcrypt handles PGP 2.6.x, PGP 5.x, and GnuPG 1.x . 2. Features 2.1. New in Release 3.5.8 This is mainly a bugfix release. Anonymous remailer support was updated to match modern remailers, and the GPG passphrase code was changed to cache by keyid instead of name, which will help folks who use multiple keys with the same name but different passphrases. 2.1.1 New in Release 3.5.9 This is mainly a maintenance release. Support for GNU Emacs 23. Misc updates and bug fixes. Improvements in remailer support. Support for PGP 6.5. Support for the Wanderlust MUA mode. 2.2. Stable Features for PGP 5.0 and GnuPG Support for GnuPG. Key fetching/snarfing functionality for PGP 5.0. Messages from PGP 5.0 operations now resemble more closely the messages generated for version 2.6. Encryption works correctly, even when the secret keyring is not available (a requested feature for paranoid types ;-). Mixmaster and Cypherpunk remailers can be used in PGP 5.0 mode, if the user has an RSA key. Further updated documentation for support under various mail packages. 2.3. Features for PGP 2.6.x (stable) Encryption, decryption, signing, adding keys, extracting keys, passphrase caching with timeout, multiple secret key (identity) support, a simple but flexible interface to Cypherpunk remailers (including chaining, response blocks, pseudonyms, and Mixmaster support), and an automatic keyserver interface via HTTP. 2.4. Still To Do o Fix signing of foreign-language emails under GNUS/Mule. Currently, foreign characters are preceded by a '\207' byte, which is present at signing, but stripped when messages are sent. o Get Mailcrypt to work with PGP 5.0 on NT. o Test Mailcrypt against PGP 6.5. o Refine Mailcrypt schemes so that alternate backends, like Crypt++, can be used. o Expand self-test framework. 3. Downloading Mailcrypt The Official Mailcrypt version 3.5.9 can be downloaded at: Since receiving the blessing of the original authors, this is now the official Mailcrypt site. Of course, Mailcrypt 3.4 can still be downloaded at the (just as official) Mailcrypt sites: and Share and Enjoy! - Brian Warner - Len Budney - Barak A. Pearlmutter (for 3.5.9) mailcrypt-3.5.9/COPYING000066400000000000000000000431101134617107500145730ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. mailcrypt-3.5.9/ChangeLog000066400000000000000000001261011134617107500153140ustar00rootroot000000000000002010-02-22 Jari Aalto * mc-toplev.el (mc-rmail-decrypt-message): preserve `rmail-buffer' during call to `rmail-cease-edit' with let-statement. Patch thanks to Barak A. Pearlmutter" . http://github.com/barak/mailcrypt/commit/d2c046cd100dbdfd427e0f31eec1fd39fc5a0da6 2010-02-13 Jari Aalto * all files: clean up EOL whitespaces. * mc-toplev.el, mc-remail.el, mc-pgp.el, mc-pgp5.el, mc-pgp6.el, mailcrypt.el: Add ###autoload statements. Closes bug https://sourceforge.net/tracker/?func=detail&aid=1080283&group_id=397&atid=100397 * mc-toplev.el: remove EOL whitespace and adjust few ending parens (lisp style) 2007-03-01 Jari Aalto * mailcrypt.texi (Remailer Quick Start): Removed non-existing URLs: noisebox.remailer.org, mixmaster.shinn.net, anon.efga.org. Added new instructions where to get the rmailer list (rlist). Added instructions how to import remailer keys to separate gpg pubring and how to configure gpg to use it. Removed non-existing www.obscura.com and pointed URL to correct Mixmaster FAQ location. (Remailer Tips): Removed non-exiting URLs www.chez.com and anon.efga.org. Rmeoved `@c' commaent lines that explained how to use separate gpgp keyrings. The instructions were added above. (Online Resources): Added notes to links that no longer exist. Removed non-exiting links: web.mit.edu. Updated links: rtfm.mit.edu/pub/usenet/alt.security.pgp/ => www.faqs.org. Updated homepages: Patrick J. LoPresti, Brian LaMacchia, Lance Cottrell, Raph Levien Updated links to "Communications Decency Act" etc. 2004-11-08 Brian Warner * mc-pgp.el (mc-scheme-pgp): fix typo.. how did this last so long? Patch from Jari Aalto via Kevin Bube. 2003-30-11 Kevin Bube * mailcrypt.texi: updated description for GPG keyfetching with the new features. 2003-11-06 Kevin Bube * mc-gpg.el: added a function for fetching keys by making use of the gpg --recv-key feature. Also ported a function from mc-pgp.el to mc-gpg.el to import keys by the finger protocol. * Updated other files so that (mc-gpg-fetch-key) is used if (mc-scheme-gpg) is used. 2003-07-25 Brian Warner * mc-toplev.el (mc-gnus-decrypt-message): use gnus-article-edit-done to replace the decrypted message, as it updates some of the headers. patch from Ivan Boldyrev, SF#646005. * NEWS: summarize recent changes * mc-gpg.el (mc-gpg-process-region): Set the gpg-stdout buffer (which receives data from mailcrypt) to multibyte mode. This should fix the "inserts \201 characters before non-ascii" bug [SF#496157, SF#501891], and possibly others. * tests/test-gpg.el (run-all-tests): Run tests twice, once with standard-display-european turned on. This triggers the long-standing "clearsigning inserts \201 characters" bug. Also display mismatching plaintext a bit better. 2003-07-16 Brian Warner * tests/make_gpg_testcases.py (Latin1_CS_Case.make_plaintext): clearsigned messages must always end with a newline. gpg will add one if necessary. This caused the test case to fail. * tests/gpg-testcases/CS.latin1.s1v: added newline to plaintext 2003-07-15 Brian Warner * tests/remailer/fakemix.sh: oops, add script used by unit tests 2003-07-14 Brian Warner * tests/remailer/Makefile.in, tests/remailer/test-remailer3.el: unit tests for new remailer code * mc-remail2.el (mc-mixminion-ask): hook to make tests simpler * mailcrypt.texi (Types of Remailers): Document remailer-schemes, how to use new mixmaster/mixminion clients. (Credits): Note Len and Brian's contributions, add SourceForge pointer. * mc-toplev.el (mc-remail): Add remailer-schemes * mc-remail.el (mc-remailer-scheme-type1): change old remailer code to support remailer-schemes. (mc-remailer-encrypt-for-chain): now verbose mode (pause between encryption layers) is achieved with 'C-uC-u' (two prefix args instead of just one) * mailcrypt.el (mc-default-remailer-scheme): new remailer support. Changed [C-c / r] to invoke 'mc-remail', which is then mapped into a remailer-scheme-specific function * mc-remail2.el: added support for mixminion and new mixmaster clients * mc-setversion.el: remove mc-default-scheme, as it is defined in mailcrypt.el * mailcrypt.el (mc-schemes): Add "pgp65" to the schemes list, so mc-setversion can tab-complete on it. (mc-version): bump version to "3.5.8+" while we're in between releases, to avoid confusion with the real "3.5.8" release. 2003-06-13 Brian Warner * mc-pgp6.el: actually add the file. How embarrassing. Thanks to "nega" for the catch. 2003-05-23 Brian Warner * Makefile.in: remove 'bindir' now that helper scripts are long-gone * Makefile.in (SOURCES): add mc-pgp6.el * mc-toplev.el (mc-scheme-pgp65): Add mc-pgp6 autoload * mc-setversion.el (mc-setversion): add "6.5" setting * mc-pgp6.el: PGP 6.5 support, contributed by Derek Atkins 2003-05-20 Brian Warner * mailcrypt.texi (Signing): Move documentation of mc-pgp-user-id variables to the 'Signing a Message' section. Explain use of hex keyids to deal with multiple identically-named keys. 2003-05-19 Brian Warner * mailcrypt.el (mc-modes-alist): Add support for the Wanderlust mail mode. Thanks to Fumitoshi UKAI for the patch. 2002-12-01 Brian Warner * tests/remailer/gtkwatcher.glade * tests/remailer/gtkwatcher.py (WatcherGUI.do_dst_popup): tweak popups to pick the right message 2002-11-30 Brian Warner * tests/remailer/gtkwatcher.glade * tests/remailer/gtkwatcher.py: add popup menus for message actions (WatcherGUI.do_update): show send time in local timezone, not GMT add send time to Received Messages popup * tests/remailer/watcher.py: add ability to flush old messages, abandon them, query for age of outstanding ones. Make all msgids integers. Fix use of default NNTP port. (NewsWatcher.poll): Handle missing messages (Watcher.txtime): code to get send time of a message 2002-11-29 Brian Warner * tests/gpg-testcases/E.latin1.e1r * tests/gpg-testcases/CS.latin1.s1v * tests/gpg-testcases/E.e1re3re4r * tests/make_gpg_testcases.py (Latin1_CS_Case, Latin1_E_Case, EE_Case): add some new test cases * tests/remailer/gtkwatcher.glade * tests/remailer/gtkwatcher.gladep: rewrite using glade-2 * tests/remailer/gtkwatcher.py (WatcherGUI, GtkWatcher) * tests/remailer/watcher.py (Watcher): rewrite: now uses gtk2, Maildir class, DNotify if available (or 10-second poll if not). * tests/remailer/maildir.py * tests/remailer/maildirgtk.py * tests/remailer/maildirtwisted.py: classes to watch Maildirs using various event loops. * tests/remailer/dnotify.py: python interface to linux 2.4.x DNotify facility, to get a signal when a directory changes 2002-09-26 Brian Warner * tests/remailer/watcher.py (NewsWatcher): added code to poll an NNTP server, to test Anon-Post-To: remailer usage. 2002-09-26 Brian Warner * mailcrypt.texi (Remailer Quick Start): Emphasize that you can only rewrite for one remailer/chain at a time (the prompt accepts a single word, not a comma-separated-list), but point to the section on building up chains of remailers for reference. Closes SF#579442 * mailcrypt: Release mailcrypt 3.5.8 * mailcrypt.texi (VERSION): bumped to 3.5.8 * mailcrypt.el (mc-version): bumped to 3.5.8 * ANNOUNCE: update for 3.5.8 * NEWS: final updates for 3.5.8 2002-09-24 Brian Warner * tests/remailer/Makefile.in (have-py-gnupg.stamp): check for GnuPGInterface before attempting to run tests * NEWS: mention remailer test framework * configure.in (AC_OUTPUT): build tests/remailer/Makefile too * Makefile.in (dist,DISTFILES): distribute remailer test files too * tests/Makefile.in (check-remailer): add target, 'make check' now runs remailer test too (requires python and py-gnupg). * tests/remailer/Makefile.in: shuffle directories. Now keys are unpacked from ./rings.txt into new remailer-keys/, ./rlist.txt is used for the remailer list. No scripts to generate the keys, just to unpack them. * tests/remailer/test-remailer.el (mc-test-encrypt-remailer): move keys to ./remailer-keys, rlist to ./rlist.txt . Put unwind.py errors in mc-errbuf. * tests/remailer/unwind.py: move keys to ./remailer-keys, don't hide stderr * tests/test-gpg.el (mc-test-encrypt): force GPG encryption, apparently I wasn't really doing that before * tests/remailer/unwind.py (test_chain): The program that validates encrypt-for-remailer output. Exits with rc==0 for success, exception for error. * tests/remailer/test-remailer.el: code for automated test of mc-rewrite-for-chain. Creates message, encrypts for a remailer chain (using dummy keys contained in remkeys/), then pipes through unwind.py which decrypts the layers and validates recipients at each level, finally checking the ultimate recipient, plaintext, and headers. * Makefile.in (GPG_TESTCASES): add SE case to the distribution * NEWS: begin to write up changes for next release * README.dev: explain regenerating keys/testcases a bit more * tests/gpg-testcases/*: regenerate test cases, with the encryption_id fix. Cases happen to be regenerated on a machine with GnuPG-1.2.0 installed. * tests/make_gpg_testcases.py (main): don't complain if the testcase directory already exists. Makes it easier to update the testcases in place. * tests/test-gpg.el (run-all-tests): add SE case (symmetric encryption) now that a test case is created for it. * tests/make_gpg_testcases.py (TestCase): factor out common code, use subclasses for encrypt vs. sign+encrypt vs. sign etc. (TestCase.encrypted_fields): put keyid in 'encryption_id' field instead of name, to match change in mc-gpg.el * mc-gpg.el (mc-gpg-always-fetch): Add missing defvar. Fixes free-variable warning during byte-compiling. Default value is 'never, unlike pgp2 and pgp5, because mc-gpg-fetch-key is unimplemented. (mc-gpg-decrypt-region,mc-gpg-sign-region): Use keyid as index for mc-activate-passwd, not key name. Thanks to Alexander Zangerl for the catch. This is especially helpful for folks who use multiple keys with the same name but with different passphrases: the wrong cached passphrase would be used for the second key. * tests/test-gpg.el: clear mc-gpg-always-fetch to prevent keyfetching. Some of the test cases use intentionally-unavailable keys to verify error cases; don't ask the user about trying to fetch the missing ones. Also reformat debug output a bit. 2002-07-30 Brian Warner * tests/remailer/gtkwatcher.py: display message when row is selected, some cosmetic improvements * tests/remailer/gtkwatcher.glade: add message-viewing panel, menu bar * tests/remailer/watcher.py (DirWatcher.poll): ignore messages without the special message-id header * mc-remail.el (mc-remailer-preserved-headers, mc-rewrite-for-remailer): Merge handling of Subject: header in with other preserved headers instead of handling it specially. This should get Subject: put into the ## section instead of the :: section, so most remailers should copy it into the final message, allowing you to specify the subject of the final plaintext email once more. Thanks to an anonymous sourceforge bug submitter for the suggestion. (mc-generic-pre-encrypt-function): Use Anon-To: instead of Request-Remailing-To:, as the docs for modern remailers (defined as MixMaster-2.9b33) prefers that command, even though they'll still accept the old one. Remove the 'eric' remailer case (which used Anon-Send-To:), because they've all gone away. Note: I might have broken mixmaster 'Subject:' line support with this change. It will be a few days before I can put together a test setup to make sure I didn't. 2002-07-29 Brian Warner * mailcrypt.texi (Remailer Quick Start): Update finger addresses for remailer lists again, since frog's list seems to keep moving around. Point at shinn, also mention noisebox and efga. * tests/remailer/gtkwatcher.py, gtkwatcher.glade: more test tools. This is a little gtk/python app to watch some Maildir-style directories for messages. The idea is to send messages through a remailer chain back into one of these directories. This app keeps track of which messages are still outstanding. * tests/remailer/test-remailer2.el: functions to speed up testing remailer code. Adds 'C-c / t' annotate command to mc-write-mode when loaded, which appends a parseable sequence number to the message and stuffs a plaintext copy into the directory watched by gtkwatcher.py 2002-07-26 Brian Warner * tests/remailer/watcher.py: tool to help with remailer testing 2002-07-25 Brian Warner * Makefile.in (DISTFILES): Add COPYING, a copy of the GPL. Can't believe we were missing that. Oops. 2002-07-23 Brian Warner * mailcrypt.texi (Remailer Quick Start): Suggest rlist@mixmaster.shinn.net too, point to mc-levien-file-name docstring for details of the file format. Thanks to Jari Aalto for the suggestion. * mc-remail.el (mc-levien-file-name): Update docstring to suggest 'filter rlist@noisebox.remailer.org' to get the list, rather than the defunct publius.net site. Suggest rlist@mixmaster.shinn.net too. * mailcrypt.el (mc-temp-directory): Use (temp-directory), temporary-file-directory, or "/tmp/", as available. Fixes error when used from XEmacs21. Thanks to Peter Galbraith for the catch and the patch. 2002-07-08 Brian Warner * mailcrypt: Release mailcrypt 3.5.7 2002-07-07 Brian Warner * ANNOUNCE: update for 3.5.7 * NEWS: finalized 3.5.7 change section * mailcrypt.el (mc-version): bumped to 3.5.7 * mailcrypt.texi (VERSION): bumped to 3.5.7 * README.dev: Add my checklist for making a release. 2002-06-12 Brian Warner * NEWS: summarize changes since 3.5.6 * mc-toplev.el (mc-mew-decrypt-message): remove unnecessary progn (mc-mh-decrypt-message): Switch read-only off briefly when decrypting mh-e buffers. Thanks to Peter Galbraith for the patch. * mailcrypt.el (mc-modes-alist): add mew-summary-mode functions * mc-toplev.el (mc-mew-decrypt-message): Add functions to decrypt in Mew message buffers. No replace-with-decrypted functions yet, this is just a hack which flips the read-only flag off while the message is being processed. As a result the decrypted text simply vanishes when you switch to a different message. (mc-mew-summary-decrypt-message) (mc-mew-summary-verify-signature) (mc-mew-summary-snarf-keys): functions to use in mew-summary-mode, which know how to switch to the right message buffer before doing anything on the actual message. (eval-when-compile): add some mew autoloads to shush compile warnings 2002-06-11 Brian Warner * mc-toplev.el: start planning Mew functions 2002-06-10 Brian Warner * mailcrypt.el (mc-version): bump to "3.5.6+" while we're in-between releases. If you distribute such intermediate versions, make sure they're clearly labeled as coming out of CVS. (mc-modes-alist): add case for mew-draft-mode, behaves just like message-mode. * mailcrypt.texi (Hooking into Mew): added blurb about how to glue into Mew, and why you might not want to. * tests/*: Added the start of a unit test framework. Currently only tests GPG decryption. See README.dev for more details. * mailcrypt.el (mc-message-sigstatus): Added function to emit status messages, is redefined by the test harness to compare output status against expected values. * mc-gpg.el: Use mc-message-sigstatus instead of raw message(). * README.dev: added notes on how to build from CVS, how to create test cases. 2001-11-21 Brian Warner * mailcrypt.el (mc-temp-directory): use temporary-file-directory instead of hardwired "/tmp". Might help NT. Thanks to Jason Rumney and RMS for the fix. 2001-11-19 Brian Warner * mailcrypt.texi: add @dircategory "Emacs" section entry. Only really useful for texinfo's 'install-info'. * Makefile.in (install-info): Attempt portability between texinfo's 'install-info' and debian's, by removing everything except --info-dir from the invocation of install-info, and embedding the menu entry text inside the .info file. Thanks to Kai Grossjohann for the patch. (mailcrypt.ps): use 'dvips -f' to generate the .ps file * mailcrypt.texi: embed menu entry text with @direntry section. 2001-11-05 Brian Warner * ChangeLog.1, Makefile.in: revived the real old ChangeLog as ChangeLog.1 . Patrick's original changelog text was in ChangeLog.old v1.1 and disappeared because of a merge problem. Used .1 instead of .old to make life with CVS easier, at the request of the debian maintainer Davide Salvetti. * ChangeLog, ChangeLog.old: merged ChangeLogs, removed .old, which wasn't really old and overlapped the real one. * mailcrypt.texi (Key Fetching): Add reminder about GnuPG's internal keyserver support. Thanks to Dan Girellini. 2001-10-24 Brian Warner * mailcrypt.texi (Remailer Support): update pointers for remailer lists, remailer keyrings.. the old ones have gone away by now. 2001-09-25 Brian Warner * mc-gpg.el (mc-gpg-comment): Remove the GnuPG URL, now that gpg adds its own Version: header. (mc-gpg-extra-args,mc-gpg-debug-buffer): Turn into defvar, because otherwise setq statements in user's .emacs file get overridden. I use this to point to a separate secret keyring (on removeable media) in my .emacs and somehow it took months for me to realize that it didn't actually work. * mc-gpg.el (mc-gpg-lookup-key): Use UTF-8 when asking user for a passphrase (if UTF-8 is available), patch adapted from Debian version, thanks to Francesco Potorti. 2001-09-18 Brian Warner * mc-toplev.el (autoloads): added gnus-summary autoloads, patch from XEmacs version, thanks to Steve Youngs. * README.gpg: update GnuPG home page, version numbers. * mc-gpg.el (mc-gpg-process-region): Another patch from Pavel Janík: mc-gpg-debug-buffer is not always bound. 2001-06-23 Brian Warner * mc-setversion.el (mc-default-scheme): Fix typo. Thanks to Pavel Janík for the catch. * mc-gpg.el (mc-gpg-encrypt-region): Use --recipient instead of old --remote-user to specify encryption target. This has been the standard argument name since gnupg-0.9.3, --remote-user is not documented and probably shouldn't be used. Unfortunately --recipient didn't exist in gnupg-0.9.2 and before, so this will break compatibility with ancient versions (where ancient = over two years old.. not something to worry about). Thanks to Filip Stokkeland for the catch. 2001-05-21 Brian Warner * mailcrypt: Release mailcrypt-3.5.6 2001-05-21 Brian Warner * ANNOUNCE: Update for Mailcrypt 3.5.6 . Update pointers to sourceforge.net . Remove mention of texinfo bug (I think it's fixed now). * README: Update pointers to sourceforge.net . * NEWS: Update for Mailcrypt 3.5.6 . Include changes in CVS since last release. * mailcrypt.texi: Updated for Mailcrypt 3.5.6. Update pointers to refer to new home at sourceforge.net . Add link to GnuPG home page. * mailcrypt.el (mc-version): Updated for Mailcrypt 3.5.6 2001-05-06 Brian Warner * mc-gpg.el (mc-gpg-lookup-key): Change key-regexp to tolerate extra fields at the end of lines emitted by --with-colons mode. Needed to handle new output format in gnupg-1.0.5, otherwise you get "No GPG secret key for xxx" errors. 2000-10-29 Brian Warner * mailcrypt.info: Removed the generated .info files from the CVS archive. They should be built from .texi before distributions, but not tracked in CVS. * mailcrypt.dvi: Ditto. * Makefile.in (distclean): Remove .info and .dvi too. * ChangeLog: add file-local variable to make date strings consistent. 1999-11-23 Len Budney * WARNINGS: Added list of security warnings. Mailcrypt is only as secure as the way it is used (and coded. Hrmph). 1999-11-22 Len Budney * mc-toplev.el: Fixed a bug in mh-rmail support, which dropped the user into a stupid buffer after decrypting a message. Okay, I just reverted that section of code to the original code from version 3.4. Question: why on earth do I fiddle with Pat's good old code? 1999-11-22 Brian Warner * mc-toplev.el: Reversed the test of signature verification for Rmail, which Len already reversed once, back in 3.5.2. What the heck was he thinking? If it ever did something useful, it doesn't now. Decryption status now shows properly when using Rmail. 1999-11-19 Matthias Andree * mailcrypt.texi: Fixed bug which spread index over many pages. 1999-09-08 Brian Warner * mc-gpg.el: revamp decrypt and verify parsers to handle gnupg-0.9.6 though 1.0.0 . Older versions have slight problems: unknown signators and symmetrically-encrypted messages tend to make mailcrypt think the message is corrupted, and some incidental information (keyids for unknown keys, some signature dates) is unavailable. Doesn't used stderr at all, barely uses the exit status. 1999-07-20 Leonard R. Budney * mc-pgp.el: Added check for PGP version mismatch when using PGP 2.6. * mailcrypt.info-1, mailcrypt.info-2, mailcrypt.info: Latest info files. * mc-gpg.el: Incorporated Brian Warner's Changes into GPG support. Specific changes are noted in his Changelog entries, below. 1999-07-18 Leonard R. Budney * mc-toplev.el: Changed GNUS interface to look at raw articles. Thanks to Mr. Stainless Steel Rat. * configure, configure.in: Modified configure script test for emacs. When building Mailcrypt in a subshell of XEmacs, the script would get confused because XEmacs would set the environment variable EMACS to t. Thanks to Todd Sabin. * mc-gpg.el: Added catchall pattern in GPG decrypt parser to catch arbitrary "decryption failed" messages. This prevents random failure from resulting in deleted message bodies! Thanks to Robert Bihlmeyer. 1999-07-17 Leonard R. Budney * mc-toplev.el: Changed rmail support so that errors do not leave the user in some wacky buffer. 1999-06-15 Brian Warner * mc-gpg.el: update comments to reflect GPG behavior through 0.9.7 (no code changes). Tested against 0.9.7, works ok, but we're not taking advantage of the new GPG status codes yet. 1999-05-25 Leonard R. Budney * mailcrypt.el: Changed message-box to message-or-box, which doesn't annoy as many people with that invasive message box. Thanks to Dave Love and Gunnar Evermann. * Makefile.in, mc-gpg.el, mc-pgp.el, mc-pgp5.el, mc-remail.el, mc-setversion.el: Cleaned up Makefile a bit, thanks to Francois Pinard. Also added some defvar's to quiet almost all of those pesky compiler warnings. Thanks to Francois Pinard and to Dave Love. 1999-05-18 Leonard R. Budney * mc-gpg.el, mc-pgp.el, mc-pgp5.el: Tightened regular expressions for matching PGP/GPG header strings only when they begin a line. Also improved the comment in mc-gpg.el. Thanks to Ulrik Dickow. 1999-04-20 Leonard R. Budney * mailcrypt.el: Changed email address parsing to use the rfc822 library. Now extraction of recipient addresses is fully RFC 822 compliant. * mc-toplev.el: Changed email address parsing to use the rfc822 library. Now extraction of recipient addresses is fully RFC 822 compliant. Thanks to Jack Twilley. 1999-03-28 Brian Warner * mc-gpg.el: totally revamp decrypt-parser and verify-parser. Tested against gpg-0.4.5 and gpg-0.9.5, checked GPG output messages for 0.4.5 and 0.9.[012345] and these parsers should work with them. GPG gives better and better status messages (easy to parse, not locale-specific) in recent versions so I split out the code that needs to scan stderr for information and created a variable called mc-gpg-handle-pre095 (default to t) that controls whether to use such code or not. If gpg-1.0 comes out and everyone uses it and never uses old crufty versions, then this will make it easier to rip that code out and have a much cleaner set of parsers. 1999-03-24 Brian Warner * mc-gpg.el (mc-gpg-verify-parser): cleanup, handle all gpg from 0.4.5 through 0.9.5, if the message is signed by an unknown key, get the keyid efficiently and safely from gpg-0.9.5, else pull it from a stderr message [less safe] 1999-03-23 Brian Warner * mc-gpg.el (mc-gpg-insert-parser): if rc != 0, don't insert anything, and return error information instead of erroring out. Change all callers to deal with it. This fixes the "if we can't find gpg, attempting to decrypt removes all text from the buffer" bug. * mc-gpg.el (mc-gpg-null-parser): fix [unused] null parser * mc-gpg.el (mc-gpg-decrypt-parser): another message changed in gpg-0.9.3 . Changed regexp to match either old ".. Secret key not available" or new ".. public key not found" 1999-03-20 Leonard R. Budney * ChangeLog, mc-pgp5.el: Fixed passphrase expiration when signing messages. Thanks to Greg Shapiro. 1999-03-12 Gregory Neil Shapiro * mc-pgp5.el (mc-pgp50-sign-parser): Deactivate the password if mc-passwd-timeout is set to nil. 1999-03-05 Brian Warner * mc-gpg.el: Patched GPG-signing code to work correctly with GPG-0.9.3. Thanks to Brian Warner. 1999-03-04 Leonard R. Budney * mc-pgp5.el: Added key-fetching to PGP 5 using the hkp protocol. Thanks Paul Koning! 1999-02-27 Leonard R. Budney * mc-toplev.el: Fixed a bug in rmail support, which always reported the wrong "verified" status. Thanks to Gerrit Jahn. * mc-toplev.el: Patched GNUS support so that Mailcrypt won't dump users into the "raw" article buffer--though that buffer is used for verifying since PGP junk can be hidden in GNUS. Thanks to Ulrik Dickow. * mc-toplev.el: Fixed mh-e support so that users can view encrypted messages without saving them. Thanks to Andreas Eder. * INSTALL, mc-setversion.el: Fixed mc-setversion to use completing-read in a way which works with both emacs and XEmacs. Thanks to Robert Bihlmeyer for the patch, and to numerous people for reporting the bug, including Dan Girellini, and Dirk Husemann. * INSTALL: Added a warning to the INSTALL file for users of Emacs 20.3 and higher, to install Mailcrypt correctly into rmail. Thanks to Tony Silva. * mc-pgp5.el: Fixed out-of-turn passphrase deactivation which breaks mailcrypt for anyone paranoid enough to set mc-passwd-timeout to 0 or nil. Thanks to Gregory Neil Shapiro. * ChangeLog, mc-gpg.el: Lots of cleanup and improvements in the GPG support code. Thanks to Brian Warner. * mailcrypt.el, mc-pgp5.el: Added support for key fetching under PGP 5.0. Many thanks to Loren J. Rittle! * mc-toplev.el: Removed call to (vm-select-folder-buffer) in mc-toplev.el. Thanks to Eric C. Newton. * mc-gpg.el: Fixed mc-gpg.el to avoid using with-current-buffer, which emacs 19 didn't have. Thanks to Brian Warner. 1999-01-10 Brian Warner * mc-gpg.el (mc-gpg-process-region): kill off temporary buffers (mc-gpg-insert-parser): if rc != 0, don't insert anything, and return error information instead of erroring out. Change all callers to deal with it. This fixes the "if we can't find gpg, attempting to decrypt removes all text from the buffer" bug. 1999-01-09 Brian Warner * mc-gpg.el (mc-gpg-decrypt-parser): accomodate gnupg-0.9.1, which emits NEED_PASSPHRASE status messages with two keyids. The first is the encryption [subkey] id, the new second one is the primary [dsa] keyid. We take the first one, but it doesn't really matter because 'gpg --list-secret-keys 0xkeyid' will accept either. Had to change the NEED_PASSPHRASE-recognizing regexp in mc-gpg-decrypt-parser to ignore additional characters after the first keyid. 1998-11-27 Brian Warner * mc-gpg.el: define with-current-buffer if it wasn't already. Needed for emacs19. Thanks to Ed Ferguson and Greg Troxel for the bug reports. (mc-gpg-encrypt-region): switch back to passing hex keyids to gpg instead of quoted strings: newer gpg can handle it if you give it a subkey id. Reduces the involvement of the shell, which is a good thing. (mc-gpg-decrypt-parser): if we see a NEED_PASSPHRASE message, ignore the presence of a "secret key not available" message. This deals with a funny case in which GPG sees a message with two recipients, doesn't have a private key for the first one, emits the failure message, but goes on to emit the passphrase message about the second anyway. Fixes "can't decrypt a message sent to multiple recipients" bug. (mc-gpg-insert-public-key): put quotes around userid string used in mc-gpg-insert-public-key: allows insertion when userid is defined with spaces. (mc-gpg-snarf-parser): don't modify the source buffer: fixes the RMAIL "buffer is read-only" error message. Thanks to Kevin Fenzi for the bug report. 1998-11-26 Leonard R. Budney * INSTALL, ANNOUNCE: Updated the announcement and install documentation. Thanks to Andreas Zell and Remi Guyomarch. * mailcrypt.info-2, mailcrypt.texi, mailcrypt.el, mailcrypt.info, mailcrypt.info-1, ChangeLog, LCD-entry, mailcrypt.dvi: Changed version information to 3.5.1 in all relevant files, preparatory to another release. * mailcrypt.info-1, mailcrypt.info-2, mc-pgp5.el, mailcrypt.info: Incorporated and tested Brian W's changes to mc-pgp5.el. He localized a bunch of variables, cutting down on compiler warnings. Thanks! * configure.in, mailcrypt.texi, mc-gpg.el, Makefile.in, README.gpg, configure: Incorporated more fixes from Brian Warner to GPG support; cleaned up Makefile, removed Perl test from configure script, updated the README.gpg, and much much more. * README.gpg: Sync-ed with patch from Brian Warner against 3.5b7. The change appears trivial only because his previous patch was faithfully applied way back when. 1998-10-19 Leonard R. Budney * mc-pgp5.el: Fixed bug in signing 8-bit data (including messages in most languages other than English! Bad, Bad PGP 5!). Thanks to Greg Steuck. * mailcrypt.texi, mailcrypt.info-1, mailcrypt.info-2, mailcrypt.info: Updated "mc-setversion" documentation in the Mailcrypt info file. Thanks to Adam Beck. 1998-10-16 Leonard R. Budney * configure.in, gpgwrap.pl.in, mc-gpg.el, INSTALL, Makefile.in, README.gpg, configure: Updated GPG support to handle GPG 0.4.1, and improve various aspects of mc-gpg.el. Most notably, the wrapper script gpgwrap.pl is now obsolete, and Mailcrypt users are heartily recommended to upgrade their GPG installation--it was a GPG bug which necessitated the wrapper script. Thanks to Brian Warner, the Official Mailcrypt GPG Wizard. * mc-pgp.el: Re-enabled conventional decryption in PGP 2.6 mode. Thanks to Roger Williams for spotting this bug. 1998-10-15 Leonard R. Budney * Makefile.in: Fixed "bindir" in the makefile, so that gpgwrap gets installed in the correct place. Thanks to Markku Kolkka. 1998-10-05 Leonard R. Budney * mc-toplev.el: Modified mc-mh-decrypt-message to optionally turn off backup of MH messages. By default, backup is enabled (for backward compatibility). Use this one with caution. 1998-10-04 Leonard R. Budney * mailcrypt.info-2, mc-pgp5.el, mailcrypt.info, mailcrypt.info-1: Fixed a "buffer bug" in which decrypting under mh-e exits with an error and leaves the user in some random buffer (although decryption succeeds). Basically, the PGP 5.0 parsers all call "pop-to-buffer" near the end, which screws up the buffer history list. Why on earth was "pop-to-buffer" ever used in the first place? 1998-09-28 Leonard R. Budney * INSTALL: Fixed INSTALL documentation of "mc-setversion". * mailcrypt.info-2, mailcrypt.texi, mailcrypt.info, mailcrypt.info-1, mailcrypt.dvi, mailcrypt.el, ChangeLog, LCD-entry, README, ANNOUNCE: Update for release. * mailcrypt.texi, mailcrypt.info, mailcrypt.info-1: Updated rmail documentation for Emacs 20.3, in which the rmail-mode-hook has changed to rmail-show-message-hook. Thanks to Tim Steele. * mailcrypt.texi, mailcrypt.info-2, mailcrypt.info-1, mailcrypt.info: Updated documentation to mention "message-mode" when setting up Mailcrypt for use under Gnus. Thanks to several usenet posters addressing this problem, particularly Kevin Davidson. * mc-pgp.el, mc-pgp5.el: Modified mc-pgp[50]-lookup-key to not mind a missing secret keyring. This is useful for the paranoid sorts ;-) who keep their secret keyring on a floppy, and who usually encrypt to public keys but don't sign. These folks can encrypt without their secret keyring even being on the machine in question. Thanks to Steven T. Smith (usenet post, 1997/02/03). 1998-09-27 Leonard R. Budney * mailcrypt.el, mc-pgp5.el: Applied patches which help Mailcrypt to run correctly with PGP 5.0i in XEmacs. Thanks to Gunnar Evermann. * mc-pgp5.el: Fixed the last bug in key snarfing; updated feedback to adhere to the current convention (list instead of cons). 1998-09-24 Leonard R. Budney * mc-pgp5.el: Improved diagnostic messages, particularly for signatures. They still don't quite match up with the old Mailcrypt messages, but they are a good deal better. 1998-09-23 Leonard R. Budney * mc-pgp5.el: Encryption now handles the (bogus) case that no recipients are specified. I believe that PGP 2.6.2 quietly armors text in that case, and perhaps we should do that. At the moment, however, we trap the error condition. * mc-pgp5.el: There! The last bug rooted out. Now mc-pgp50-process-region works correctly with Brian Warner's key snarfing code. Provisionally, key snarfing support is now complete. * mc-pgp5.el, mailcrypt.el, mc-gpg.el: Changed behavior of mc-pgp50-process-region to use more "Mailcryptish" messages. In part, this is to facilitate key fetching and snarfing, using code contributed by Brian Warner. We're getting close! 1998-09-22 Leonard R. Budney * Makefile.in: Changed "distclean" target to remove derived file "gpgwrap.pl". * mc-pgp5.el, gpgwrap.pl, gpgwrap.pl.in, mc-gpg.el, Makefile.in, configure, configure.in: Changed gpgwrap.pl to an "autoconf" file so that the path to perl is set at configuration time. Also added minor fixes to PGP 5.0 encryption. * mc-gpg.el: Oops again. Missed mc-gpg.el this time. * README.gpg, gpgwrap.pl: Oops--added in contributed files from Brian Warner containing the guts of GPG support. The previous revision included only changes to existing files. All better now! * mc-toplev.el, Makefile.in, mailcrypt.el, mc-setversion.el, INSTALL: Added complete implementation of GnuPG support. Also fixed up mc-setversion so that version selection behaves more like the documentation claims. Documentation includes discussion of the new GnuPG support. Much thanks to Brian Warner, again! * mc-pgp5.el: Implemented functional Key Snarfing under PGP 5.0. Thanks to Brian Warner! * mc-remail.el: Modified remailer support to handle multiple newsgroups correctly. I'm having real trouble posting with Mixmaster remailers, so this is pretty experimental. 1998-09-01 Leonard R. Budney * mailcrypt.info-1, mailcrypt.info-2, mailcrypt.info: Updated precompiled info files. * mc-pgp.el: Updated MIT public keyserver address for PGP 2.6.x key lookup. Thanks to Bill Wohler. * mailcrypt.texi, mc-remail.el: Updated finger address for remailer list in variable documentation. Changed regexp for parsing Levien remailer list to account for single quotes, which are sometimes used. 1998-08-29 Leonard R. Budney * mailcrypt.info-2, mailcrypt.texi, mailcrypt.info-1, mailcrypt.info, mailcrypt.dvi, Makefile.in, configure, configure.in: Updated Mailcrypt documentation--still a long way to go. Also fixed up the installation of info files, so the new documentation will install correctly. * configure.in, configure: Fixed a bug in the configure script which got confused when emacs (or Xemacs) are referred to by their full pathname. Thanks to Sergio Antoy. 1998-08-28 Leonard R. Budney * mailcrypt.el, mc-pgp.el, mc-pgp5.el: Moved definition of mc-pgp-always-sign into mailcrypt.el so that it applies to all encryption schemes at once. Also fixed a bug which prevented deactivation of an incorrect passphrase when signing and encrypting in one step. * mailcrypt.el, mc-pgp.el, mc-pgp5.el: Fixed a bug in the RFC-822 regular expression for mail headers. Also enhanced PGP keyid lookup to ignore revoked keys in both PGP 2 and PGP 5. Thanks to Dean Bullock for spotting this bug. 1998-08-27 Leonard R. Budney * mailcrypt.el: Modified mc-field-name-regexp to match on exactly those email headers which are RFC-822 compliant. * mailcrypt.el: Changed mc-field-name-regexp so that fields with ":" in their bodies work correctly. This permits addresses like "null:" and like "post: alt.test" when using mixmaster remailers. Note however that the latter should also be generated seamlessly by mailcrypt when posting in the usual way. * mc-toplev.el: Updated Gnus support to look in gnus-original-article-buffer rather than in gnus-article-buffer for PGP stuff. Gnus has been changed to actually delete PGP stuff when using gnus-article-hide-pgp, and this patch permits verification of signatures even when hidden. Thanks to Dave Love. 1998-08-26 Leonard R. Budney * mc-pgp5.el: Changed mc-pgp50-always-sign back to mc-pgp-always-sign. As a result, encrypting for remailers does not prompt repeatedly "Sign the message?" As a side effect, "always sign" really means always; for every coding scheme. * mc-pgp5.el: Fixed a stupid typo introduced in the previous revision. 1998-08-25 Leonard R. Budney * mc-pgp5.el: Enabled signing and encrypting in one step. Thanks to Fabien Coelho. * mc-pgp5.el: Added public key insertion for PGP 5.0, and fixed the annoying lack of newlines at the and of PGP messages. Thanks to Sergio Antoy. * mc-pgp5.el: Added Mailcrypt comment to signed messages in PGP 5.0. 1998-08-23 Leonard R. Budney * mc-pgp5.el, mc-setversion.el, mc-toplev.el, Makefile.in, mailcrypt.el, mc-pgp.el, mc-pgp2.el, INSTALL: Completed a major rewrite. Basic elisp code is unchanged, and overall functionality is unchanged. However, I restored the original mailcrypt files to their prior condition (almost), and implemented PGP 5 support through the "scheme" mechanism originally provided by Pat and Jin. Though there are pros and cons to both their approach and mine, I would rather stick with theirs. Now GPG support can be added fairly simply! 1998-08-19 Leonard R. Budney * INSTALL: Changed setup info for .emacs file to load "mc-setversion" rather than autoloading it. After all, it's silly to "autoload" something and then immediately call it! Thanks to Aaron Gross and David Maslen. * configure: Generated updated configure script. * configure.in, INSTALL: Tweaked the EMACSFLAGS for Xemacs to work for both Xemacs 19.x and 20.x. Fixed up the INSTALL file to document these slight differences. 1998-08-18 Leonard R. Budney * configure.in, configure, Makefile.in: Added "--vanilla" flag for Xemacs compiling, and modified the "configure" script to abort if emacs or Xemacs are not found. Also, changed the override to use the environment variable "EMACS" instead of the totally ridiculous "EMACS19". Thanks to Amir J. Katz. 1998-07-29 Leonard R. Budney * FSF-timer.el, Makefile.in, configure, configure.in, timer.el: Moved "timer.el" to a file of another name, to prevent inadvertantly including it when the timer package is already installed. * timer.el: Used a different version of timer.el which doesn't BREAK mailcrypt for NON xemacs users. 1998-07-26 Leonard R. Budney * Makefile.in: Fixed "make dist" to include timer.el. Oops! 1998-07-24 Leonard R. Budney * ANNOUNCE, NEWS: Updated announcement and news files. * ChangeLog, ChangeLog.old: Moved Jin and Pat's ChangeLog data into ChangeLog.old for the sake of history. The Changelog file will be automatically generated from my sources from now on. * ONEWS, ChangeLog, NEWS: Updated news and changelog files for the anticipated flurry of development and bug fixes. 1998-07-23 Leonard R. Budney * NEWS, ANNOUNCE, INSTALL, LCD-entry, mailcrypt.el: *** empty log message *** * INSTALL, README: Updated documentation for Xemacs users, and deleted some (old, and apparently obsolete) pointers from the README file. * configure.in, timer.el, Makefile.in, configure: Added timer.el to the Mailcrypt distribution, so that Mailcrypt should work correctly for Xemacs users. The configure script simply checks whether timer.el is in the user's load path, and includes timer.el in the list of files to compile and install if it isn't. 1998-07-22 Leonard R. Budney * mc-pgp5.el: Modified mc-pgp5-sign-parser to behave correctly when signing 8bit data. In that case, the PGP delimiter reads "END PGP MESSAGE" rather than "END PGP SIGNATURE". Thanks to Greg Steuck. 1998-07-21 Leonard R. Budney * load-path.hack, Makefile.in: Made Makefile more conformant to GNU standards, and eliminated annoying warning about Emacs versions other than 19.*. Thanks to Tony Silva. * mailcrypt.el, mailcrypt.info: Updated version number in elisp code. * pgpv.sh, pgpe.sh, pgps.sh, mc-setversion.el, mc-pgp5.el, mc-pgpk, mc-pgp.el, Makefile.in: Removed dependency on shell scripts and perl scripts. Added completion to mc-setversion. Thanks to Brian Warner. * mc-pgp5.el, INSTALL: Corrected initialization instructions and fixed regular expression to permit handling of emails in Svenska. Thanks to Jonas Linde. * mailcrypt.dvi, mailcrypt.texi, mc-pgpk, mkinstalldirs, pgpe.sh, pgps.sh, pgpv.sh, texi2html.ext: Initial revision. * mailcrypt.dvi, mailcrypt.texi, mc-pgpk, mkinstalldirs, pgpe.sh, pgps.sh, pgpv.sh, texi2html.ext: New file. * ANNOUNCE, ChangeLog, INSTALL, LCD-entry, Makefile.in, NEWS, ONEWS, README, configure, configure.in, expect.el, install-sh, load-path.hack, mailcrypt.el, mailcrypt.info, mc-pgp.el, mc-pgp2.el, mc-pgp5.el, mc-remail.el, mc-setversion.el, mc-toplev.el: Initial revision. * ANNOUNCE, ChangeLog, INSTALL, LCD-entry, Makefile.in, NEWS, ONEWS, README, configure, configure.in, expect.el, install-sh, load-path.hack, mailcrypt.el, mailcrypt.info, mc-pgp.el, mc-pgp2.el, mc-pgp5.el, mc-remail.el, mc-setversion.el, mc-toplev.el: New file. ;;; Local Variables: ;;; add-log-time-format: add-log-iso8601-time-string ;;; End: mailcrypt-3.5.9/ChangeLog.1000066400000000000000000000343071134617107500154610ustar00rootroot00000000000000Sat May 02 10:08:30 1998 Leonard R. Budney * Fixed a bug in mc-pgpk which broke mailcrypt for small PGP keys; contributed by Eric Newton . Sat Jan 31 20:05:30 1998 Leonard R. Budney * Version 3.5 released. * mc-pgp.el: parsers were extracted into two files, mc-pgp2.el and mc-pgp5.el to support multiple PGP versions. * mailcrypt.el: (mc-process-region) was cloned into two functions, mc-pgp2-process-region and mc-pgp5-process-region, because handling of PGP 5.0 is done very differently due to a broken batchmode. * mc-setversion.el: (mc-setversion) was added to toggle between various PGP versions. * expect.el: This file was added to incorporate expect-like functionality for handling PGP 5.0. It was provided courtesy of Lars Magne Ingebrigtsen <[22]lmi@gnus.org>. Tue Oct 10 15:53:01 1995 Patrick J. LoPresti * Version 3.4 released. Wed Oct 4 18:25:02 1995 Patrick J. LoPresti * INSTALL: Document setting mc-pgp-comment to nil if using obsolete version of PGP. * mc-remail.el (mc-parse-levien-buffer): Allow remailers with "mix" property, even if "pgp" and "cpunk" properties are lacking. (mc-generic-pre-encrypt-function): Don't try to expand-mail-aliases if 'mail-abbrevs is provided. * mc-pgp.el (mc-pgp-always-fetch): New variable. Use to regulate key fetching. Fri Sep 29 14:39:17 1995 Patrick J. LoPresti * mailcrypt.el (mc-deactivate-passwd): Don't give feedback unless called interactively. (mc-get-fields): Use `buffer-substring-no-properties' to get the body of the field as well as the name. Egad. Fri Sep 22 15:34:47 1995 Patrick J. LoPresti * mc-toplev.el (mc-gnus-verify-signature): Renamed from `mc-gnus-summary-verify-signature'. (mc-gnus-snarf-keys): Renamed from `mc-gnus-summary-snarf-keys'. (mc-gnus-decrypt-message): Renamed from `mc-gnus-summary-decrypt-message'. * mailcrypt.el (mc-modes-alist): Add `gnus-article-mode'. Reflect name changes to Gnus support functions. Wed Sep 20 09:30:53 1995 Patrick J. LoPresti * mc-toplev.el (mc-gnus-summary-decrypt-message): Bind `case-fold-search' to nil when matching "Gnus". * mailcrypt.el (mc-xemacs-p): "XEmacs", not "Xemacs". Sat Sep 16 09:51:03 1995 Patrick J. LoPresti * mc-pgp.el (mc-pgp-encrypt-region): If no recipients, just armor file. (mc-pgp-msg-end-line): Match optional newline at end. (mc-pgp-encrypt-region): Don't honor mc-encrypt-for-me if only armoring. Output "Armoring..." if only armoring. * mc-toplev.el (mc-gnus-summary-decrypt-message): Don't bother trapping error on decrypt. Require Gnus version 5.0.4 or higher. Use new `gnus-group-read-only-p' predicate. Pass t to `gnus-summary-edit-article'. (mc-encrypt-message): Punt check for no recipients. Sun Sep 10 16:36:37 1995 Patrick J. LoPresti * mc-pgp.el (mc-pgp-decrypt-parser): Deal with armor-only files. * mc-remail.el (mc-eliminate-continuation-lines): New function. (mc-generic-pre-encrypt-function): Eliminate continuation lines in preserved headers. (mc-rewrite-for-mixmaster): Ditto. Mon Sep 4 17:57:47 1995 Patrick J. LoPresti * mailcrypt.el (mc-process-region): Make sure we are in the source buffer when starting process, in case `process-environment' is buffer-local. * mc-remail.el (mc-rewrite-for-mixmaster): Signal error if attempting to post through a Mixmaster. Sun Sep 3 18:09:58 1995 Patrick J. LoPresti * mc-pgp.el (mc-pgp-decrypt-region): Add strategic `save-excursion' calls to avoid changing buffers inside `let'. Fri Sep 1 15:05:56 1995 Patrick J. LoPresti * mc-remail.el (mc-remailer-remove-property): New function. (mc-remailer-canonicalize-chain): Make second arg CHAINS-ALIST optional; default to `(mc-remailer-make-chains-alist)'. (mc-demix): New function. * mailcrypt.el (mc-process-region): Fix regexp to match "Process *PGP* killed" et al. Thu Aug 31 12:52:44 1995 Patrick J. LoPresti * mc-toplev.el (mc-encrypt-message): Clean up. Use `mc-get-fields' and `mc-strip-addresses'. * mailcrypt.el (mc-strip-addresses): New function. Use everywhere. * mc-remail.el (mc-remailer-choose-first): New function. (mc-remailer-choose-chain): New function. (mc-parse-levien-buffer): Add support for returning a "ranking" of remailers. (mc-remailer-canonicalize-elmt): Add support for using an integer N in a remailer-list to represent the top N remailers, shuffled randomly. (mc-strip-address): New function. Use everywhere. * mc-toplev.el (mc-vm-decrypt-message): Bind `this-command' to `vm-edit-message-end' to trick VM into doing the right thing when redisplaying. Sun Aug 27 13:12:22 1995 Patrick J. LoPresti * mc-toplev.el (mc-sign-generic): Only run hooks if signing was successful. Sat Aug 26 09:18:51 1995 Patrick J. LoPresti * mc-toplev.el (mc-vm-decrypt-message): Bind `vm-frame-per-edit' to nil. Fri Aug 25 17:41:28 1995 Patrick J. LoPresti * mc-toplev.el (mc-sign-generic): Return result of signing message, instead of always returning nil. Mon Aug 21 11:58:07 1995 Patrick J. LoPresti * mailcrypt.el (mc-modes-alist): Add support for `vm-virutal-mode'. Sun Aug 20 15:19:52 1995 Patrick J. LoPresti * Makefile.in (install): Use a loop for installing .elc files, since install-sh can't copy multiple files at once. * mc-toplev.el (mc-gnus-summary-decrypt-message): Back out 8/4 change; call `gnus-summary-edit-article-postpone' instead. Call `gnus-version' function instead of reading variable. Fri Aug 4 11:51:37 1995 Patrick J. LoPresti * mc-toplev.el (mc-gnus-summary-decrypt-message): Run `gnus-article-display-hook' after decrypting. Wed Aug 2 10:05:06 1995 Patrick J. LoPresti * mailcrypt.el (mc-split): Use \\' instead of $ to match end of string. Tue Aug 1 15:55:47 1995 Patrick J. LoPresti * Version 3.3 released. Mon Jul 31 11:22:23 1995 Patrick J. LoPresti * mc-toplev.el (mc-rmail-decrypt-message): Use abstractions for keymaps to work with XEmacs. (mc-gnus-summary-decrypt-message): Clean up. (mc-gnus-summary-verify-signature): Don't display all headers. (mc-gnus-summary-snarf-keys): Ditto. Sat Jul 29 11:47:51 1995 Patrick J. LoPresti * mc-pgp.el (mc-pgp-decrypt-region): Call `undo-boundary'. Thu Jul 27 20:56:41 1995 Patrick J. LoPresti * load-path.hack: Give a friendly warning if a version of Emacs other than 19 is used to byte-compile. Thu Jul 27 16:05:13 1995 Patrick J. LoPresti * configure.in: Use `EMACS19' instead of `EMACS' for autoconf substitution variable, lest "configure" get confused when run under an Emacs shell. * Makefile.in: Ditto. Thu Jul 27 10:24:47 1995 Patrick J. LoPresti * mc-pgp.el (mc-pgp-keyserver-address): Use "pgp.ai.mit.edu" instead of "www-swiss.ai.mit.edu". * ANNOUNCE: Update version and date in preparation for 3.3 release. * INSTALL: Updated to reflect new installation directory and absolute requirement of `easymenu'. * mailcrypt.el (mc-process-region): Fix parenthesization error. Again. Wed Jul 26 12:48:50 1995 Patrick J. LoPresti * mc-remail.el (mc-rewrite-for-remailer): Use `mc-encrypt-for-me' instead of `mc-encrypt-to-me', since there the latter does not exist. Sun Jul 23 13:01:47 1995 Patrick J. LoPresti * mc-pgp.el (mc-pgp-decrypt-region): Clean up case where key is missing and we offer to fetch it. Thu Jul 20 11:51:06 1995 Patrick J. LoPresti * mc-pgp.el (mc-pgp-newkey-re): Incorporate fix from Mike Long to only recognize key additions. Wed Jul 19 10:50:55 1995 Patrick J. LoPresti * mailcrypt.el: Deal with unbound buffer-substring-no-properties to work with Emacs 19.28 after all. * mc-pgp.el (mc-pgp-verify-region): Return nil if signature fails to verify. * mc-toplev.el (mc-sign-generic): Make sure start and end are markers before calling mc-pre-signature-hook. (mc-encrypt-generic): Ditto, mc-pre-encryption-hook. * mc-remail.el (mc-remailer-insert-response-block): Fix parenthesization error. * mc-toplev.el (mc-gnus-summary-decrypt-message): Incorporate Fran Litterio's changes for (ding) GNUS. Clean up MH-E stuff a bit. Should really redo it entirely at some point. * texi2html.ext: New file. Tue Jul 18 14:26:00 1995 Patrick J. LoPresti * Fix stuff all over to silence byte compilation warnings under XEmacs. * mailcrypt.el: (require 'easymenu) outright. Starting now we demand at least FSF Emacs 19.28 or XEmacs 19.13. Mon Jul 17 16:30:43 1995 Patrick J. LoPresti * Makefile.in: Minor tweaks. Use `.../share/emacs/site-lisp'. Sun Jul 16 13:48:06 1995 Patrick J. LoPresti * mc-pgp.el: Use "buffer-substring-no-properties" everywhere. Feh. mc-remail.el: Ditto. Sat Jul 15 01:41:18 1995 Patrick J. LoPresti * mc-pgp.el: Add "+language=en" to PGP command lines so that we are sure to parse the output correctly. Wed Jul 12 16:37:37 1995 Patrick J. LoPresti * mc-toplev.el (mc-vm-verify-signature): Call vm-widen-page in case vm-honor-page-delimiters is set. (mc-vm-snarf-keys): Ditto. ('mail-utils): Required for mail-fetch-field on some Emacsen. Fri Jun 30 10:20:52 1995 Patrick J. LoPresti * mc-remail.el (mc-rewrite-news-to-mail): Nuke "Newsgroups" field. Fri Jun 23 11:04:54 1995 Patrick J. LoPresti * Version 3.2 released. * mc-pgp.el (mc-pgp-fetch-key): Add "+batchmode" to PGP arglist. (mc-pgp-key-begin-line): Allow match only when delimiter string is the entire line. (mc-pgp-key-end-line): Likewise. * configure.in: New file. configure: New file. Makefile.in: New file. Brought into conformance with GNU standards. INSTALL: Revised to reflect `autoconf'-generated configuration scheme. * mailcrypt.el (mc-deactivate-passwd, mc-activate-passwd): Do the right thing if both `timer' and `itimer' are present. Thu Jun 22 16:57:49 1995 Patrick J. LoPresti * mc-pgp.el (mc-pgp-generic-parser): Include '\n' from final delimiter line. Wed Jun 21 18:13:10 1995 Patrick J. LoPresti * mc-pgp.el (mc-pgp-fetch-key): Give a diagnostic if the key was not found. Tue Jun 20 00:53:51 1995 Patrick J. LoPresti * mc-toplev.el (mc-rmail-view-quit): Mark buffer unmodified when quitting. * mailcrypt.el (mc-process-region): Don't rely on accept-process-output returning immediately if process is dead (for XEmacs' sake). * README: Revised (i.e., truncated) to reflect INSTALL file, Texinfo docs, and Web pages. * INSTALL: New file. * Makefile: New file. Mon Jun 19 16:55:39 1995 Patrick J. LoPresti * NEWS: New file. * mailcrypt.texi: New file. Spent last few days getting this written and the Web pages up. Fri Jun 16 17:55:14 1995 Patrick J. LoPresti * mc-pgp.el (mc-pgp-comment): New variable. Thu Jun 15 00:33:44 1995 Patrick J. LoPresti * mc-pgp.el: New file. * mc-toplev.el: New file. Wed Jun 14 16:51:00 1995 Patrick J. LoPresti * mailcrypt.el (mc-pgp-fetch-from-keyrings): New function. (mc-pgp-fetch-keyring-list): New variable. Forgot to document most of the changes in the past week, oh well. (mc-scheme-pgp): New function to replace variable of same name in preparation for putting PGP support into its own file. Thu Jun 8 13:16:50 1995 Patrick J. LoPresti * mailcrypt.el (mc-pgp-fetch-finger): New function. (mc-pgp-fetch-http): New function. (mc-pgp-fetch-key): New function. Thu Jun 1 20:09:21 1995 Patrick J. LoPresti * mailcrypt.el (mc-encrypt-generic): Only use Email addresses in default-recipients. (mc-pgp-generic-parser): Fix parenthesis error causing non-nil return on bad passphrase. Fix regular expression for bad passphrase. Thu May 11 19:32:19 1995 Patrick J. LoPresti * mailcrypt.el (mc-pgp-display-snarf-output): New variable, defaults to nil. If t, pop up a window to display the output of key snarfing. * mc-remail.el (mc-nuke-field): Do not clobber markers. (This is the wrong place to do it anyway.) (mc-rewrite-for-remailer): Eliminate "Comment" and "From" headers after encryption. Tue May 9 15:58:53 1995 Patrick J. LoPresti * mailcrypt.el (mc-modes-alist): Fix typos for mh-folder-mode and gnus-summary-mode. (mc-sign-message): Fix parenthesization error in let. Mon May 8 22:27:20 1995 Patrick J. LoPresti * mailcrypt.el (mc-encrypt-region): New interactive function. Encrypts the current region by calling the appropriate function as determined by mc-modes-alist. (mc-encrypt-generic): New function; bottom level of scheme-independent encryption routines. (mc-encrypt-message): Rewritten to call mc-encrypt-generic. (mc-encrypt): Rewritten to just call mc-encrypt-region. Upshot of all this is to allow encryption in arbitrary buffers, not just message buffers. (mc-sign-region): New interactive function. (mc-sign-generic): New function; bottom level of scheme-independent signing routines. (mc-sign-message): Rewritten to call mc-sign-generic. (mc-sign): Rewritten to just call mc-sign-region. Upshot of all this is to allow signing in arbitrary buffers, not just message buffers. Mon May 8 16:02:45 1995 Patrick J. LoPresti * mailcrypt.el (mc-always-replace): Add 'never option. (mc-message): Remove "is-err" argument. Only deactivate passphrase on "Bad passphrase" error. mailcrypt-3.5.9/FSF-timer.el000066400000000000000000000157431134617107500156310ustar00rootroot00000000000000;;; timer.el --- run a function with args at some time in future ;; Copyright (C) 1990, 1993, 1994 Free Software Foundation, Inc. ;; Maintainer: FSF ;; This file is part of GNU Emacs. ;; GNU Emacs is free software; you can redistribute it and/or modify ;; it under the terms of the GNU General Public License as published by ;; the Free Software Foundation; either version 2, or (at your option) ;; any later version. ;; GNU Emacs is distributed in the hope that it will be useful, ;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;; GNU General Public License for more details. ;; You should have received a copy of the GNU General Public License ;; along with GNU Emacs; see the file COPYING. If not, write to ;; the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. ;;; Commentary: ;; This package gives you the capability to run Emacs Lisp commands at ;; specified times in the future, either as one-shots or periodically. ;; The single entry point is `run-at-time'. ;;; Code: (defvar timer-program (expand-file-name "timer" exec-directory) "The name of the program to run as the timer subprocess. It should normally be in the exec-directory.") (defvar timer-process nil) (defvar timer-alist ()) (defvar timer-out "") (defvar timer-dont-exit nil ;; this is useful for functions which will be doing their own erratic ;; rescheduling or people who otherwise expect to use the process frequently "If non-nil, don't exit the timer process when no more events are pending.") ;; Error symbols for timers (put 'timer-error 'error-conditions '(error timer-error)) (put 'timer-error 'error-message "Timer error") (put 'timer-abnormal-termination 'error-conditions '(error timer-error timer-abnormal-termination)) (put 'timer-abnormal-termination 'error-message "Timer exited abnormally--all events cancelled") (put 'timer-filter-error 'error-conditions '(error timer-error timer-filter-error)) (put 'timer-filter-error 'error-message "Error in timer process filter") ;; This should not be necessary, but on some systems, we get ;; unkillable processes without this. ;; It may be a kernel bug, but that's not certain. (defun timer-kill-emacs-hook () (if timer-process (progn (set-process-sentinel timer-process nil) (set-process-filter timer-process nil) (delete-process timer-process)))) (add-hook 'kill-emacs-hook 'timer-kill-emacs-hook) ;;;###autoload (defun run-at-time (time repeat function &rest args) "Run a function at a time, and optionally on a regular interval. Arguments are TIME, REPEAT, FUNCTION &rest ARGS. TIME, a string, can be specified absolutely or relative to now. TIME can also be an integer, a number of seconds. REPEAT, an integer number of seconds, is the interval on which to repeat the call to the function. If REPEAT is nil or 0, call it just once. Absolute times may be specified in a wide variety of formats; Something of the form `HOUR:MIN:SEC TIMEZONE MONTH/DAY/YEAR', where all fields are numbers, works; the format used by the Unix `date' command works too. Relative times may be specified as a series of numbers followed by units: 1 min denotes one minute from now. min does too. 1 min 5 sec denotes 65 seconds from now. 1 min 2 sec 3 hour 4 day 5 week 6 fortnight 7 month 8 year denotes the sum of all the given durations from now." (interactive "sRun at time: \nNRepeat interval: \naFunction: ") (if (equal repeat 0) (setq repeat nil)) ;; Make TIME a string. (if (integerp time) (setq time (format "%d sec" time))) (cond ((or (not timer-process) (memq (process-status timer-process) '(exit signal nil))) (if timer-process (delete-process timer-process)) (setq timer-process (let ((process-connection-type nil)) (start-process "timer" nil timer-program)) timer-alist nil) (set-process-filter timer-process 'timer-process-filter) (set-process-sentinel timer-process 'timer-process-sentinel) (process-kill-without-query timer-process)) ((eq (process-status timer-process) 'stop) (continue-process timer-process))) ;; There should be a living, breathing timer process now (let* ((token (concat (current-time-string) "-" (length timer-alist))) (elt (list token repeat function args))) (process-send-string timer-process (concat time "@" token "\n")) (setq timer-alist (cons elt timer-alist)) elt)) (defun cancel-timer (elt) "Cancel a timer previously made with `run-at-time'. The argument should be a value previously returned by `run-at-time'. Cancelling the timer means that nothing special will happen at the specified time." (setcar (cdr elt) nil) (setcar (cdr (cdr elt)) 'ignore)) (defun timer-process-filter (proc str) (setq timer-out (concat timer-out str)) (let (do token error) (while (string-match "\n" timer-out) (setq token (substring timer-out 0 (match-beginning 0)) do (assoc token timer-alist) timer-out (substring timer-out (match-end 0))) (cond (do (apply (nth 2 do) (nth 3 do)) ; do it (if (natnump (nth 1 do)) ; reschedule it (send-string proc (concat (nth 1 do) " sec@" (car do) "\n")) (setq timer-alist (delq do timer-alist)))) ((string-match "timer: \\([^:]+\\): \\([^@]*\\)@\\(.*\\)$" token) (setq error (substring token (match-beginning 1) (match-end 1)) do (substring token (match-beginning 2) (match-end 2)) token (assoc (substring token (match-beginning 3) (match-end 3)) timer-alist) timer-alist (delq token timer-alist)) (or timer-alist timer-dont-exit (process-send-eof proc)) ;; Update error message for this particular instance (put 'timer-filter-error 'error-message (format "%s for %s; couldn't set at \"%s\"" error (nth 2 token) do)) (signal 'timer-filter-error (list proc str))))) (or timer-alist timer-dont-exit (process-send-eof proc)))) (defun timer-process-sentinel (proc str) (let ((stat (process-status proc))) (if (eq stat 'stop) (continue-process proc) ;; if it exited normally, presumably it was intentional. ;; if there were no pending events, who cares that it exited? (or (null timer-alist) (eq stat 'exit) (let ((alist timer-alist)) (setq timer-process nil timer-alist nil) (signal 'timer-abnormal-termination (list proc stat str alist)))) ;; Used to set timer-scratch to "", but nothing uses that var. (setq timer-process nil timer-alist nil)))) (defun cancel-function-timers (function) "Cancel all events scheduled by `run-at-time' which would run FUNCTION." (interactive "aCancel timers of function: ") (let ((alist timer-alist)) (while alist (if (eq (nth 2 (car alist)) function) (setq timer-alist (delq (car alist) timer-alist))) (setq alist (cdr alist)))) (or timer-alist timer-dont-exit (process-send-eof timer-process))) (provide 'timer) ;;; timer.el ends here mailcrypt-3.5.9/INSTALL000066400000000000000000000144541134617107500146020ustar00rootroot00000000000000System Requirements =================== Mailcrypt is designed for use with FSF Emacs 19.29 (and higher) or XEmacs 19.13 (and higher). Mailcrypt absolutely requires at least FSF Emacs 19.28 or XEmacs 19.12. With some effort, earlier versions might be made to work, but this is not supported. Mailcrypt is also designed for use with PGP version 2.6 or higher, with the exception of 2.6ui (which is really just 2.3a in disguise). It is trivial to make Mailcrypt work with earlier versions, however; see below. Basic Installation ================== The simplest way to build and install Mailcrypt is: 1. `cd' to the Mailcrypt source directory and type `./configure' to configure Mailcrypt for your system. 2. Look at the program names in mc-pgp.el and mc-pgp5.el to make sure that they are correct. On my system, for example, I call PGP 2.6.3 as "pgp2". If you call PGP 2.6.x as "pgp", then you are probably OK. 3. Type `make' to build the byte-compiled Lisp files. 4. Type `make install' to install the Mailcrypt Lisp files and Info manual. Load Path ========= If you use VM, RMAIL, MH-E, or GNUS and the respective package is not in your default load-path, Mailcrypt may fail to byte compile correctly. (Emacs does not load your `.emacs' file when run in batch mode.) If this applies to you, edit Mailcrypt's `load-path.hack' file to add the appropriate directory to the load-path during byte compilation. In addition, PGP 5.0 support requires the file timer.el, which should be included in FSF Emacs, but is NOT included with Xemacs. This file is included with Mailcrypt, and will be installed if the timer library isn't found in the load path. If you already have timer.el, but it is in an unusual place, edit the file `load-path.hack' file accordingly. Installation Names ================== By default, `make install' will install the package's files in `/usr/local/info' and `/usr/local/share/emacs/site-lisp'. You can specify an installation prefix other than `/usr/local' by giving `configure' the option `--prefix=PATH'. If your installed copy of Emacs is named something other than `emacs' or `xemacs', you will need to tell `make' where to find it so that it can correctly byte-compile the Mailcrypt sources. For example, to force the use of XEmacs you might do this: ./configure make EMACS=xemacs make install or this (for users of the Bourne shell and derivatives): EMACS=xemacs ./configure make make install or this (for users of *ugh* the C shell and derivatives): setenv EMACS xemacs ./configure make make install Also, the `--prefix=PATH' option to `configure' may not be general enough to set the paths you want. If not, you can pass variables to the `make' command to control the installation. For a complete list of tweakable variables, look in the makefile. For example, to put the Lisp files in `$HOME/elisp' and the Info file in `$HOME/info', you would type: ./configure make make lispdir=$HOME/elisp infodir=$HOME/info install If you want to supply special flags to emacs for compiling the elisp files, you would type: ./configure make EMACSFLAGS="-q -no-site-file" make install FSF Emacs 19.28 =============== Mailcrypt's installation procedure assumes the directory structure used by FSF Emacs 19.29 (e.g., `/usr/local/share/emacs/site-lisp'). If you are using 19.28, you will need to use an installation command like the following: make datadir=/usr/local/lib install This is the *only* special action required to install Mailcrypt for FSF Emacs 19.28. FSF Emacs 20.3 or higher ======================== To use Mailcrypt with rmail, put the following in your .emacs: (add-hook 'rmail-show-message-hook 'mc-install-read-mode) Don't use the following, which worked for older emacsen: (add-hook 'rmail-mode-hook 'mc-install-read-mode) XEmacs 19.12 ============ Mailcrypt requires the `easymenu' package, which is bundled with FSF Emacs 19.28 (and higher) and with XEmacs 19.13 (and higher). If you are using XEmacs 19.12, you will need to obtain a copy of this package and install it somewhere in your load-path. The easiest way is to go to ftp://archive.cis.ohio-state.edu/pub/gnu/emacs/elisp-archive/ and obtain the latest version of `auc-menu.el'. Install it in your load path under the name `easymenu.el'. (Don't ask why.) Obsolete PGP versions ===================== Versions of PGP prior to 2.6 (including version 2.6ui, which is just a hacked 2.3a) do not support the "+comment" option, which Mailcrypt uses for gratuitous advertising. To use Mailcrypt with such a version (or just to suppress the message), add the following line to your `.emacs' file: (setq mc-pgp-comment nil) PGP 5.0 Support =============== Starting with Mailcrypt 3.5b1, Mailcrypt can support both older (2.6.*) and newer (5.0) versions of PGP. Support for PGP 5.0 is limited, and excludes key snarfing, among other things. All of the same keymaps and functions are used as in Mailcrypt 3.4; nothing should have changed for the end user. (Note: *please* send me suggestions and patches to if you have improvements or fixes you would make!) To use Mailcrypt 3.5b1 and higher, you must include two lines like the following in your .emacs file: (load-library "mailcrypt") (mc-setversion "5.0") ;; Alternately, "2.6" or "gpg" The function mc-setversion is interactive, and can be used at any time to toggle between PGP versions. A nice future enhancement would be to add this option to the PGP menu. GPG (Gnu Privacy Guard) Support =============================== Starting with Mailcrypt 3.5b7, there is alpha support for gnupg. Almost everything available to pgp2 is available, with the notable exception of automatic key fetching. There are some bugs and limitations in the current gpg support. See README.gpg for details. To use GPG by default, add this to your .emacs file: (load-library "mailcrypt") (mc-setversion "gpg") Most mailcrypt commands will let you set the encryption scheme on the fly: use a double prefix argument. For example, to sign a message, use C-u C-u C-c / s, and you will be asked for a scheme and a user id. The GPG home page is at . The source is available at . Suggestions/Bug Reports ======================= Send all suggestions for fixes, etc to . mailcrypt-3.5.9/LCD-entry000066400000000000000000000003621134617107500152260ustar00rootroot00000000000000mailcrypt|Len Budney and Jin Choi and Pat LoPresti|lbudney@pobox.com, jin@atype.com, patl@lcs.mit.edu|PGP 5.0 and 2.6.* interface (plus anonymous remailer support) for RMAIL, VM, mh-e, GNUS|31-Jan-98|3.5.5|~/interfaces/mailcrypt-3.5.5.tar.gz mailcrypt-3.5.9/Makefile.in000066400000000000000000000106201134617107500156050ustar00rootroot00000000000000## This is a -*- makefile -*- # What the Emacs binary is called on your system EMACS = @EMACS@ EMACSFLAGS = @EMACSFLAGS@ # Prefix for constructing installation directory paths prefix = @prefix@ exec_prefix = @exec_prefix@ # Shared directory for read-only data files datadir = $(prefix)/share # Where to put the .el and .elc files lispdir = $(datadir)/emacs/site-lisp # Where to put the Info files infodir = @infodir@ #INFOFILES = mailcrypt.info mailcrypt.info-1 mailcrypt.info-2 INFOFILES = mailcrypt.info # Installation command INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_INFO = @INSTALL_INFO@ # Various auxiliary programs MAKEINFO=makeinfo DVIPS=dvips TEXI2DVI=texi2dvi TEXI2HTML=texi2html TAR=tar srcdir = @srcdir@ VPATH = @srcdir@ SOURCES = @EXTRA_SRCS@ \ mailcrypt.el mc-toplev.el mc-pgp.el mc-remail.el \ mc-pgp5.el mc-pgp6.el mc-gpg.el expect.el mc-setversion.el OBJECTS = @EXTRA_OBJS@ \ mailcrypt.elc mc-toplev.elc mc-pgp.elc mc-remail.elc \ mc-pgp5.elc mc-pgp6.elc mc-gpg.elc expect.elc mc-setversion.elc GPG_TESTCASES = $(foreach f,CS.s1v CS.s3v E.e1r E.e3 ES.e1r.s1v ES.e1r.s3v \ ES.e3.s1v S.s1v S.s3v CS.s2v CS.s4 E.e2r E.e4 ES.e1r.s2v \ ES.e1r.s4 ES.e4.s1v S.s2v S.s4 SE,tests/gpg-testcases/$(f)) TESTFILES_GPG = tests/Makefile.in \ tests/make_gpg_testcases.py tests/test-gpg.el tests/gpg-keys/Makefile \ tests/gpg-keys/fix-trust.py tests/gpg-keys/make-rings.py \ tests/gpg-keys/rings.txt $(GPG_TESTCASES) TESTFILES_REMAILER = tests/remailer/Makefile.in tests/remailer/rings.txt \ tests/remailer/rlist.txt tests/remailer/test-remailer.el \ tests/remailer/unwind.py DISTFILES = $(SOURCES) ANNOUNCE COPYING ChangeLog ChangeLog.1 INSTALL \ LCD-entry Makefile.in NEWS ONEWS README configure configure.in \ install-sh load-path.hack mailcrypt.texi mkinstalldirs texi2html.ext \ FSF-timer.el $(INFOFILES) mailcrypt.dvi README.gpg $(TESTFILES_GPG) \ $(TESTFILES_REMAILER) SHELL = /bin/sh #.PHONY: all clean dist distclean dvi html info install \ # installdirs ps uninstall .SUFFIXES: .SUFFIXES: .elc .el .el.elc: $(EMACS) -batch $(EMACSFLAGS) -l $(srcdir)/load-path.hack \ -f batch-byte-compile $< all: $(OBJECTS) check: $(OBJECTS) $(MAKE) -C tests check install: all installdirs install-info for f in $(SOURCES); do \ $(INSTALL_DATA) $(srcdir)/$$f $(lispdir); \ done; for f in $(OBJECTS); do \ $(INSTALL_DATA) $$f $(lispdir); \ done; # Make sure all installation directories actually exist # by making them if necessary. installdirs: mkinstalldirs $(srcdir)/mkinstalldirs $(lispdir) $(infodir) # If your install-info doesn't know how to look inside the .info file for the # menu entry to add, try adding # --entry="* Mailcrypt: (mailcrypt). An Emacs/PGP interface" # to the arguments. install-info: info cd $(srcdir) && for file in $(INFOFILES); do\ $(INSTALL_DATA) $$file $(infodir)/$$file; \ done -$(INSTALL_INFO) --info-dir=$(infodir) mailcrypt.info uninstall: -cd $(lispdir) && rm -f $(SOURCES) $(OBJECTS) -cd $(infodir) && rm -f $(INFOFILES) $(INSTALL_INFO) --remove --info-dir=$(infodir) mailcrypt.info info: $(INFOFILES) $(INFOFILES): mailcrypt.texi $(MAKEINFO) $(srcdir)/mailcrypt.texi timer.el: FSF-timer.el cp FSF-timer.el timer.el dvi: mailcrypt.dvi mailcrypt.dvi: mailcrypt.texi $(TEXI2DVI) $(srcdir)/mailcrypt.texi ps: mailcrypt.ps mailcrypt.ps: mailcrypt.dvi $(DVIPS) -f $(srcdir)/mailcrypt.dvi >$@ html: mailcrypt_toc.html mailcrypt_toc.html: mailcrypt.texi $(TEXI2HTML) -split_chapter $(srcdir)/mailcrypt.texi TAGS: $(SOURCES) cd $(srcdir) && etags $(SOURCES) clean: rm -f $(OBJECTS) -rm -f *.aux *.cp *.cps *.fn *.ky *.log *.pg *.toc *.tp *.vr -rm -f *.html rm -f TAGS distclean: clean -rm -f *~ *.tar.gz -rm -f Makefile config.status config.cache config.log timer.el -rm -f *.info* *.dvi ${srcdir}/configure: configure.in cd ${srcdir} && autoconf Makefile: Makefile.in config.status ./config.status config.status: ${srcdir}/configure ./config.status --recheck dist: $(DISTFILES) version=`perl -ne 'print $$1 if /defconst mc-version \"(.*)\"/' \ mailcrypt.el`; \ distname=mailcrypt-$$version; \ rm -rf $$distname; \ mkdir $$distname; \ mkdir $$distname/tests; mkdir $$distname/tests/gpg-keys; \ mkdir $$distname/tests/gpg-testcases; \ mkdir $$distname/tests/remailer; \ for file in $(DISTFILES); do \ ln $$file $$distname/$$file; \ done; \ $(TAR) -chz -f $$distname.tar.gz $$distname; \ rm -rf $$distname mailcrypt-3.5.9/NEWS000066400000000000000000000113301134617107500142360ustar00rootroot00000000000000Noteworthy changes in Mailcrypt version 3.5.9: * GPG stdout buffer is now put into multibyte mode even when emacs is using unibyte mode in general (such as under 'standard-display-european'). This should fix the "inserts \201 before non-ascii characters" bugs (SF#496157, SF#501891, possibly others). A test case was added to catch these bugs in the future. * new remailer support for modern mixmaster and mixminion clients, which send the message directly rather than modify the emacs buffer and allowing the user to send the message through their emacs MUA mode. ** added "mc-default-remailer-scheme" to choose which remailer method you want to use: type1, mixmaster, or mixminion. [C-c / r] now does a remailer-scheme -specific function. Various MUA modes can behave differently if they wish. * Added support for PGP 6.5, generously contributed by Derek Atkins. * Added support for the Wanderlust MUA mode. * Support GNU Emacs 23. Noteworthy changes in Mailcrypt version 3.5.8: * mc-remail.el updated to support modern remailers (as defined by MixMaster version 2.9b33, on sourceforge). Closes most of SF#583330. ** the 'Subject:' header is now put in the ## section instead of the :: section, so remailers should copy them into the final message. ** Use Anon-To: instead of Request-Remailing-To * fixed mc-gpg.el to cache passphrases by keyid instead of name; this will help users who have multiple secret keys with the same name but different passphrases. Closes Debian #161691. * less noteworthy changes: ** added copy of GPL, since mailcrypt is distributed separately from Emacs ** Added unit test for anonymous remailer support. Encrypting through a basic remailer chain can now be verified, if you have python and py-gnupg installed. ** docs: updated 'finger' addresses for remailer lists again, since they keep moving Noteworthy changes in Mailcrypt version 3.5.7: * Integration with the Mew mail client: added hooks to use in Mew summary, draft, and message buffers. Note that Mew handles PGP-MIME (RFC3156, "multipart/encrypted") messages by itself; this is just for traditional armored "in-line" encryption. * Gnus updates, now usable in summary buffer * Less noteworthy changes: ** Added a unit test framework. GnuPG decryption now has test coverage. ** GnuPG updates ** MH fix to handle latest versions of mh-e that use read-only message buffers ** Don't use hardwired /tmp directory, might fix some problems on NT. Noteworthy changes in Mailcrypt version 3.5.6: * Fix to work with GnuPG-1.0.5. * Update docs to point to new home on SourceForge. * Changes that have been languishing in CVS for, um, ages. (18 months? eek!) * Bugfix in mh-rmail support. Len's note says it "dropped the user into a stupid buffer after decrypting a message". * Bugfix in RMAIL "signature verified" status indicator (the "verified" label). Old code got the flag backwards if you chose to replace the encrypted message with the decrypted plaintext. New code fixes that and marks the message decrypted (and verified, if appropriate) even if you just view it without replacing the original. * Minor build fixes. Noteworthy changes in Mailcrypt version 3.5.5: * GnuPG support is now compatible with versions through 1.0. Noteworthy changes in Mailcrypt version 3.5.4: * None, really; this is a bugfix release. Noteworthy changes in Mailcrypt version 3.5.3: * Added support for the Horowitz Key Protocol. PGP5 key fetching is feature-complete. * Fixed a minor compatibility bug between GPG 0.9.3 and Mailcrypt. Noteworthy changes in Mailcrypt version 3.5.2: * Added key fetching for PGP 5.0. Uses finger or HTTP, but not hkp yet. * Fixed a bug which dumped GNUS users into the wrong buffer after verifying a signature. * Fixed a compatibility bug between XEmacs and FSF Emacs in mc-setversion. * Fixed a bug in mh-e support so that users can view decrypted messages without saving them. * Several minor bugfixes. Noteworthy changes in Mailcrypt version 3.5b4: * Fixed a bug which broke encryption to multiple recipients (PGP 5). * Fixed a bug which broke encryption of 8-bit data and files (PGP 5). * Fixed the missing "timer.el" problem. Now Mailcrypt should run properly for Xemacs users. * Eliminated some silly shell and perl scripts. * Updated the README to reduce installation difficulties (I hope). Noteworthy changes in Mailcrypt version 3.5b1: * No bug fixes; in fact there are probably fresh new bugs. * Mailcrypt now supports PGP version 5.0 as well as version 2.6.*, and can be toggled between "active versions" at will. Every effort has been made to ensure that what used to work, still works. mailcrypt-3.5.9/ONEWS000066400000000000000000000241151134617107500143620ustar00rootroot00000000000000;;{{{ Change Log ;;{{{ Noteworthy changes in Mailcrypt version 3.5b1: ;; * No bug fixes; in fact there are probably fresh new bugs. ;; * Mailcrypt now supports PGP version 5.0 as well as version 2.6.*, and ;; can be toggled between "active versions" at will. Every effort has ;; been made to ensure that what used to work, still works. ;;}}} ;;{{{ Noteworthy changes in Mailcrypt version 3.4: ;; * Several bug fixes, mostly in the remailer functions. ;; * `C-c / d' can now decode armor-only messages. ;; * `C-c / e' with an empty recipient list now generates an armor-only ;; message. ;; * Better support for Gnus 5 (formerly "(ding) Gnus"), including ;; decryption of messages in read-only groups. Requires Gnus 5.0.4 or ;; higher. ;; * Better support for recent versions (5.95+) of VM. ;; * New option for remailer list entries: Positive integer N represents a ;; random permutation of the N "best" remailers as ordered in ;; `~/.remailers'. ;; * New configuration variable `mc-pgp-always-fetch' to control attempts ;; to fetch PGP keys. Legal values are t, 'never, and nil (the default). ;;}}} ;;{{{ Noteworthy changes in Mailcrypt version 3.3: ;; * Numerous minor bugs have been fixed. ;; * Mailcrypt now requires at least FSF Emacs version 19.28 or XEmacs ;; version 19.12. Sorry, but anything else is too annoying. ;; * Support has been added for reading mail under (ding) Gnus. ;;}}} ;;{{{ Noteworthy changes in Mailcrypt version 3.2: ;; * Mailcrypt now uses "start-process" instead of "call-process-region" to ;; run PGP; this uses a pipe instead of a temp file for various inputs, ;; including your passphrase. Ahem. ;; * All Mailcrypt commands now start with the prefix `C-c /' to bring ;; Mailcrypt into line with documented GNU standards. ;; * `mc-insert-public-key' is now bound to `C-c / x' (an in "extract") ;; instead of `C-c a'. ;; * `mc-deactivate-passwd' is bound to `C-c / f' (as in "forget"). ;; * `mc-read-mode' and `mc-write-mode' are now full-blown minor modes. So ;; you can do, for example, `M-x mc-install-write-mode' from a Text mode ;; buffer and have the normal encryption and signing commands available. ;; The keymaps for the modes are configurable variables. ;; * Interactive commands `mc-encrypt-region', `mc-sign-region', etc. are ;; now defined. ;; * If you use RMAIL and you say no to "Replace encrypted message with ;; decrypted?", you will be dropped into RMAIL mode for viewing. ;; * RMAIL summary mode is now supported. ;; * Documentation in the form of a Texinfo file is now part of the ;; distribution. ;; * Mailcrypt can now fetch a needed key from finger, HTTP, or any of a ;; list of locally stored keyrings. `C-c / k' initiates a fetch ;; manually; Mailcrypt will offer to initiate one automatically as ;; appropriate during encryption or signature verification. ;; * The remailer functions now support Mixmaster. ;; * `C-c / d' can handle conventionally encrypted messages. ;;}}} ;;{{{ Changes from 3.0: ;; * Generate a warning if some public keys are found while others ;; are not during encryption. ;; * Rewrite calls like (message msg) to (message "%s" msg), in case ;; msg includes a "%". ;; * Handle case in mc-pgp-decrypt-region when signature verifies, but ;; key has not been certified. ;; * Put save-excursion around each top-level function. ;; * Handle case in mc-pgp-decrypt-region when signature fails to verify ;; because you don't have the necessary public key. ;; * Locally bind mc-encrypt-for-me to nil before encrypting in ;; mc-remail. ;; * Include "+encrypttoself=off" in PGP command line flags. ;; * Include "+verbose=1" in PGP command line flags (finally). ;; * Hacked mc-rmail-verify-signature to make sure rmailkwd is loaded ;; before message is verified. ;; * (require 'gnus) when compiling. Thanks to Peter Arius ;; ;;}}} ;;{{{ Changes from 2.0: ;; * C-u to mc-encrypt-message now prompts for an ID to use ;; for signing. C-u C-u also prompts for scheme to use. ;; * Signing now uses the From line (pseudonym) to choose key. ;; * Support for multiple secret keys added. Many internal interfaces ;; changed. ;; * autoload remailer support for mc-remail.el and set default keybindings. ;; * mc-pgp-always-sign now has a 'never option. ;; * mc-pgp-encrypt-region returns t on success. ;; * Added mc-vm-snarf-keys, from Joe Reinhardt ;; . ;; * Changed mc-snarf-keys to actually snarf all keys in the buffer instead ;; of just the first one. ;; * In VM, not replacing a message puts the message into its own VM buffer ;; so you can reply to it, forward it, etc. Thanks to Pat Lopresti ;; for the suggestion. ;; * Abort edit mode in VM and RMAIL decrypt functions if no encrypted ;; message was found. ;; * Added version string. ;; * Applied some new patches from stig adding autoloads and minor additions. ;; * Made check for window-system generic, and only for emacs versions > 19. ;; * Added option to mc-sign-message to disable clearsig when signing messages. ;; From Stig . ;; * Fixed extra comma bug when offering default recipients to encrypt for. ;;}}} ;;{{{ Changes from 1.6: ;; * Decrypting a signed message in RMAIL adds a verified tag to the message. ;; * mc-sign-message takes an optional argument specifying which key to use, ;; for people who have multiple private keys. ;; * Added mc-{pre,post}-{de,en}cryption-hooks. ;; * Additions to docstrings of the major functions and `mailcrypt-*' aliases ;; for the same. ;; * Added cleanup for possible temp files left over if a process was ;; interrupted. ;; * Easier installation instructions. ;; * Lots of little bug fixes from all over. Too many to list ;; individual credits, but I've tried to include all of them. Thanks ;; to all who sent them in, especially to John T Kohl who fixed an ;; especially trying problem. ;; * Another optional argument to mc-insert-public-key that allows the ;; user to specify which public key to insert when called with a ;; prefix argument. ;; * Tons of changes from Paul Furnanz : ;; 1) Use the itimer package instead of the timer package if it exists. ;; This makes the password deactivation code work for Lemacs as well ;; as emacs 19. ;; 2) Fractured the code, so that there is a single function to use ;; when calling the encryption program. The new function is ;; mc-process-region. The function copies all data to a temporary ;; buffer, and does the work there. This way if you do an undo after ;; an encryption or signing, your password is not visible on the ;; screen. ;; 3) All process output goes to the *MailCrypt* buffer. No longer use ;; a separate buffer for decryption, encryption, verification, ... ;; This allows the user to always look at the *MailCrypt* buffer to ;; see what pgp or ripem said. ;; 4) No longer call mc-temp-display. Use display-buffer if there is a ;; reason to show the buffer (like an error occured). ;; 5) Try to print more useful messages. ;; 6) If an error occurs on encryption, the message is left unchanged. ;; No reason to undo. ;;}}} ;;{{{ Changes from 1.5: ;; * Changed mc-temp-display to just dump into a temp buffer, without ;; any fancy display stuff. Pick up show-temp.el if you liked the ;; display stuff (or uncomment the old mc-temp-buffer and remove the ;; new version). ;; * Provided a generic read mode function to call in hooks, like the ;; generic write mode function that was already there. ;; * Fixed bug in regexp that prevented compilation under recent ;; versions of FSF emacs. ;; * Narrow to headers when extracting default recipients for encryption ;; to avoid pulling in recipients of included messages. ;; * Use `fillarray' to overwrite passwords with nulls before deactivation ;; for increased security. ;; * Load mail-extr.el to get mail-extract-address-components defined. ;; Thanks to Kevin Rodgers for the following ;; improvements. ;; * Quoted an unquoted lambda expression that prevented optimized ;; compilation under emacs 18. ;; * Used `nconc' instead of `append' in various places to save on ;; garbage collection. ;; * Modified mc-split to run more efficiently. ;;}}} ;;{{{ Changes from 1.4: ;; * Call mail-extract-address-components on the recipients if we guessed ;; them from the header fields. ;; * If you don't replace a message with its decrypted version, it will now ;; pop you into a view buffer with the contents of the message. ;; * Added support for mh-e, contributed by Fritz Knabe ;; * Fixed bug in snarfing keys from menubar under GNUS. ;; * Fixed RIPEM verification problem, thanks to Sergey Gleizer ;; . ;;}}} ;;{{{ Changes from 1.3: ;; * Temp display function does not barf on F-keys or mouse events. ;; Thanks to Jonathan Stigelman ;; * Lucid emacs menu support provided by William Perry ;; * Cited signed messages would interfere with signature ;; verification; fixed. ;;}}} ;;{{{ Changes from 1.2: ;; * Added menu bar support for emacs 19. ;; * Added GNUS support thanks to Samuel Druker . ;;}}} ;;{{{ Changes from 1.1: ;; * Added recipients field to mc-encrypt-message. ;;}}} ;;{{{ Changes from 1.0: ;; * Fixed batchmode bug in decryption, where unsigned messages would return ;; with exit code of 1. ;;}}} ;;{{{ Changes from 0.3b: ;; * Only set PGPPASSFD when needed, so PGP won't break when used ;; in shell mode. ;; * Use call-process-region instead of shell-command-on-region in order ;; to detect exit codes. ;; * Changed mc-temp-display to not use the kill ring. ;; * Bug fixes. ;;}}} ;;{{{ Changes from 0.2b: ;; * Prompts for replacement in mc-rmail-decrypt-message. ;; * Bug fixes. ;;}}} ;;{{{ Changes from 0.1b: ;; * Several bug fixes. ;; Contributed by Jason Merrill : ;; * VM mailreader support ;; * Support for addresses with spaces and <>'s in them ;; * Support for using an explicit path for the pgp executable ;; * Key management functions ;; * The ability to avoid some of the prompts when encrypting ;; * Assumes mc-default-scheme unless prefixed ;;}}} ;;}}} mailcrypt-3.5.9/README000066400000000000000000000030101134617107500144130ustar00rootroot00000000000000Mailcrypt is an Emacs lisp package which provides a simple interface to cryptographic functions with PGP. It was written by Patrick LoPresti (patl@lcs.mit.edu) and Jin Choi (jin@atype.com), updated with some support for PGP 5.0 by Len Budney (lbudney@pobox.com), and updated with support for GnuPG by Brian Warner (warner@lothar.com). The original Mailcrypt is available through the Mailcrypt home page at `http://cag-www.lcs.mit.edu/mailcrypt/'. An FTP mirror is at `ftp://cag.lcs.mit.edu/pub/patl/'. The latest Mailcrypt may be found at `http://mailcrypt.sourceforge.net' or at any sunsite mirror. To install the Mailcrypt package on your system, follow the directions in the file `INSTALL'. To hook Mailcrypt into your mail and news browsers, follow the directions in the "Installation" section of the Mailcrypt manual. If you don't know how to use the Emacs Info browser, you should learn; type `C-h i' and poke around. You can read the Info version of the Mailcrypt manual by doing `C-u C-h i' on the file `mailcrypt.info'. To automatically be informed of improvements to Mailcrypt, add yourself to the (very low volume) Mailcrypt announcement list. Send Email to mc-announce-request@cag.lcs.mit.edu with a request to be added. Send all bug reports and comments to the authors. And most of all, enjoy! - Patrick LoPresti (patl@lcs.mit.edu) and Jin Choi (jin@atype.com) Thu Jun 22 19:58:35 1995 - Len Budney (lbudney@pobox.com) Sat Jan 31 20:05:30 1998 - Brian Warner (warner@lothar.com) Sat May 19 20:55:49 2001 mailcrypt-3.5.9/README.dev000066400000000000000000000052551134617107500152050ustar00rootroot00000000000000Developers' Notes: I've added the beginnings of a unit test framework to MailCrypt. The only thing tested so far is GPG decryption. The armored keyrings and test cases are packaged as part of the distribution tarball, where a 'make check' can unpack them and then use them to run the tests. There are two keyrings: a full set (used to create the test cases), and an 'exported' set which has some of the secret keys removed (to test what happens when you try to decrypt a message that isn't addressed to you). To build MailCrypt from CVS: You will need GNU autoconf. The following sequence will create the distribution tarball. autoconf ./configure make dist To rebuild the unit test keyrings and test cases: Do the following to create the keys: ./configure cd tests/gpg-keys make new-rings (now manually sign the appropriate keys following the hints emitted by the script.. this part hasn't been automated yet) make exported make pack (creates allrings.txt, the armored keyring file. This file is checked into CVS) cd ../.. The test cases are regenerated as part of the development anytime the keys are changed or the testcase generator script is modified. To rebuild them, you will need the Python GnuPGInterface module, available at . After installing it, do the following: cd tests make gpg-testcases (this unpacks allrings.txt, then runs a program which creates the GPG test cases in gpg-testcases/* . These test cases are also checked into CVS) cd .. Making a new release. This is my checklist for making a new official release. During development: ChangeLog gets updated for each CVS checkin. NEWS gets updated with all changes since last release. At release time: build and test, get reports from beta testers, decide to make release mailcrypt.el: bump mc-version mailcrypt.texi: bump VERSION ANNOUNCE gets updated with latest news. Changelog gets note: '* mailcrypt: Release mailcrypt-N.N.N' commit all docs changes cvs tag release-N_N_N make dist copy resulting mailcrypt-N-N-N.tar.gz to tmp dir sign .tar.gz, put in tmp dir take latest portion of NEWS to use as sourceforge Release Notes file, tmpdir take ChangeLog since last release for as sourceforge Changelog file, tmpdir update .lsm file upload .tar.gz, .sig, release notes, changelog to sourceforge download area update http://mailcrypt.sourceforge.net (update 'site' module, login to mailcrypt.sourceforge.net, go to /home/groups/m/ma/mailcrypt/htdocs/ and do a cvs update) announce on sourceforge news announce on mailcrypt-announce@lists.sourceforge.net announce on freshmeat upload to sunsite? (now ibiblio.org) mailcrypt-3.5.9/README.gpg000066400000000000000000000200061134617107500151730ustar00rootroot00000000000000MailCrypt for the Gnu Privacy Guard (GPG) -Brian Warner The GPG support in mailcrypt is at an alpha level and is at least ready for adventurous users to try out. There are a number of known problems, listed below. Please send any and all comments, bug reports, patches, enhancements, etc, to me at . First off, what is GPG? GnuPG (formerly known as "g10") is a GPL'ed replacement for PGP that implements the OpenPGP standard that is slowly making its way through the IETF OpenPGP working group (it may well be a Proposed Standard by now.. check your local RFC mirror). It does not implement any algorithms that cannot be provided under the GPL; that means no RSA (patented/licensed) or IDEA, so in general it does not interoperate with pgp 2.6 . However it should work with pgp 5.0, pgp 6.0 (theoretically), and of course itself, and it has a shared-object-loading plugin mechanism whereby new algorithms can be loaded, so of all the pgpgpgish programs out there it has the best chance of being compatible. GPG is being developed entirely outside the USA because of that silly ITAR nonsense. The GPG home page is at . The mailcrypt support for it (contained mostly in mc-gpg.el) is mostly thoroughly tested against GPG version 1.0.6, so you should use that version or a later one. However, it ought to work fairly well with version 0.9.3 or later. KNOWN PROBLEMS: key fetching: There is no key fetching. I don't know of any GPG keyservers yet. When some become available, I'll add support for them. If you try to verify the signature on a message when you don't have the signator's key, the code will offer to fetch the key for you. If you answer "yes, please fetch that key", you'll just get an error message. the --throw-keyid encryption option is not yet supported (a.k.a. "stealth mode", where the recipients' keyids are not included in the message, and the potential receiver must simply try all of their secret keys to see if any of them works). multiple recipients: not a problem with gpg 0.4.3 or later. In --batch mode, older versions did not properly decrypt messages that were encrypted to multiple recipients, including messages encrypted with the "mc-encrypt-for-me" option. If you can't use a newer version of gpg for decryption, you need to have your correspondents to send you messages that are only encrypted to you. wrapper script not a problem with gpg 0.4.1 or later. Older versions don't handle the "--passphrase-fd 0" option correctly, and need a wrapper script called "gpgwrap.pl". If you can't run a newer version of gpg, get the wrapper script from mailcrypt-3.5b7. SMALLER PROBLEMS: trust: You want to be confident that the keys you encrypt messages to are actually owned by the person named in the key, and not just some random goofball who likes to create and distribute keys with other people's names on them. Think about how you obtained someone's key: did they give it to you in person? Then it's probably the right one. Did they mail it to you? Did you get it by fingering their account? Chances are good that it's valid. Did it come from a keyserver? Anyone could have put it there. Suppose it's signed by someone that you trust to check the key's validity. Should you trust it then? This is the PGP (and GPG) "web of trust", and for more details you should check the pgp 2.6 documentation. Here's what mailcrypt-gpg does with trust: encryption: pass --always-trust in, forcing all keys to be trusted even if you don't have a trust path. This is necessary because without it, untrusted keys are just dropped, and your message won't be readable by all the folks you addressed it to. decryption: report the trust value in the echo area when checking a signature. TRUST_ULTIMATE means the message is signed by one of your own keys. TRUST_FULLY and TRUST_MARGINAL are for keys that you trust via some path that starts with a key that you have signed with one of your private keys. For each public key in your keyring, you can specify (with --edit-key) how much you trust that key to sign other keys. The sum of these trust values along the path from your private key to the signator's key determines the amount of "owner trust" you have in that key and determines the TRUST_ value displayed when checking a signature. TRUST_UNDEFINED means that you do not have a trust path to that key. verify: same as decryption Ideally, if you try to encrypt to an untrusted key, mailcrypt should give you a warning. A future version may do this. key names are passed through the shell enclosed in ""s. If the names have any quotes in them or seriously weird characters ("!" comes to mind) then the shell may have problems. I think the GPG key-generation process may restrict the key names to something reasonable, but other programs (pgp5.0?) might not. there is some debugging code left around. Some temporary buffers may get created but not deleted (names generally start with " *mailcrypt"). Some temporary files (/tmp/mailcrypt-gpg-*) may get left around. mc-gpg.el depends upon /bin/sh to run GPG while redirecting several file descriptors to temp files (to collect three different output streams). If you don't have /bin/sh, it probably won't work. I probably don't have enough (save-excursion ) and (unwind-protect ) clauses. If you run into an error halfway through an operation, or if you hit C-g and abort an operation, you might not be put back in the buffer you started with. Just find your original buffer and hit "undo" if necessary. All mailcrypt operations can be undone with "undo". I've tested a number of cases, but I haven't been able to create test messages for some of them, like signed messages that have been tampered with. (clearsigned messages with tampering are caught, but I don't know how to modify an unclear signed message to invalidate the signature without also damaging the CRC added by the ascii armor). If you know how to create such a message, please send it to me so I can test those cases too. The same goes for the (probably much more difficult) case of encrypted+signed messages that decrypt OK but have bad signatures. REALLY TINY PROBLEMS: mc-gpg-comment works fine, I just disabled it to let GPG insert it's own advertisement. mc-gpg-alternate-keyring might work. It should probably be split up so you can add public and private rings separately. mailcrypt is designed to handle multiple encryption schemes. Decryption is supposed to work by trying each one in order, stopping after one of them succeeds. mc-gpg.el will have two problems with this. One is that my code will probably error out upon failure instead of returning a failure and allowing the top-level scheme loop to try another scheme. The second is that pgp2.6, pgp5.0, and gpg all use the same packet format, so it isn't generally obvious what scheme should be used (unless you look for a version or comment header in the armored message). This is complicated by the fact that they can use each other's keys, to a certain extent. I don't have a good answer for this yet. One is to keep all your keyrings separate. One is to figure out how to use GPG for everything and merge all your keyrings into your GPG keyring. If you manage that one, let me know about it. WILD ENHANCEMENT IDEAS: it would be cool to incorporate some trust status reporting into this code. you give it a keyid and it shows you the best trust path to that key. key management from within emacs: sign keys, edit trust. set algorithm preferences or extra options (--rfc1991) by recipient ID. this might help pgp compatibility tab-completion on keyids, using --list-keys or --list-secret-keys. rfc2015 operation (MIME multipart/encrypted). see SEMI for the pgp version. create a detached signature from the current buffer Share and Enjoy, -Brian Warner mailcrypt-3.5.9/WARNINGS000066400000000000000000000045171134617107500147230ustar00rootroot00000000000000WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! Security Warnings for Mailcrypt As usual, the weakest link in a cryptosystem is how it is used. As far as we know, PGP and GPG are completely unbreakable, even with the full resources of the NSA on your trail. However, there are many other ways for your secrets to be found out--let the user beware. NT Users: Mailcrypt might leak your passphrase! We have reports that Mailcrypt/PGP 5.0 works on NT. We've also had reports that it doesn't work. So far, no volunteers have come forward to make sure it works correctly on NT. One report, though, you should be aware of. One person has tried using Mailcrypt on Windows NT, with poor results. Much later, he looked in a temp directory and FOUND HIS DECRYPTED MESSAGES, WITH HIS PASSPHRASE TUCKED INSIDE. This is certainly no joke. Many workstations carelessly share their whole filesystems across the network. Many are shared by multiple users. Temp directories are usually world-readable. This means that someone might learn your passphrase if you use Mailcrypt carelessly on an NT workstation. Here is what you can do about it: 1. Volunteer to test Mailcrypt on NT, and fix this problem. 2. Try using GPG on NT instead of PGP; there is a good chance this problem is not present with GPG. BUT TEST THIS CAREFULLY BEFORE TRUSTING IT! 3. Only use Mailcrypt on a workstation over which you posess sole physical control. Tightly restrict network file-sharing, and clean your disk often with a secure wiping utility. Other Security Issues Other security issues are standard concerns. * Make sure that nobody can look over your shoulder when you're typing your passphrase. * Do not store decrypted messages in publically accessible places. * Do _securely_ erase any files you won't need again. * Do _not_ run Mailcrypt remotely through a telnet connection; your passphrase will travel across the network/Internet in the clear. If you trust ssh, go ahead and run Mailcrypt over an ssh connection. * Do _not_ store your keyrings on shared machines (including mainframes) if you can help it. Secret keys are encrypted on your keyring, but why tempt fate? Furthermore, storing keyrings on mainframes increases the likelihood that you will end up transmitting your passphrase via telnet. mailcrypt-3.5.9/configure.in000066400000000000000000000024661134617107500160620ustar00rootroot00000000000000dnl Process this file with autoconf to produce a configure script. AC_INIT(mailcrypt.el) AC_PROG_INSTALL() AC_PATH_PROG(INSTALL_INFO, install-info) if test "$INSTALL_INFO x" = " x" then INSTALL_INFO=":" fi AC_SUBST(INSTALL_INFO) AC_PATH_PROG(BASENAME, basename) if test "$BASENAME x" = " x" then AC_MSG_ERROR(Cannot find program "basename" on your patch. Hint: Try setting BASENAME environment variable or fixing your PATH.) fi if test -n "$EMACS" && test "$EMACS" = "t" then unset EMACS fi AC_CHECK_PROGS(EMACS, emacs xemacs,dnl AC_MSG_ERROR('Cannot find emacs in your path. Hint: Try setting EMACS environment variable or fixing your PATH.')) RESULT=`$BASENAME $EMACS` if test "$RESULT" = xemacs then if $EMACS -batch -q --vanilla then EMACSFLAGS="--vanilla" # We're running Xemacs 20.x or higher AC_SUBST(EMACSFLAGS) else EMACSFLAGS="-q -no-site-file" # Still running Xemacs 19.x fi else if test "$RESULT" = emacs then EMACSFLAGS="" AC_SUBST(EMACSFLAGS) fi fi EXTRA_SRCS="" EXTRA_OBJS="" echo -n checking for timer.el... if $EMACS -batch -l timer 2>/dev/null then echo timer.el else echo no. I will install it for you. EXTRA_SRCS="timer.el" AC_SUBST(EXTRA_SRCS) EXTRA_OBJS="timer.elc" AC_SUBST(EXTRA_OBJS) fi AC_OUTPUT(Makefile tests/Makefile tests/remailer/Makefile) mailcrypt-3.5.9/expect.el000066400000000000000000000273131134617107500153610ustar00rootroot00000000000000;;; expect.el --- support for external process communication ;; Copyright (C) 1997 Free Software Foundation, Inc. ;; Author: Lars Magne Ingebrigtsen <[22]lmi@gnus.org> ;; Keywords: extensions, processes ;; This file is soon to be part of GNU Emacs. ;; GNU Emacs is free software; you can redistribute it and/or modify ;; it under the terms of the GNU General Public License as published by ;; the Free Software Foundation; either version 2, or (at your option) ;; any later version. ;; GNU Emacs is distributed in the hope that it will be useful, ;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;; GNU General Public License for more details. ;; You should have received a copy of the GNU General Public License ;; along with GNU Emacs; see the file COPYING. If not, write to the ;; Free Software Foundation, Inc., 59 Temple Place - Suite 330, ;; Boston, MA 02111-1307, USA. ;;; Commentary: ;;; Code: (require 'cl) (require 'timer) (defvar expect-message nil "*If non-nil, report how much data has arrived in the process buffer. This variable is buffer-local to all Expect buffers, and should be set inside @code{with-expect} forms.") (defvar expect-start nil "If a number, start the Expect searches from that point. If not, start searches from `(point-min)'. This variable is typically `let' to t before calling `with-expect' when waiting for output from a process that is already started and may have output data.") (defvar expect-timeout 10 "The number of seconds to wait before an Expect timeout element is triggered. ") ;;; Internal variables. (defvar expect-processes nil) (defvar expect-asynchronous nil) (defvar expect-process nil) ; Dynamic variable (defvar expect-current-info nil) ; Dynamic variable ;;; Utility macros. (defun expect-make-info (process message point) (list process message point nil nil)) (defmacro expect-info-process (info) `(nth 0 ,info)) (defmacro expect-info-message (info) `(nth 1 ,info)) (defmacro expect-info-point (info) `(nth 2 ,info)) (defmacro expect-info-set-point (info point) `(setcar (nthcdr 2 ,info) ,point)) (defmacro expect-info-sentinels (info) `(nth 3 ,info)) (defmacro expect-info-set-sentinels (info sentinels) `(setcar (nthcdr 3 ,info) ,sentinels)) (defmacro expect-info-timer (info) `(nth 4 ,info)) (defmacro expect-info-set-timer (info timer) `(setcar (nthcdr 4 ,info) ,timer)) (defmacro expect-info-queries (info) `(nthcdr 5 ,info)) (defmacro expect-info-set-queries (info queries) `(setcdr (nthcdr 4 ,info) ,queries)) (defmacro expect-find-info (process) `(assoc ,process expect-processes)) ;;; Interface macros. ;;;###autoload (defmacro with-expect (program &rest forms) "Set things up for communication with PROGRAM. FORMS will be evaluated in the normal manner. To talk to the process, use `expect' and `expect-send'. See the manual for full documentation. This macro returns nil. If PROGRAM is a string, start that program. If PROGRAM is a list, use the first element of that list as the program and the remainder as the parameters. If PROGRAM is a process, talk to that process. PROGRAM will be started up in a new, fresh temporary buffer. The buffer will be killed upon completion. If PROGRAM is a process, a new buffer won't be created, and the buffer won't be killed upon completion." (let ((buf (make-symbol "buf")) (point (make-symbol "point"))) `(save-excursion (let ((,buf (generate-new-buffer " *expect*")) (,point (point)) expect-process expect-current-info) (set-buffer ,buf) (unless (setq expect-process (expect-start-process ,program)) (error "Can't start program")) (expect-setup ,point) ,@forms (unless (expect-info-sentinels expect-current-info) (expect t)) nil)))) (defun expect-start-process (program) (cond ((stringp program) (start-process "expect" (current-buffer) program)) ((consp program) (apply 'start-process "expect" (current-buffer) (car program) (cdr program))) ((processp program) program) (t (error "Illegal process spec")))) (defmacro with-expect-asynchronous (program &rest forms) "Set things up for asynchronous communication with PROGRAM. This macro behaves like `with-expect', only that `expect' calls contained in FORMS will be evaluated asyncronously. See the documentation of the `with-expect' macro for documentation." `(let ((expect-asynchronous t)) (with-expect ,program ,@forms))) (defmacro expect (regexp &rest forms) "Execute FORMS when REGEXP has arrived in the buffer." `(expect-1 ,regexp #'(lambda () ,@forms))) (defmacro expect-cond (&rest clauses) "Try each clause until one succeeds. Each clause looks like (CONDITION BODY). CONDITION should be a regular expression to wait for, or a process status symbol. If CONDITION is satisfied (i. e., the data has arrived or the process has entered the specified status), BODY will be executed." (let (result) (while clauses (push (if (stringp (caar clauses)) (caar clauses) (list 'quote (caar clauses))) result) (push (car `(#'(lambda () ,@(cdar clauses)))) result) (pop clauses)) `(expect-1 ,@(nreverse result)))) (defmacro expect-exit (&rest forms) "Execute FORMS when the process has exited." `(expect-exit-1 #'(lambda () ,@forms))) ;;; User utility functions. (defmacro expect-send (string) "Send STRING to the current buffer's process." `(process-send-string expect-process ,string)) ;;; Internal functions. (defun expect-setup (&optional point) "Initialize Expect data, filter and sentinel." (setq expect-current-info (expect-make-info expect-process expect-message (or point expect-start (point-min)))) (push expect-current-info expect-processes) (set-process-filter expect-process 'expect-filter) (set-process-sentinel expect-process 'expect-sentinel) (set-buffer (process-buffer expect-process))) (defun expect-shutdown (process) "Remove Expect infestation of PROCESS." (setq expect-processes (delq (expect-find-info process) expect-processes)) (set-process-filter process nil) (set-process-sentinel process nil)) (defun expect-kill (process) "Kill PROCESS and its buffer." (let ((buffer (process-buffer process))) (when (buffer-name buffer) (kill-buffer buffer)) (expect-shutdown process) (delete-process process))) (defun expect-wait () "Wait until the current outstanding command has been performed." (let ((info (expect-find-info expect-process))) (expect-setup-timer info) (while (and (car (expect-info-queries (expect-find-info expect-process))) (memq (process-status expect-process) '(open run))) (accept-process-output expect-process 1)) (expect-cancel-timer info)) ;; We return nil. nil) (defun expect-1 (&rest clauses) (let (entry entries timeout) (unless expect-process (error "No expect in this buffer")) ;; Add this clause to the list of things to be executed. (while clauses (if (eq (car clauses) 'timeout) (setq timeout (cadr clauses) clauses (cddr clauses)) (push (list (pop clauses) (pop clauses)) entries))) (when timeout (expect-info-set-timer expect-current-info (list nil expect-timeout timeout))) (nconc expect-current-info (list (nreverse entries))) ;; We see whether we have to wait for the command to complete ;; or not. (if expect-asynchronous nil (expect-wait)))) (defun expect-exit-1 (function) (unless expect-process (error "No expect in this buffer")) (let ((info (expect-find-info expect-process))) (expect-info-set-sentinels info (nconc (expect-info-sentinels info) (list function)))) ;; We return nil. nil) (defun expect-filter (process string) "Controlling Expect function run as a process filter." (let ((old-buffer (current-buffer)) (expect-process process)) (unwind-protect (let (moving) (set-buffer (process-buffer process)) (setq moving (= (point) (process-mark process))) (save-excursion ;; Insert the text, moving the process-marker. (goto-char (process-mark process)) (insert string) (set-marker (process-mark process) (point)) ;; Do Expect things. (expect-find-event process)) (when (memq (process-status process) '(open run)) (if moving (goto-char (process-mark process))))) (when (buffer-name old-buffer) (set-buffer old-buffer))))) (defun expect-sentinel (process status) "Controlling Expect sentinel." ;; Perhaps we're waiting for one of the process events? (when (memq (process-status process) '(open run)) (expect-find-event process)) ;; We do `expect-exit' calls. (when (eq 'exit (process-status process)) (save-excursion (let ((expect-process process)) (when (and (process-buffer process) (buffer-name (process-buffer process))) (set-buffer (process-buffer process)) (let ((sentinels (expect-info-sentinels (expect-find-info process)))) (while sentinels (save-excursion (funcall (pop sentinels)))) (expect-shutdown process))))))) (defun expect-find-event (process) "Find (and execute) the next event." (let* ((info (expect-find-info process)) (point (expect-info-point info)) (queries (expect-info-queries info)) (clause (car queries)) cond) (expect-setup-timer info) (when (expect-info-message info) (message "Expect received %d bytes" (point-max))) (when clause (if (eq (caar clause) t) ;; We have handled all queries and want to die. (expect-kill process) (when (> (point-max) point) (goto-char point) (while clause (setq cond (caar clause)) (when (cond ;; Regexp ((stringp cond) (re-search-forward (caar clause) nil t)) ;; Fall-through ((eq t cond) t) ;; Process state ((memq cond '(exit run stop signal open closed)) (eq cond (process-status process))) (t (error "Illegal condition: %s" cond))) (expect-cancel-timer info) (expect-info-set-point info (point)) (expect-info-set-queries info (cdr queries)) (save-excursion (funcall (cadar clause))) (setq clause nil) ;; More than one event may have arrived, so we try again. (when (memq (process-status process) '(open run)) (expect-find-event process))) (setq clause (cdr clause)))))))) (defun expect-setup-timer (info) (let ((timer (expect-info-timer info))) (when timer (expect-cancel-timer info) (setcar timer (run-at-time (cadr timer) nil (caddr timer)))))) (defun expect-cancel-timer (info) (when (car (expect-info-timer info)) (ignore-errors (cancel-timer (car (expect-info-timer info)))))) ;;; Indentation and edebug specs. (put 'expect 'lisp-indent-function 1) (put 'expect 'edebug-form-spec '(form body)) (put 'expect-exit 'lisp-indent-function 0) (put 'expect-exit 'edebug-form-spec '(body)) (put 'with-expect 'lisp-indent-function 1) (put 'with-expect 'edebug-form-spec '(form body)) (put 'with-expect-asynchronous 'lisp-indent-function 1) (put 'with-expect-asynchronous 'edebug-form-spec '(form body)) (provide 'expect) ;;; expect.el ends here mailcrypt-3.5.9/install-sh000077500000000000000000000112341134617107500155460ustar00rootroot00000000000000#! /bin/sh # # install - install a program, script, or datafile # This comes from X11R5. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. # # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit="${DOITPROG-}" # put in absolute paths if you don't have them in your path; or use env. vars. mvprog="${MVPROG-mv}" cpprog="${CPPROG-cp}" chmodprog="${CHMODPROG-chmod}" chownprog="${CHOWNPROG-chown}" chgrpprog="${CHGRPPROG-chgrp}" stripprog="${STRIPPROG-strip}" rmprog="${RMPROG-rm}" mkdirprog="${MKDIRPROG-mkdir}" tranformbasename="" transform_arg="" instcmd="$mvprog" chmodcmd="$chmodprog 0755" chowncmd="" chgrpcmd="" stripcmd="" rmcmd="$rmprog -f" mvcmd="$mvprog" src="" dst="" dir_arg="" while [ x"$1" != x ]; do case $1 in -c) instcmd="$cpprog" shift continue;; -d) dir_arg=true shift continue;; -m) chmodcmd="$chmodprog $2" shift shift continue;; -o) chowncmd="$chownprog $2" shift shift continue;; -g) chgrpcmd="$chgrpprog $2" shift shift continue;; -s) stripcmd="$stripprog" shift continue;; -t=*) transformarg=`echo $1 | sed 's/-t=//'` shift continue;; -b=*) transformbasename=`echo $1 | sed 's/-b=//'` shift continue;; *) if [ x"$src" = x ] then src=$1 else # this colon is to work around a 386BSD /bin/sh bug : dst=$1 fi shift continue;; esac done if [ x"$src" = x ] then echo "install: no input file specified" exit 1 else true fi if [ x"$dir_arg" != x ]; then dst=$src src="" if [ -d $dst ]; then instcmd=: else instcmd=mkdir fi else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f $src -o -d $src ] then true else echo "install: $src does not exist" exit 1 fi if [ x"$dst" = x ] then echo "install: no destination specified" exit 1 else true fi # If destination is a directory, append the input filename; if your system # does not like double slashes in filenames, you may need to add some logic if [ -d $dst ] then dst="$dst"/`basename $src` else true fi fi ## this sed command emulates the dirname command dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` # Make sure that the destination directory exists. # this part is taken from Noah Friedman's mkinstalldirs script # Skip lots of stat calls in the usual case. if [ ! -d "$dstdir" ]; then defaultIFS=' ' IFS="${IFS-${defaultIFS}}" oIFS="${IFS}" # Some sh's can't handle IFS=/ for some reason. IFS='%' set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` IFS="${oIFS}" pathcomp='' while [ $# -ne 0 ] ; do pathcomp="${pathcomp}${1}" shift if [ ! -d "${pathcomp}" ] ; then $mkdirprog "${pathcomp}" else true fi pathcomp="${pathcomp}/" done fi if [ x"$dir_arg" != x ] then $doit $instcmd $dst && if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi else # If we're going to rename the final executable, determine the name now. if [ x"$transformarg" = x ] then dstfile=`basename $dst` else dstfile=`basename $dst $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename if [ x"$dstfile" = x ] then dstfile=`basename $dst` else true fi # Make a temp file name in the proper directory. dsttmp=$dstdir/#inst.$$# # Move or copy the file name to the temp name $doit $instcmd $src $dsttmp && trap "rm -f ${dsttmp}" 0 && # and set any options; do chmod last to preserve setuid bits # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $instcmd $src $dsttmp" command. if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && # Now rename the file to the real destination. $doit $rmcmd -f $dstdir/$dstfile && $doit $mvcmd $dsttmp $dstdir/$dstfile fi && exit 0 mailcrypt-3.5.9/load-path.hack000066400000000000000000000011661134617107500162460ustar00rootroot00000000000000;; Uncomment the following line and edit it appropriately if ;; your installation of VM, RMAIL, MH-E, or GNUS is not in ;; the default load-path. ;; (setq load-path (cons "/users/patl/elisp" load-path)) ;; This insures that (require 'mailcrypt) will work correctly while ;; byte-compiling. (setq load-path (cons nil load-path)) ;; Make sure user is (if (and (not (string-match "^19\\." emacs-version)) (not (string-match "^2[0-9]\\." emacs-version))) (message (concat "\nWARNING - Mailcrypt requires at least version 19 of GNU Emacs.\n" "Your version is:\n" (emacs-version) "\n"))) mailcrypt-3.5.9/mailcrypt.el000066400000000000000000000507651134617107500161040ustar00rootroot00000000000000;; mailcrypt.el v3.5.9, mail encryption with PGP ;; Copyright (C) 1995 Jin Choi ;; Patrick LoPresti ;; (C) 1998 Len Budney ;; (C) 2001 Brian Warner ;; Any comments or suggestions welcome. ;; Inspired by pgp.el, by Gray Watson . ;;{{{ Licensing ;; This file is intended to be used with GNU Emacs. ;; This program is free software; you can redistribute it and/or modify ;; it under the terms of the GNU General Public License as published by ;; the Free Software Foundation; either version 2, or (at your option) ;; any later version. ;; This program is distributed in the hope that it will be useful, ;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;; GNU General Public License for more details. ;; You should have received a copy of the GNU General Public License ;; along with GNU Emacs; see the file COPYING. If not, write to ;; the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. ;;}}} ;;{{{ Load some required packages (eval-when-compile ;; Quiet warnings (autoload 'start-itimer "itimer") (autoload 'cancel-itimer "itimer") (autoload 'delete-itimer "itimer")) (require 'easymenu) (require 'comint) (require 'rfc822) (eval-and-compile (condition-case nil (require 'itimer) (error nil)) (if (not (featurep 'itimer)) (condition-case nil (require 'timer) (error nil))) (if (not (fboundp 'buffer-substring-no-properties)) (fset 'buffer-substring-no-properties 'buffer-substring))) (defconst mc-xemacs-p (string-match "XEmacs" emacs-version)) (autoload 'mc-decrypt "mc-toplev" nil t) (autoload 'mc-verify "mc-toplev" nil t) (autoload 'mc-snarf "mc-toplev" nil t) (autoload 'mc-fetch-key "mc-toplev" nil t) (autoload 'mc-encrypt "mc-toplev" nil t) (autoload 'mc-sign "mc-toplev" nil t) (autoload 'mc-insert-public-key "mc-toplev" nil t) (autoload 'mc-remail "mc-toplev" nil t) (autoload 'mc-remailer-encrypt-for-chain "mc-remail" nil t) (autoload 'mc-remailer-insert-response-block "mc-remail" nil t) (autoload 'mc-remailer-insert-pseudonym "mc-remail" nil t) (autoload 'mc-setversion "mc-setversion" nil t) ;;}}} ;;{{{ Minor mode variables and functions (defvar mc-pgp-always-sign nil "*If t, always sign encrypted PGP messages, or never sign if 'never.") (defvar mc-read-mode nil "Non-nil means Mailcrypt read mode key bindings are available.") (defvar mc-write-mode nil "Non-nil means Mailcrypt write mode key bindings are available.") (make-variable-buffer-local 'mc-read-mode) (make-variable-buffer-local 'mc-write-mode) (defvar mc-read-mode-string " MC-r" "*String to put in mode line when Mailcrypt read mode is active.") (defvar mc-write-mode-string " MC-w" "*String to put in mode line when Mailcrypt write mode is active.") (defvar mc-read-mode-map nil "Keymap for Mailcrypt read mode bindings.") (defvar mc-write-mode-map nil "Keymap for Mailcrypt write mode bindings.") (or mc-read-mode-map (progn (setq mc-read-mode-map (make-sparse-keymap)) (define-key mc-read-mode-map "\C-c/f" 'mc-deactivate-passwd) (define-key mc-read-mode-map "\C-c/d" 'mc-decrypt) (define-key mc-read-mode-map "\C-c/v" 'mc-verify) (define-key mc-read-mode-map "\C-c/a" 'mc-snarf) (define-key mc-read-mode-map "\C-c/k" 'mc-fetch-key))) (or mc-write-mode-map (progn (setq mc-write-mode-map (make-sparse-keymap)) (define-key mc-write-mode-map "\C-c/f" 'mc-deactivate-passwd) (define-key mc-write-mode-map "\C-c/e" 'mc-encrypt) (define-key mc-write-mode-map "\C-c/s" 'mc-sign) (define-key mc-write-mode-map "\C-c/x" 'mc-insert-public-key) (define-key mc-write-mode-map "\C-c/k" 'mc-fetch-key) (define-key mc-write-mode-map "\C-c/r" 'mc-remail) (define-key mc-write-mode-map "\C-c/b" 'mc-remailer-insert-response-block) (define-key mc-write-mode-map "\C-c/p" 'mc-remailer-insert-pseudonym))) (easy-menu-define mc-read-mode-menu (if mc-xemacs-p nil (list mc-read-mode-map)) "Mailcrypt read mode menu." '("Mailcrypt" ["Decrypt Message" mc-decrypt t] ["Verify Signature" mc-verify t] ["Snarf Keys" mc-snarf t] ["Fetch Key" mc-fetch-key t] ["Forget Passphrase(s)" mc-deactivate-passwd t])) (easy-menu-define mc-write-mode-menu (if mc-xemacs-p nil (list mc-write-mode-map)) "Mailcrypt write mode menu." '("Mailcrypt" ["Encrypt Message" mc-encrypt t] ["Sign Message" mc-sign t] ["Insert Public Key" mc-insert-public-key t] ["Fetch Key" mc-fetch-key t] ["Encrypt for Remailer(s)" mc-remail t] ["Insert Pseudonym" mc-remailer-insert-pseudonym t] ["Insert Response Block" mc-remailer-insert-response-block t] ["Forget Passphrase(s)" mc-deactivate-passwd t])) (or (assq 'mc-read-mode minor-mode-map-alist) (setq minor-mode-map-alist (cons (cons 'mc-read-mode mc-read-mode-map) minor-mode-map-alist))) (or (assq 'mc-write-mode minor-mode-map-alist) (setq minor-mode-map-alist (cons (cons 'mc-write-mode mc-write-mode-map) minor-mode-map-alist))) (or (assq 'mc-read-mode minor-mode-alist) (setq minor-mode-alist (cons '(mc-read-mode mc-read-mode-string) minor-mode-alist))) (or (assq 'mc-write-mode minor-mode-alist) (setq minor-mode-alist (cons '(mc-write-mode mc-write-mode-string) minor-mode-alist))) ;;;###autoload (defun mc-read-mode (&optional arg) "\nMinor mode for interfacing with cryptographic functions. \\ \\[mc-decrypt]\t\tDecrypt an encrypted message \\[mc-verify]\t\tVerify signature on a clearsigned message \\[mc-snarf]\t\tAdd public key(s) to keyring \\[mc-fetch-key]\t\tFetch a PGP key via finger or HTTP \\[mc-deactivate-passwd]\t\tForget passphrase(s)\n" (interactive) (setq mc-read-mode (if (null arg) (not mc-read-mode) (> (prefix-numeric-value arg) 0))) (and mc-read-mode mc-write-mode (mc-write-mode nil)) (if mc-read-mode (easy-menu-add mc-read-mode-menu) (easy-menu-remove mc-read-mode-menu))) (defun mc-write-mode (&optional arg) "\nMinor mode for interfacing with cryptographic functions. \\ \\[mc-encrypt]\t\tEncrypt (and optionally sign) message \\[mc-sign]\t\tClearsign message \\[mc-insert-public-key]\t\tExtract public key from keyring and insert into message \\[mc-fetch-key]\t\tFetch a PGP key via finger or HTTP \\[mc-remail]\t\tEncrypt message for remailing \\[mc-remailer-insert-pseudonym]\t\tInsert a pseudonym (for remailing) \\[mc-remailer-insert-response-block]\t\tInsert a response block (for remailing) \\[mc-deactivate-passwd]\t\tForget passphrase(s)\n" (interactive) (setq mc-write-mode (if (null arg) (not mc-write-mode) (> (prefix-numeric-value arg) 0))) (and mc-write-mode mc-read-mode (mc-read-mode nil)) (if mc-write-mode (easy-menu-add mc-write-mode-menu) (easy-menu-remove mc-write-mode-menu))) ;;;###autoload (defun mc-install-read-mode () (interactive) (mc-read-mode 1)) ;;;###autoload (defun mc-install-write-mode () (interactive) (mc-write-mode 1)) ;;}}} ;;{{{ Note: ;; The funny triple braces you see are used by `folding-mode', a minor ;; mode by Jamie Lokier, available from the elisp archive. ;;}}} ;;{{{ User variables. (defconst mc-version "3.5.9") (defvar mc-temp-directory (cond ((fboundp 'temp-directory) (temp-directory)) ((boundp 'temporary-file-directory) temporary-file-directory) ("/tmp/")) "*Default temp directory to be used by Mailcrypt.") (defvar mc-default-scheme 'mc-scheme-pgp "*Specifies the encryption scheme for Mailcrypt to use. Defaults to pgp 2.6 for backward compatibility.") (defvar mc-default-remailer-scheme 'mc-remailer-scheme-type1 "*Specifies the remailer scheme to use. Defaults to Type-1 for backward compatibility.") (defvar mc-passwd-timeout 60 "*Time to deactivate password in seconds after a use. nil or 0 means deactivate immediately. If the only timer package available is the 'timer' package, then this can be a string in timer format.") (defvar mc-ripem-user-id (or (getenv "RIPEM_USER_NAME") (user-full-name) "*Your RIPEM user ID.")) (defvar mc-always-replace nil "*If t, decrypt mail messages in place without prompting. If 'never, always use a viewer instead of replacing.") (defvar mc-use-default-recipients nil "*Assume that the message should be encoded for everyone listed in the To, Cc, and Bcc fields.") (defvar mc-encrypt-for-me nil "*Encrypt all outgoing messages with user's public key.") (defvar mc-pre-signature-hook nil "*List of hook functions to run immediately before signing.") (defvar mc-post-signature-hook nil "*List of hook functions to run immediately after signing.") (defvar mc-pre-encryption-hook nil "*List of hook functions to run immediately before encrypting.") (defvar mc-post-encryption-hook nil "*List of hook functions to run after encrypting.") (defvar mc-pre-decryption-hook nil "*List of hook functions to run immediately before decrypting.") (defvar mc-post-decryption-hook nil "*List of hook functions to run after decrypting.") (defconst mc-buffer-name "*MailCrypt*" "Name of temporary buffer for mailcrypt") (defvar mc-modes-alist '((rmail-mode (decrypt . mc-rmail-decrypt-message) (verify . mc-rmail-verify-signature)) (rmail-summary-mode (decrypt . mc-rmail-summary-decrypt-message) (verify . mc-rmail-summary-verify-signature) (snarf . mc-rmail-summary-snarf-keys)) (mew-draft-mode (encrypt . mc-encrypt-message) (remailer-encrypt . mc-remail-message) (sign . mc-sign-message)) (mew-message-mode (decrypt . mc-mew-decrypt-message)) (mew-summary-mode (decrypt . mc-mew-summary-decrypt-message) (verify . mc-mew-summary-verify-signature) (snarf . mc-mew-summary-snarf-keys)) (vm-mode (decrypt . mc-vm-decrypt-message) (verify . mc-vm-verify-signature) (snarf . mc-vm-snarf-keys)) (vm-virtual-mode (decrypt . mc-vm-decrypt-message) (verify . mc-vm-verify-signature) (snarf . mc-vm-snarf-keys)) (vm-summary-mode (decrypt . mc-vm-decrypt-message) (verify . mc-vm-verify-signature) (snarf . mc-vm-snarf-keys)) (mh-folder-mode (decrypt . mc-mh-decrypt-message) (verify . mc-mh-verify-signature) (snarf . mc-mh-snarf-keys)) (message-mode (encrypt . mc-encrypt-message) (remailer-encrypt . mc-remail-message) (sign . mc-sign-message)) (gnus-summary-mode (decrypt . mc-gnus-decrypt-message) (verify . mc-gnus-verify-signature) (snarf . mc-gnus-snarf-keys)) (gnus-article-mode (decrypt . mc-gnus-decrypt-message) (verify . mc-gnus-verify-signature) (snarf . mc-gnus-snarf-keys)) (mail-mode (encrypt . mc-encrypt-message) (remailer-encrypt . mc-remail-message) (sign . mc-sign-message)) (vm-mail-mode (encrypt . mc-encrypt-message) (remailer-encrypt . mc-remail-message) (sign . mc-sign-message)) (mh-letter-mode (encrypt . mc-encrypt-message) (remailer-encrypt . mc-remail-message) (sign . mc-sign-message)) (news-reply-mode (encrypt . mc-encrypt-message) (remailer-encrypt . mc-remail-message) (sign . mc-sign-message)) ;; wanderlust: http://www.gohome.org/wl/ ;; or perhaps http://www.lab3.kuis.kyoto-u.ac.jp/~tsumura/emacs/wl.html (wl-draft-mode (encrypt . mc-encrypt-message) (remailer-encrypt . mc-remail-message) (sign . mc-sign-message)) ) "Association list (indexed by major mode) of association lists (indexed by operation) of functions to call for each major mode.") ;;}}} ;;{{{ Program variables and constants. (defvar mc-timer nil "Timer object for password deactivation.") (defvar mc-passwd-cache nil "Cache for passphrases.") (defvar mc-schemes '(("pgp50" . mc-scheme-pgp50) ("pgp65" . mc-scheme-pgp65) ("pgp" . mc-scheme-pgp) ("gpg" . mc-scheme-gpg) )) (defvar mc-remailer-schemes '(("type1" . mc-remailer-scheme-type1) ("mixmaster" . mc-remailer-scheme-mixmaster) ("mixminion" . mc-remailer-scheme-mixminion) )) ;;}}} ;;{{{ Utility functions. (defun mc-message-delimiter-positions (start-re end-re &optional begin) ;; Returns pair of integers (START . END) that delimit message marked off ;; by the regular expressions start-re and end-re. Optional argument BEGIN ;; determines where we should start looking from. (setq begin (or begin (point-min))) (let (start) (save-excursion (goto-char begin) (and (re-search-forward start-re nil t) (setq start (match-beginning 0)) (re-search-forward end-re nil t) (cons start (point)))))) (defun mc-split (regexp str) "Splits STR into a list of elements which were separated by REGEXP, stripping initial and trailing whitespace." (let ((data (match-data)) (retval '()) beg end) (unwind-protect (progn (string-match "[ \t\n]*" str) ; Will always match at 0 (setq beg (match-end 0)) (setq end (string-match "[ \t\n]*\\'" str)) (while (string-match regexp str beg) (setq retval (cons (substring str beg (match-beginning 0)) retval)) (setq beg (match-end 0))) (if (not (= (length str) beg)) ; Not end (setq retval (cons (substring str beg end) retval))) (nreverse retval)) (store-match-data data)))) ;;; FIXME - Function never called? ;(defun mc-temp-display (beg end &optional name) ; (let (tmp) ; (if (not name) ; (setq name mc-buffer-name)) ; (if (string-match name "*ERROR*") ; (progn ; (message "mailcrypt: An error occured! See *ERROR* buffer.") ; (beep))) ; (setq tmp (buffer-substring beg end)) ; (delete-region beg end) ; (save-excursion ; (save-window-excursion ; (with-output-to-temp-buffer name ; (princ tmp)))))) ;; In case I ever decide to do this right. ;; LRB - Thanks Pat! This helped a lot in updating mixmaster support. ;; mc-field-name-regexp now catches precisely those email headers ;; which are RFC-822 compliant. (defconst mc-field-name-regexp (concat "^\\([" (char-to-string 33) "-" (char-to-string 57) (char-to-string 59) "-" (char-to-string 126) "]*\\)")) (defconst mc-field-body-regexp "\\(.*\\(\n[ \t].*\\)*\n\\)") (defun mc-get-fields (&optional matching bounds nuke) "Get all header fields within BOUNDS. Return as an alist ((FIELD-NAME . FIELD-BODY) (FIELD-NAME . FIELD-BODY) ...). Argument MATCHING, if present, is a regexp which each FIELD-NAME must match exactly. Matching is case-insensitive. Optional arg NUKE, if non-nil, means eliminate all fields returned." (save-excursion (save-restriction (let ((case-fold-search t) (header-field-regexp (concat mc-field-name-regexp ":" mc-field-body-regexp)) ret name body field-start field-end) ;; Ensure exact match (if matching (setq matching (concat "^\\(" matching "\\)$"))) (if bounds (narrow-to-region (car bounds) (cdr bounds))) (goto-char (point-max)) (while (re-search-backward header-field-regexp nil 'move) (setq field-start (match-beginning 0)) (setq field-end (match-end 0)) (setq name (buffer-substring-no-properties (match-beginning 1) (match-end 1))) (setq body (buffer-substring-no-properties (match-beginning 2) (match-end 2))) (if (or (null matching) (string-match matching name)) (progn (setq ret (cons (cons name body) ret)) (if nuke (delete-region field-start field-end))))) ret)))) (defsubst mc-strip-address (addr) "Strip everything from ADDR except the basic Email address." (car (rfc822-addresses addr))) (defun mc-strip-addresses (addr-list) "Strip everything from the addresses in ADDR-LIST except the basic Email address. ADDR-LIST may be a single string or a list of strings." (if (not (listp addr-list)) (setq addr-list (list addr-list))) (setq addr-list (mapcar (function (lambda (s) (rfc822-addresses s))) addr-list)) (setq addr-list (apply 'append addr-list)) (mapconcat 'mc-strip-address addr-list ", ")) (defun mc-display-buffer (buffer) "Like display-buffer, but always display top of the buffer." (save-excursion (set-buffer buffer) (goto-char (point-min)) (display-buffer buffer))) (defun mc-message (msg &optional buffer default) ;; returns t if we used msg, nil if we used default (let ((retval t)) (if buffer (setq msg (save-excursion (set-buffer buffer) (goto-char (point-min)) (if (re-search-forward msg nil t) (buffer-substring-no-properties (match-beginning 0) (match-end 0)) (setq retval nil) default)))) (if msg (message-or-box "%s" msg)) retval)) (defun mc-message-sigstatus (msg &optional attention) "Emit a signature status line. If ATTENTION is non-nil, be noisy about it." ;; this function exists to be overridden by the unit tests (if attention (ding)) (message-or-box "%s" msg) ) (defun mc-process-region (beg end passwd program args parser &optional buffer) (let ((obuf (current-buffer)) (process-connection-type nil) mybuf result rgn proc) (unwind-protect (progn (setq mybuf (or buffer (generate-new-buffer " *mailcrypt temp"))) (set-buffer mybuf) (erase-buffer) (set-buffer obuf) (buffer-disable-undo mybuf) (setq proc (apply 'start-process "*PGP*" mybuf program args)) (if passwd (progn (process-send-string proc (concat passwd "\n")) (or mc-passwd-timeout (mc-deactivate-passwd t)))) (process-send-region proc beg end) (process-send-eof proc) (while (eq 'run (process-status proc)) (accept-process-output proc 5)) (setq result (process-exit-status proc)) ;; Hack to force a status_notify() in Emacs 19.29 (delete-process proc) (set-buffer mybuf) (goto-char (point-max)) (if (re-search-backward "\nProcess \\*PGP.*\n\\'" nil t) (delete-region (match-beginning 0) (match-end 0))) (goto-char (point-min)) ;; CRNL -> NL (while (search-forward "\r\n" nil t) (replace-match "\n")) ;; Hurm. FIXME; must get better result codes. (if (stringp result) (error "%s exited abnormally: '%s'" program result) (setq rgn (funcall parser result)) ;; If the parser found something, migrate it (if (consp rgn) (progn (set-buffer obuf) (delete-region beg end) (goto-char beg) (insert-buffer-substring mybuf (car rgn) (cdr rgn)) (set-buffer mybuf) (delete-region (car rgn) (cdr rgn))))) ;; Return nil on failure and exit code on success (if rgn result)) ;; Cleanup even on nonlocal exit (if (and proc (eq 'run (process-status proc))) (interrupt-process proc)) (set-buffer obuf) (or buffer (null mybuf) (kill-buffer mybuf))))) ;;}}} ;;{{{ Passphrase management (defun mc-activate-passwd (id &optional prompt) "Activate the passphrase matching ID, using PROMPT for a prompt. Return the passphrase. If PROMPT is nil, only return value if cached." (cond ((featurep 'itimer) (if mc-timer (delete-itimer mc-timer)) (setq mc-timer (if mc-passwd-timeout (start-itimer "mc-itimer" 'mc-deactivate-passwd mc-passwd-timeout) nil))) ((featurep 'timer) (let ((string-time (if (integerp mc-passwd-timeout) (format "%d sec" mc-passwd-timeout) mc-passwd-timeout))) (if mc-timer (cancel-timer mc-timer)) (setq mc-timer (if string-time (run-at-time string-time nil 'mc-deactivate-passwd) nil))))) (let ((cell (assoc id mc-passwd-cache)) passwd) (setq passwd (cdr-safe cell)) (if (and (not passwd) prompt) (setq passwd (comint-read-noecho prompt))) (if cell (setcdr cell passwd) (setq mc-passwd-cache (cons (cons id passwd) mc-passwd-cache))) passwd)) ;;;###autoload (defun mc-deactivate-passwd (&optional inhibit-message) "*Deactivate the passphrase cache." (interactive) (if mc-timer (cond ((featurep 'itimer) (delete-itimer mc-timer)) ((featurep 'timer) (cancel-timer mc-timer)))) (mapcar (function (lambda (cell) (if (stringp (cdr-safe cell)) (fillarray (cdr cell) 0)) (setcdr cell nil))) mc-passwd-cache) (or inhibit-message (not (interactive-p)) (message "Passphrase%s deactivated" (if (> (length mc-passwd-cache) 1) "s" "")))) ;;}}} ;;{{{ Define several aliases so that an apropos on `mailcrypt' will ;; return something. (defalias 'mailcrypt-encrypt 'mc-encrypt) (defalias 'mailcrypt-decrypt 'mc-decrypt) (defalias 'mailcrypt-sign 'mc-sign) (defalias 'mailcrypt-verify 'mc-verify) (defalias 'mailcrypt-insert-public-key 'mc-insert-public-key) (defalias 'mailcrypt-snarf 'mc-snarf) ;;}}} (provide 'mailcrypt) mailcrypt-3.5.9/mailcrypt.texi000066400000000000000000002364161134617107500164540ustar00rootroot00000000000000\input texinfo @c -*-Texinfo-*- @c tighten default spacing @c @parskip 5pt plus 1 pt @c @secheadingskip 10pt plus 6pt minus 3pt @c @subsecheadingskip 8pt plus 6pt minus 3pt @c @singlespace @c %**start of header @setfilename mailcrypt.info @settitle @value{TITLE} @setchapternewpage off @c Entries for @command{install-info} to use @dircategory Emacs @direntry * Mailcrypt: (mailcrypt). An Emacs/PGP interface. @end direntry @c %**end of header @syncodeindex ky cp @syncodeindex vr cp @syncodeindex fn cp @set TITLE Mailcrypt @set VERSION 3.5.9 @set UPDATED 2010-02-14 @ifinfo This documentation describes Mailcrypt version @value{VERSION}. This documentation was last updated on @value{UPDATED}. Copyright 1995 Patrick J. LoPresti Copyright 1998 Leonard R. Budney Copyright 2001 Brian Warner The Mailcrypt program and this manual are published as free software. You may redistribute and/or modify them under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. Mailcrypt is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Emacs; see the file COPYING. If not, write to the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. @end ifinfo @titlepage @title Mailcrypt: An EMACS Interface to PGP @subtitle Version @value{VERSION} @subtitle @value{UPDATED} @author Patrick J. LoPresti @author Leonard R. Budney @author Brian Warner @c Copyright page @page @vskip 0pt plus 1filll Copyright @copyright{} 1995 Patrick J. LoPresti Copyright @copyright{} 1998 Leonard R. Budney Copyright @copyright{} 2001 Brian Warner The Mailcrypt program and this documentation are published as free software. You may redistribute and/or modify them under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. Mailcrypt is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Emacs; see the file COPYING. If not, write to the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. @end titlepage @ifinfo @node Top, Introduction, (dir), (dir) @top Mailcrypt Mailcrypt is an Emacs Lisp package which provides a simple but powerful interface to cryptographic functions for mail and news. This documentation describes Mailcrypt version @value{VERSION}. The documentation was last updated on @value{UPDATED}. @end ifinfo @menu * Introduction:: Read this first. * General Use:: Everyday cryptographic functions. * Remailer Support:: Interface to secure anonymous remailers. * Passphrase Cache:: Letting Mailcrypt remember your passphrase for a while. * Key Fetching:: Automatically retrieving public keys via finger or HTTP. * Miscellaneous Configuration:: Random tweakables. * Tips:: Hints and tricks. * Limitations:: Things Mailcrypt does not do. * References:: Pointers to relevant information. * Credits:: Whom to blame. * Index:: Keys, variables, and functions. --- The Detailed Node Listing --- Introduction * Prerequisites:: Complicated stuff you may have to do. * Installation:: Simple stuff you probably have to do. * Command Overview:: A brief summary of the most common commands. Installation * Hooking into Rmail:: * Hooking into VM:: * Hooking into MH-E:: * Hooking into Gnus:: * Hooking into Mew:: General Use * Encrypting:: Encrypting a message to one or more recipients. * Signing:: Clearsigning a message. * Inserting Keys:: Extracting a key from your public key ring and inserting it. * Decrypting:: Decrypting a message to you. * Verifying:: Verifying the signature on a clearsigned message. * Snarfing Keys:: Finding a key in the current message and adding it to your keyring. Remailer Support * Remailer Introduction:: A little about remailers in general. * Types of Remailers:: The different remailer networks * Remailer Quick Start:: Getting started quickly. * Remailer Chains:: Creating custom chains of your very own. * Response Blocks:: A way to let people reply to your anonymous messages. * Pseudonyms:: Who do you want to be today? * Remailing Posts:: Posting to USENET anonymously or pseduonymously. * Mixmaster Support:: Remailers for the truly paranoid. * Mixmaster and Mixminion:: Support for external remailer clients. * Remailer Security:: Caveats. * Verifiable Pseudonyms:: Giving expression to the voices in your head. * Remailer Tips:: Free advice. Key Fetching * Keyring Fetch:: Fetching from one or more other keyrings on the local system. * Finger Fetch:: Fetching a key through finger. * HTTP Fetch:: Fetching a key off of the Web. * GnuPG Fetch:: Using GnuPG's internal keyserver interface. Miscellaneous Configuration * Alternate Keyring:: Specifying a different file to act like your public keyring. * Comment Field:: Burma Shave * Mode Line:: Changing that "MC-w" and "MC-r" stuff * Key Bindings:: Which keys cause which actions. * Nonstandard Paths:: Useful if your PGP installation is weird. References * Online Resources:: Recreational reading with a purpose. * Key Servers:: Keepers of the Global Keyring. * Mailing List:: Staying informed while pumping the authors' egos. * Politics:: Anarcho-foobarism. @end menu @node Introduction, General Use, Top, Top @chapter Introduction Mailcrypt is an Emacs Lisp package which provides a simple but powerful interface to cryptographic functions for mail and news. With Mailcrypt, encryption becomes a seamlessly integrated part of your mail and news handling environment. This manual is long because it is complete. All of the information you need to get started is contained in this Introduction alone. @menu * Prerequisites:: Complicated stuff you may have to do. * Installation:: Simple stuff you probably have to do. * Command Overview:: A brief summary of the most common commands. @end menu @node Prerequisites, Installation, Introduction, Introduction @section Prerequisites Mailcrypt requires version 19 or higher of GNU Emacs. Mailcrypt has been tested on a variety of systems under both FSF Emacs and XEmacs. Mailcrypt requires Pretty Good (tm) Privacy, usually known as PGP. This document assumes that you have already obtained and installed PGP and that you are familiar with its basic functions. The best way to become familiar with these functions is to read the @cite{PGP User's Guide}, at least Volume I. For more information on obtaining and installing PGP, refer to the MIT PGP home page at @file{http://web.mit.edu/network/pgp.html}. Although Mailcrypt may be used to process data in arbitrary Emacs buffers, it is most useful in conjunction with other Emacs packages for handling mail and news. Mailcrypt has specialized support for Rmail (@pxref{Rmail, Rmail, Reading Mail with Rmail, emacs, The GNU Emacs Manual}), VM (@pxref{Top, VM, Introduction, vm, The VM User's Manual}), MH-E, and Gnus (@pxref{Top, Gnus, Overview, gnus, The Gnus Manual}). Information on the general use of these packages is beyond the scope of this manual. @node Installation, Command Overview, Prerequisites, Introduction @section Installation If Mailcrypt is not installed on your system, obtain the latest version from the Mailcrypt home page at @file{http://mailcrypt.sourceforge.net} and follow the instructions in the file @file{INSTALL}. Next, decide what version of PGP you are using. Versions 3.5 and higher of Mailcrypt support multiple versions of PGP. To choose a version, add the following lines to your @file{.emacs} file: @lisp (load-library "mailcrypt") ; provides "mc-setversion" (mc-setversion "2.6") ; for PGP 2.6 (default); also "5.0" and "gpg" @end lisp Next, teach your Emacs how and when to load the Mailcrypt functions and install the Mailcrypt key bindings. Almost all Emacs major modes (including mail and news handling modes) have corresponding "hook" variables which hold functions to be run when the mode is entered. All you have to do is add the Mailcrypt installer functions to the appropriate hooks; then the installer functions will add the Mailcrypt key bindings when the respective mode is entered. Specifically, begin by placing the following lines into your @file{.emacs} file (or the system-wide @file{default.el} file): @lisp (autoload 'mc-install-write-mode "mailcrypt" nil t) (autoload 'mc-install-read-mode "mailcrypt" nil t) (add-hook 'mail-mode-hook 'mc-install-write-mode) @end lisp Then add additional lines for your own mail and news packages as described below. @menu * Hooking into Rmail:: * Hooking into VM:: * Hooking into MH-E:: * Hooking into Gnus:: * Hooking into Mew:: @end menu @node Hooking into Rmail, Hooking into VM, Installation, Installation @subsection Hooking into Rmail To hook Mailcrypt into Rmail, use the following lines: @lisp (add-hook 'rmail-mode-hook 'mc-install-read-mode) (add-hook 'rmail-summary-mode-hook 'mc-install-read-mode) @end lisp Using Emacs version 20.3 or higher, you should use the following lines instead: @lisp (add-hook 'rmail-show-message-hook 'mc-install-read-mode) (add-hook 'rmail-summary-mode-hook 'mc-install-read-mode) @end lisp @node Hooking into VM, Hooking into MH-E, Hooking into Rmail, Installation @subsection Hooking into VM To hook Mailcrypt into VM, use the following lines: @lisp (add-hook 'vm-mode-hook 'mc-install-read-mode) (add-hook 'vm-summary-mode-hook 'mc-install-read-mode) (add-hook 'vm-virtual-mode-hook 'mc-install-read-mode) (add-hook 'vm-mail-mode-hook 'mc-install-write-mode) @end lisp @node Hooking into MH-E, Hooking into Gnus, Hooking into VM, Installation @subsection Hooking into MH-E To hook Mailcrypt into MH-E, use the following lines: @lisp (add-hook 'mh-folder-mode-hook 'mc-install-read-mode) (add-hook 'mh-letter-mode-hook 'mc-install-write-mode) @end lisp @node Hooking into Gnus, Hooking into Mew, Hooking into MH-E, Installation @subsection Hooking into Gnus To hook Mailcrypt into Gnus, use the following lines: @lisp (add-hook 'gnus-summary-mode-hook 'mc-install-read-mode) (add-hook 'message-mode-hook 'mc-install-write-mode) (add-hook 'news-reply-mode-hook 'mc-install-write-mode) @end lisp @node Hooking into Mew, , Hooking into Gnus, Installation @subsection Hooking into Mew To hook Mailcrypt into Mew, use the following lines: @lisp (add-hook 'mew-message-mode-hook 'mc-install-read-mode) (add-hook 'mew-summary-mode-hook 'mc-install-read-mode) (add-hook 'mew-draft-mode-hook 'mc-install-write-mode) @end lisp Note that Mew already has extensive support for MIME-encoded encrypted and/or signed messages (using the ``multipart/encrypted'' and ``application/pgp-encrypted'' formats specified by RFC3156). Using MailCrypt within Mew is most useful for traditional ``inline'' armored encrypted/signed messages. @node Command Overview, , Installation, Introduction @section Command Overview All Mailcrypt commands are (by default) activated by three-character key sequences which begin with @kbd{C-c /}. The most common operations are: @table @emph @item Encrypting a Message @kbd{C-c / e} encrypts a message using the recipient's (or recipients') public key(s). @xref{Encrypting, , Encrypting a Message}. @item Decrypting a Message @kbd{C-c / d} decrypts a message using your secret key. @xref{Decrypting, , Decrypting a Message}. @item Signing a Message @kbd{C-c / s} clearsigns a message using your secret key. @xref{Signing, , Signing a Message}. @item Verifying a Signature @kbd{C-c / v} verifies the signature on a clearsigned message using the sender's public key. @xref{Verifying, , Verifying a Signature}. @end table These functions and others are documented in detail in the following chapters. Any time you are composing or reading mail or news, you can get a summary of the available commands by typing @kbd{C-h m}. If you are running Emacs under X, an even easier way to see the available commands is to access the @code{Mailcrypt} pull-down menu. @node General Use, Remailer Support, Introduction, Top @chapter General Use @findex mc-setversion By default, Mailcrypt assumes you are using one of the PGP 2.6.x versions. This permits backward compatibility for the millions of satisfied users of Mailcrypt 3.4 worldwide. If you wish to specify a different version of PGP, use the @code{mc-setversion} function. Its action is the same as setting the variable @code{mc-default-scheme}. For a list of supported versions, press the tab key. ``2.6'' means 2.6.x, the original (and default). ``5.0'' is pgp 5.0. ``6.5'' is pgp 6.5. ``gpg'' is GnuPG. @findex mc-read-mode @findex mc-write-mode Mailcrypt works by providing two minor modes for interfacing with cryptographic functions: @code{mc-read-mode} and @code{mc-write-mode}. @code{mc-read-mode} provides key bindings for processing messages which you have received; @code{mc-write-mode} provides key bindings for processing messages which you are about to send. These minor modes will indicate when they are active by placing a characteristic string in the mode line (@pxref{Mode Line}). They will also add a @code{Mailcrypt} pull-down menu to the menu bar. @findex mc-install-read-mode @findex mc-install-write-mode The normal installation procedure (@pxref{Installation}) will arrange for the appropriate mode to be active when you read and compose mail and news. But you may want to use Mailcrypt's functions at other times; to do so, you can call @code{mc-install-read-mode} or @code{mc-install-write-mode} directly. For example, if you were editing a file in Text mode and wanted to digitally sign it, you would type @kbd{M-x mc-install-write-mode}, then @kbd{C-c / s} (@pxref{Signing}). Once one of the Mailcrypt modes is active, you can get a summary of the available functions by typing @kbd{C-h m} or by examining the @code{Mailcrypt} pull-down menu. The description of each function below includes which of the modes has a binding for that function. @menu * Encrypting:: Encrypting a message to one or more recipients. * Signing:: Clearsigning a message. * Inserting Keys:: Extracting a key from your public key ring and inserting it. * Decrypting:: Decrypting a message to you. * Verifying:: Verifying the signature on a clearsigned message. * Snarfing Keys:: Finding a key in the current message and adding it to your keyring. @end menu @node Encrypting, Signing, General Use, General Use @section Encrypting a Message @findex mc-encrypt @kindex C-c / e The function @code{mc-encrypt} will encrypt a message in the current buffer. @code{mc-write-mode} binds this function to @kbd{C-c / e} by default. When this function is called, Mailcrypt will prompt you for a comma-separated list of recipients. If called from a mail composition buffer, the recipient list will default to the Email addresses in the @samp{To}, @samp{CC}, and @samp{BCC} lines of the message. @vindex mc-encrypt-for-me If you want to be able to decrypt the message yourself, you need to add yourself to the recipient list. If you always want to do so, set the variable @code{mc-encrypt-for-me} to @code{t}. (Note that Mailcrypt overrides the PGP "encrypttoself" flag; use this variable instead.) If you provide an empty recipient list, Mailcrypt will ASCII-armor the message without encrypting it. @vindex mc-pgp-always-sign Once you have edited the recipient list to your satisfaction, type @kbd{@key{RET}} to accept it. You will then be asked whether you want to sign the message; answer @kbd{y} or @kbd{n}. You can avoid this question by setting the variable @code{mc-pgp-always-sign}: A value of @code{t} means "yes", a value of @code{'never} means "no". If you elect to sign the message, Mailcrypt will prompt you for the appropriate passphrase unless it is cached (@pxref{Passphrase Cache}). @vindex mc-pre-encryption-hook @vindex mc-post-encryption-hook Mailcrypt will then pass the message to PGP for processing. Mailcrypt will call the functions listed in @code{mc-pre-encryption-hook} and @code{mc-post-encryption-hook} immediately before and after processing, respectively. The encrypted message will then replace the original message in the buffer. You can undo the encryption with the normal Emacs undo command @kbd{C-x u} (@pxref{Undo, Emacs Undo, Undoing Changes, emacs, The GNU Emacs Manual}). If an error occurs, Mailcrypt will display an appropriate diagnostic. If you do not have the public key for one of the specified recipients, Mailcrypt will offer to try to fetch it for you (@pxref{Key Fetching}). If you want to use a secret key other than your default for signing the message, pass a prefix argument to @code{mc-encrypt}. (That is, type @kbd{C-u C-c / e}.) Mailcrypt will prompt for a string and will sign with the first key on your secret keyring which matches that string. It will be assumed that you want to sign the message, so you will not be prompted. See the next section, @ref{Signing, , Signing a Message} for information about which key is used by default to sign the message. @node Signing, Inserting Keys, Encrypting, General Use @section Signing a Message @findex mc-sign @kindex C-c / s The function @code{mc-sign} will clearsign a message in the current buffer. @code{mc-write-mode} binds this function to @kbd{C-c / s} by default. When this function is called, Mailcrypt will prompt you for the appropriate passphrase unless it is cached (@pxref{Passphrase Cache}). @vindex mc-pre-signature-hook @vindex mc-post-signature-hook Mailcrypt will then pass the message to PGP for processing. Mailcrypt will call the functions listed in @code{mc-pre-signature-hook} and @code{mc-post-signature-hook} immediately before and after processing, respectively. The signed message will replace the original message in the buffer. @emph{Do not} edit the message further with the signature attached, because the signature would then be incorrect. If you discover you need to edit a message after you have signed it, remove the signature first with the normal Emacs undo command @kbd{C-x u} (@pxref{Undo, Emacs Undo, Undoing Changes, emacs, The GNU Emacs Manual}). The variable @code{mc-pgp-user-id} controls which secret key is used for signing. To use a different secret key, pass a prefix argument to @code{mc-sign}. (That is, type @kbd{C-u C-c / s}.) Mailcrypt will prompt for a string and will sign with the first key on your secret keyring which matches that string. @vindex mc-pgp-user-id The default key for signing is the first one on the secret key ring which matches the string @code{mc-pgp-user-id}; this defaults to @code{(user-login-name)}. Note that this differs from PGP's normal default, which is to use the first of @emph{all} of the secret keys. To mimic PGP's behavior, set this variable to @code{""}. This variable is specific to pgp 2.6.x; @code{mc-pgp50-user-id} and @code{mc-gpg-user-id} are the corresponding variables for pgp 5.0 and GnuPG. If you have multiple secret keys with the same name (perhaps you generate a new key every few years, but keep the expired keys on your secret key ring so you can decrypt old messages), you may want to use a hex keyid in @code{mc-gpg-user-id} or equivalent. A simple name will cause mailcrypt to use the first matching secret key, which may not be the most recent one. Using a hex keyid will force the encryption program to use that exact secret key for signing. Put something like the following in your @file{.emacs}: @lisp (setq mc-gpg-user-id "0x03A5E108") @end lisp @node Inserting Keys, Decrypting, Signing, General Use @section Inserting a Public Key Block @findex mc-insert-public-key @kindex C-c / x The function @code{mc-insert-public-key} will extract a key from your public keyring and insert it into the current buffer. @code{mc-write-mode} binds this function to @kbd{C-c / x} by default. This function is useful for sending your public key to someone else or for uploading it to the key servers (@pxref{Key Servers}). The inserted key will be the first one on your public key ring which matches the string @code{mc-pgp-user-id} (@pxref{Encrypting, , Encrypting a Message}). You may want to insert a different public key instead; for example, you may have signed someone's key and want to send it back to them. To do so, pass a prefix argument to @code{mc-insert-public-key}. (That is, type @kbd{C-u C-c / x}.) You will be prompted for a string; the first key on your public key ring which matches that string will be inserted. @node Decrypting, Verifying, Inserting Keys, General Use @section Decrypting a message @findex mc-decrypt @kindex C-c / d The function @code{mc-decrypt} will decrypt a message in the current buffer. @code{mc-read-mode} binds this function to @kbd{C-c / d} by default. When this function is called, Mailcrypt will prompt you for the appropriate passphrase unless it is cached (@pxref{Passphrase Cache}). The encrypted message will then be passed to PGP for processing. If you are not in a mail buffer, the decrypted message will replace the encrypted form. If you are in a mail buffer, you will be prompted whether to do the replacement. If you answer @kbd{n}, you will be placed in a new mail reading buffer to view the decrypted message. This new mail reading buffer will have no corresponding disk file; its purpose is to provide you with all of your usual reply and citation functions without requiring you to save the message in decrypted form. Type @kbd{q} to kill this buffer. @vindex mc-always-replace You can avoid the question of whether to replace the encrypted message by setting the variable @code{mc-always-replace}. A value of @code{t} means "yes"; a value of @code{'never} means "no". If the encrypted message is also signed, PGP will attempt to verify the signature. If the verification fails because you lack the necessary public key, Mailcrypt will offer to fetch it for you (@pxref{Key Fetching}). Look in the @code{*MailCrypt*} buffer to see the result of the signature verification. @node Verifying, Snarfing Keys, Decrypting, General Use @section Verifying a Signature @findex mc-verify @kindex C-c / v The function @code{mc-verify} will verify the cleartext signature on a message in the current buffer. @code{mc-read-mode} binds this function to @kbd{C-c / v} by default. When this function is called, Mailcrypt will pass the message to PGP for processing and report whether or not the signature verified. If the signature failed to verify because you lack the necessary public key, Mailcrypt will offer to fetch it for you (@pxref{Key Fetching}). @node Snarfing Keys, , Verifying, General Use @section Snarfing a Key @findex mc-snarf @kindex C-c / a The function @code{mc-snarf} will add to your keyring any keys in the current buffer. @code{mc-read-mode} binds this function to @kbd{C-c / a} by default. This function is useful when someone sends you a public key in an Email message. @node Remailer Support, Passphrase Cache, General Use, Top @chapter Remailer Support This is a long chapter describing an advanced feature; you may want to skip it on first reading. @menu * Remailer Introduction:: A little about remailers in general. * Types of Remailers:: The different remailer networks * Remailer Quick Start:: Getting started quickly. * Remailer Chains:: Creating custom chains of your very own. * Response Blocks:: A way to let people reply to your anonymous messages. * Pseudonyms:: Who do you want to be today? * Remailing Posts:: Posting to USENET anonymously or pseduonymously. * Mixmaster Support:: Remailers for the truly paranoid. * Mixmaster and Mixminion:: Support for external remailer clients. * Remailer Security:: Caveats. * Verifiable Pseudonyms:: Giving expression to the voices in your head. * Remailer Tips:: Free advice. @end menu @node Remailer Introduction, Types of Remailers, Remailer Support, Remailer Support @section Remailer Introduction There are several anonymous remailer services running on the Internet. These are programs that accept mail, strip off information that would identify the origin of the message, and forward the mail to the designated recipient. This simple scheme alone, however, is insecure if the anonymous remailer becomes compromised (or if the remailer was set up by an untrustworthy party in the first place). Whoever controls the remailer will have access to the identities of senders and recipients. One solution to this is to use @emph{chains} of remailers that send encrypted messages. For example, suppose Bill wishes to send a message to Louis using a chain of remailers A, B, and C. He writes the message (possibly encrypting it for Louis), then encrypts the result (including the fact that Louis is the recipient) using a public key supplied by remailer C. Then he encrypts this result using a public key supplied by remailer B. Then he encrypts this result using a public key supplied by A and sends the message to A. When A receives the message, it decrypts the message with its key to produce something encrypted for B, learns that the next remailer in the chain is B, strips off the information that the message came from Bill, and sends the message on to B. B then decrypts, learns that the next remailer in the chain is C, strips off the information that the message came from A, and sends the result to C. C then decrypts, learns that the destination is Louis, strips off the information that the message came from B, and sends the result to Louis. With this arrangement, only A knows that the original message came from Bill, and only C knows that the intended recipient is Louis. In general, the sender and recipient can both be known only to someone who has compromised all remailers in the chain. If Bill wishes, he can include an encrypted "response block" in his message to Louis, which defines a remailer chain that Louis can use to reply to Bill. Louis can use this chain without knowing who Bill is -- only the last remailer in the chain need know the final recipient. Bill can also establish a @emph{pseudonym} for use in signing his anonymous messages. More sophisticated systems split the message into multiple pieces to further disguise the path it takes through the network. Special client programs are used to construct and encrypt the pieces. Mailcrypt includes facilities for sending messages via remailers, for defining chains of remailers, for generating response blocks, for using pseudonyms, and for interfacing with remailer client programs. @node Types of Remailers, Remailer Quick Start, Remailer Introduction, Remailer Support @section Types of Remailers There are currently three classes of remailer networks in use, not counting the original single-hop address-rewriter machines (like the late penet.fi). @table @asis @item Cypherpunk (Type 1) Machines in the original cypherpunk remailer network accept messages with commands to send a portion of the message out to another machine. By wrapping the final message text in layers of encryption like an onion, the message is sent through chains of remailers, each machine decrypting one layer and sending the rest out to the next hop. One disadvantage of this scheme is that the message gets smaller by a fairly constant amount on each hop, making traffic analysis easier to perform. Mailcrypt automates the process of wrapping your final message in layers of encryption for each remailer along the desired chain. Type 1 remailers are handled by @code{mc-remailer-scheme-type1}. @item Mixmaster (Type 2) The next generation of remailers use a special client program (written in C) to encode the message differently. The message is broken up into multiple identically-sized pieces, which follow separate paths through the network, and are recombined at the far end. At each hop, random padding is added to make sure that @emph{all} inter-node messages are exactly the same size. This makes traffic analysis more difficult. Periodic dummy messages are also sent to further complicate attacks. The most common type-2 client program for Unix is named ``mixmaster''. There are two different versions, with fairly different interfaces. Mailcrypt supports both. The older version comes from a package named ``mix-2.0.3'', and has an interface that modifies a message in-place. The mailcrypt interface to this is through @code{mc-remailer-scheme-type1} and behaves much like the normal encryption interface: you hit the button and your email is modified in place; the To: header is replaced with the target of the first remailer in the chain. As you can imagine, this API is problematic, as large messages must be split into multiple pieces. The modern type-2 client program is an updated version of ``mixmaster'', from a package named ``mixmaster-2.9.0'' (distributed at @file{http://mixmaster.sourceforge.net/}. This version does not modify the message in place; rather it accepts an email message on stdin and sends the resulting series of packets directly. The mailcrypt interface to the new mixmaster is through @code{mc-remailer-scheme-mixmaster}. When you chose ``encrypt for remailer'' within this scheme, the message is sent directly to the client program and delivered immediately, bypassing your MUA mode's normal ``send'' command. @item Mixminion (Type 3, under development) A new generation of remailer networks is under currently development (at @file{http://www.mixminion.net/}). One notable improvement is the addition of automatic reply blocks. A major flaw of the type-2 network is that to give someone the ability to reply to a message, you have to give them a type-1 reply block. This makes the response more vulnerable to traffic analysis. Mixminion message can be formed in such a way that the response path is automatically embedded in the outgoing message. Mixminion uses a client program (called ``mixminion'') which behaves just like the modern ``mixmaster'' client. Through @code{mc-remailer-scheme-mixminion}, mailcrypt supports a command to send the body of the current message to the mixminion client. Mixminion is under development, please check the web page for the current status before using it. @end table @vindex mc-default-remailer-scheme The remailer scheme currently in use is determined by the @code{mc-default-remailer-scheme} variable. Set this to one of @code{mc-remailer-scheme-type1}, @code{mc-remailer-scheme-mixmaster}, or @code{mc-remailer-scheme-mixminion}. For example, use the following in your @file{.emacs} to make @kbd{C-c / r} always use the modern mixmaster client: @lisp (setq mc-default-remailer-scheme 'mc-remailer-scheme-mixmaster) @end lisp @node Remailer Quick Start, Remailer Chains, Types of Remailers, Remailer Support @section Remailer Quick Start To use Mailcrypt's remailing facilities, you need to configure them first. Begin with the following steps: @enumerate @item Download Levien-format list of remailers from @file{http://www.tahina.priv.at/~cm/stats/rlist.txt} (as of 2007-03-01) and save the file to @samp{~/.remailers}. See the variable @code{mc-levien-file-name} to chnage the file name anad location. Mailcrypt will parse this the first time you access a remailer function. @item Look over the @file{.remailers} file and find the ones you want to use. The lines that list remailers and their capabilities look like ones below. It is best to consuts remailer statistics page to determine the most reliable candidats for chaining. @example @verbatim $remailer{"frell"} = "..." $remailer{"starwars"} = "..." @end verbatim @end example @item Add their PGP public keys to your keyring. You can for an armored keyring full of remailer public keys. Note that Mailcrypt @emph{requires} that you have the public keys of all the remailers you want to use, and therefore that the remailers support PGP encryption. The list of remailers and their keys (as of 2007-03-01) can be found at @file{http://www.noreply.org/echolot/thesaurus/}. With gpg, after each @emph{key} has been saved to a file, the entries can be imported into separate public keyring with command: @example gpg --no-options --no-default-keyring \ --keyring ~/.gnupg/pubring-remailer.gpg \ --import *.key @end example In order for gpg to use separate keyring, the new keyring file must be configured to @file{~/.gnupg/gpg.conf} by adding this line: @example keyring pubring-remailer.gpg @end example @end enumerate @quotation @emph{Note:} Downloading the remailer list and their keys need only be done once, although repeating them from time to time is probably a good idea, since remailers come and go. @end quotation Now test the remailer functions. First compose an outgoing Email message (using @kbd{C-x m}, for example) addressed to yourself. Type @kbd{C-c / r}. Choose a remailer; use @kbd{@key{TAB}} to get completion on its name. The buffer will be rewritten for anonymous mailing through that remailer. Note that you can only select a single remailer when you rewrite the message. To send the message through multiple hops, either rewrite the message multiple times, or define a @emph{chain} of remailers that can be referred to like a single remailer. Remailer chains are described in the next section. @node Remailer Chains, Response Blocks, Remailer Quick Start, Remailer Support @section Remailer Chains @findex mc-remail @findex mc-remailer-encrypt-for-chain @kindex C-c / r @code{mc-write-mode} binds the function @code{mc-remail} to the key @kbd{C-c / r}. Depending upon the current remailer scheme, this function may pass the message directly to a remailer client, or may simply rewrite the message for a remailer or chain. For ``type1'' remailers, the resulting buffer is just a new Email message, so it can itself be rewritten for another remailer; this is one way to manually construct a remailer chain. Mailcrypt also has powerful facilities for defining automatic chains. We will start with an example. Suppose you have put the following into your @file{.emacs} file: @vindex mc-remailer-user-chains @lisp (setq mc-remailer-user-chains '(("Foo" "alumni" "robo") ("Bar" (shuffle-vector ["replay" "flame" "spook"])) ("Baz" "Foo" "Bar" "rahul" "Bar") ("Quux" 4))) @end lisp This code defines four chains. The first is named "Foo" and consists of "alumni" and "robo", in that order. The second is named "Bar" and consists of "replay", "flame", and "spook" in some random order (a different order will be chosen each time the chain is used). The third is named "Baz" and consists of 9 remailers: The two from "Foo", followed by a permutation of the three from "Bar", followed by "rahul", followed by another permutation of the three from "Bar". Finally, the fourth is named "Quux" and consists of a random permutation of the four best remailers as ordered in the @file{~/.remailers} file. Now whenever you are prompted for a "remailer or chain", the chains "Foo", "Bar", "Baz", and "Quux" will be available, including @kbd{@key{TAB}} completion on their names. By capitalizing their names, you guarantee they will show up near the top of the completion list if you type @kbd{@key{TAB}} on an empty input. Now for the gritty details. @code{mc-remailer-user-chains} is a list of chain definitions. A chain definition is a list whose first element is the name (a string) and whose remaining elements form a @dfn{remailer list}. Each element of a remailer list is one of the following: @enumerate @item A raw remailer structure. This is the base case, but you will probably never want nor need to deal with these directly. @item A string naming another remailer chain to be spliced in at this point. @item A positive integer N representing a chain to be spliced in at this point and consisting of a random permutation of the top N remailers as ordered in the @file{~/.remailers} file. @item An arbitrary Emacs Lisp form, which should return another remailer list which will be spliced in at this point and recursively evaluated. Mmmm, Lisp. @end enumerate So, in the example "Bar" above, @code{shuffle-vector} is actually a Lisp primitive which returns a random permutation of the argument vector. (Which brings up a side note: A remailer list can be a vector instead of a list if you like.) So where do the definitions for "replay" etc. come from? @vindex mc-remailer-internal-chains There is another variable, @code{mc-remailer-internal-chains}, which has the same format as @code{mc-remailer-user-chains}. In fact, the concatenation of the two is always used internally when resolving chains by name. The "internal chains" are normally generated automatically from a Levien-format remailer list, which lives in @file{~/.remailers} by default and is parsed at startup time. The parser creates several chains, each containing a single remailer, and names each chain after the respective remailer. Thus "replay" (for example) is actually the name of a @emph{chain} whose single element is the remailer at . So "replay" is a valid name of a chain to include in the definition of another chain, as was done above in the definition of "Bar". @node Response Blocks, Pseudonyms, Remailer Chains, Remailer Support @section Response Blocks @kindex C-c / b Mailcrypt can generate a response block for you. Just type @kbd{C-c / b} in an outgoing mail buffer. That will prompt you for a chain to use, and will insert the response block at point. Note that you can use any chain you want for your response block; it need not be related to the chain you (later) use to remail the message. If instead you type @kbd{C-u C-c / b}, you will be dropped into a recursive edit of the innermost part of the response block. This text is what you will see at the top of the message when the response block is used. This text is the only way to identify the response block, since it will be used to mail you through anonymous remailers. You probably won't need to use the @kbd{C-u} feature, since by default the response block contains the date, @samp{To} field, and @samp{From} field of the message you are composing. However, if you want your response block to point to a USENET newsgroup instead of your Email address, you may edit the innermost part of the response block to have a @samp{Newsgroups} line instead of a @samp{To} line. Inserting a response block also updates the @samp{Reply-to} hashmark header field. So, when your recipient replies to your message, the reply will automatically be addressed properly. This only works if the last remailer in the chain used to encrypt the @emph{message} supports hashmarks (the response block chain doesn't matter). If the last remailer does not support hashmarks, Mailcrypt will generate an error when you try to use the chain. Note that you should insert your response block before you encrypt the message for remailing. Also, see @ref{Remailer Security}. @node Pseudonyms, Remailing Posts, Response Blocks, Remailer Support @section Pseudonyms @kindex C-c / p Mailcrypt supports pseudonyms. Type @kbd{C-c / p} in an outgoing message buffer and you will be prompted for a pseudonym to use. Your pseudonym will show up in the @samp{From} line that the recipient sees. Your pseudonym may either be a complete @samp{From} line (including an Email address), or just a full name (with no Email address). In the latter case, the Email address will automatically be set to , an invalid address designed to prevent sendmail from going rewrite-happy. If you have one or more pseudonyms which you normally use, and you aren't afraid of revealing them if your account is compromised, you can set up a default list of pseudonyms with lines like the following in your @file{.emacs} file: @vindex mc-remailer-pseudonyms @lisp (setq mc-remailer-pseudonyms '("Elvis Presley" "Vanna White" "Charles Manson")) @end lisp Then those names will be available for completion when you are prompted for your pseudonym. You should insert your pseudonym before you insert a response block, so that the response block will contain the @samp{From} line as well as the @samp{To} line. That way you can tell who you were pretending to be when you get a reply to your message. Note: Many remailers do not support pseudonyms. In addition, the Levien format does not (yet) indicate which do and which do not, so Mailcrypt can't warn you when your pseudonym isn't going to work. The only way to be sure is to send yourself a test message, and to try different remailers until you find one or more which work. On the bright side, only the last remailer in the chain needs to provide such support; none of the others matter. @node Remailing Posts, Mixmaster Support, Pseudonyms, Remailer Support @section Remailing Posts Mailcrypt knows how to rewrite USENET posts for anonymous or pseudonymous remailing. Just compose your post or followup normally, and use @kbd{C-c / r} to rewrite it for a remailer chain. You don't even need to start your newsreader to make a post; you can just compose a message in mail mode and replace the @samp{To} line with a @samp{Newsgroups} line before doing @kbd{C-c / r}. @vindex mc-remailer-preserved-headers Mailcrypt will generate an error if the last remailer in the chain does not have both the @code{post} and @code{hash} (hashmarks) properties. The hashmarks are used to preserve @samp{References} and similar headers, so your anonymous or pseudonymous followups will thread properly. The variable @code{mc-remailer-preserved-headers} controls which headers are preserved when rewriting a message, but you should not need to change it since the default value is reasonable. Before rewriting, you can use @kbd{C-c / p} to insert your pseudonym, and @kbd{C-c / b} to insert your response block, just like when composing mail. In this case, the response block will include the @samp{From} line and the @samp{Newsgroups} line (which is the news analogue to the @samp{To} line). @node Mixmaster Support, Mixmaster and Mixminion, Remailing Posts, Remailer Support @section Mixmaster Support (note: this chapter describes mailcrypt's support for the ``old'' mixmaster interface. For a description of mailcrypt's support for the modern mixmaster client see @ref{Mixmaster and Mixminion}.) @dfn{Mixmaster} is a newer type of remailer which provides excellent security against traffic analysis and replay attacks. (For more information on these attacks and Mixmaster, see Lance Cottrell's FAQ at @file{http://mixmaster.sourceforge.net/faq.shtml}. If you do not use Mixmaster, you may skip this section entirely; Mailcrypt's default configuration treats Mixmaster as if it did not exist. If you have the Mixmaster executable installed, you can tell Mailcrypt to use it by placing lines like the following into your @file{.emacs} file: @vindex mc-mixmaster-path @vindex mc-mixmaster-list-path @lisp (setq mc-mixmaster-path "mixmaster") (setq mc-mixmaster-list-path "/foo/bar/baz/type2.list") @end lisp @code{mc-mixmaster-path} is a string representing the Mixmaster executable. @code{mc-mixmaster-list-path} is the complete path to the @code{type2.list} file. Once these variables are defined, (and if the remailer scheme is set @code{mc-remailer-scheme-type1}, see @ref{Types of Remailers}), Mailcrypt will automatically try to use the Mixmaster executable whenever possible. Specifically, when you rewrite a message for a chain, Mailcrypt will find maximal length sub-chains which have the @code{mix} property and will use the Mixmaster executable to rewrite for those sub-chains. This allows arbitrary intermingling of Mixmaster and normal (also called @dfn{Type 1}) remailers, but you should note that this is @emph{not recommended}. The recommended procedure is to have a single Mixmaster sub-chain which is most or all of the whole chain. There are advantages and disadvantages to having the Mixmaster sub-chain at the end of the whole chain. The primary advantage is that Mixmaster remailers support multiple recipients. The primary disadvantages are that they do not support pseudonyms nor posting. So here, as always, it is the last element of the chain which needs to support the special features you want. In general, the remaining elements do not matter, and the superior security of Mixmaster remailers is a good argument for using them for the bulk of your chains. @findex mc-demix Mixmaster remailers also have a "Type 1 compatibility mode" which you might want to invoke to use a pseudonym or make a post. You can do this with the function @code{mc-demix}. Here is an example of its use: @lisp (setq mc-remailer-user-chains '(("Foo" "vishnu" "spook") ("Bar" "Foo" (mc-demix "replay")))) @end lisp This makes "Bar" a chain of three remailers, and guarantees that the last one ("replay") will be used in compatibility mode. Note that Mixmaster remailers cannot be used for response blocks. Mailcrypt will ignore the @code{mix} property when generating a response block. @node Mixmaster and Mixminion, Remailer Security, Mixmaster Support, Remailer Support @section Mixmaster and Mixminion Mailcrypt now contains preliminary support for the modern mixmaster client, as well as the experimental mixminion client. This support is accessed through the @code{mc-remailer-scheme-mixmaster} and @code{mc-remailer-scheme-mixminion} scheme settings. Both of these clients operate in a mode where the completely absorb the message body. When run, they accept the text on stdin, decide upon a remailer chain, construct the message packets, then transmit the packets directly. Unlike the type1 (and older mixmaster) interface, once these client programs finish, the message has been sent and the user's MUA buffer is no longer needed. Note, in particular, that this bypasses the MUA's ``send'' command. To make sure that the user does not accidentally use the MUA mode to send the message (non-anonymously), Mailcrypt will attempt to erase the message buffer and To: header. Some MUA modes may also have support code which will delete the message buffer altogether. Mailcrypt will also ask ``Do you really want to send this message'' before running the client program. This is your last chance to avoid sending the message. The modern client programs are designed to convey message @emph{bodies}, not the headers-plus-body that usually make up an email message. Email headers, even with the obvious ones like From: and Message-Id: stripped out, are too likely to leak information, making it possible for the message recipient to figure out who sent the message. Any extra information about the kind of system used to construct the message serves to reduce the ``anonymity set'', the set of possible message senders. A smaller anonymity set means less anonymity. The client programs have command-line arguments to add certain headers (like Subject:) back into the message. Different clients (and different versions of the same client) offer different options. Where possible, Mailcrypt will take the headers from your message and pass them to the remailer client program. Note that most clients only allow a single recipient to be named. Mailcrypt support for modern remailer clients is still preliminary. It does not yet provide control over several options offered by the clients. Features not useable include: @table @emph @item Mixmaster Newsgroup-posting Nym support Automatic sign/encrypt reply-chain generation file attachments @item Mixminion reply block generation @end table In addition, both clients offer ways to influence the chain of remailers to use for the message. Mailcrypt does not currently offer a way to access this control: messages will be sent using the default client settings (which usually means a chain of four reliable hops). @node Remailer Security, Verifiable Pseudonyms, Mixmaster and Mixminion, Remailer Support @section Remailer Security Keep in mind that there is only one person fully qualified to protect your privacy: @emph{you}. You are responsible for obtaining a list of remailers and their public keys; you are responsible for choosing which of them to use and in what order. There are public lists of remailers and keys (the Quick Start section above relies on them), but you pay for the convenience by putting your trust in a single source. This is one reason Mailcrypt does not access these public lists automatically; you need to get into the habit of watching what goes on behind the scenes. You should also try to learn something about the remailers themselves, since you are relying on them to help protect your privacy. How many remailers should you include in your chain, and how should you choose them? That depends on whom you perceive as a threat. If the threat is your ex-spouse or your boss, even a single remailer is probably adequate (more won't hurt, but will cost in latency). If the threat is the Church of Scientology, you probably want to use a fair number of remailers across multiple continents. If the threat is a major world government, well, best of luck to you. Also, there is a huge difference between chains suitable for regular messages and chains suitable for response blocks. Some remailers don't even keep mail logs (at least, their operators claim they do not), so it may be literally impossible to trace a message back to you after the fact if you chain it through enough remailers. Response blocks, on the other hand, have your identity buried in there @emph{somewhere}. In principle, at least, it is possible to compromise the keys of all the remailers in the chain and decrypt the response block. So you should either use very long and strong chains for your response blocks, avoid using response blocks at all, or only use response blocks which themselves ultimately point to a newsgroup. @node Verifiable Pseudonyms, Remailer Tips, Remailer Security, Remailer Support @section Verifiable Pseudonyms Here is a plausible sequence of operations when using the remailer support in Mailcrypt: @enumerate @item You create a public/private PGP key pair. You give it a User ID which is your pseudonym. You upload the public key to the key servers or otherwise distribute it. (Be aware that anyone who compromises your account can read the IDs on your secret keyring, thus discovering your verifiable pseudonyms.) @item You compose an Email message, Email reply, news post, or news followup. @item You insert your pseudonym with @kbd{C-c / p}. @item (Optional) You insert your response block with @kbd{C-c / b}. @item You type @kbd{C-c / s} to sign the message. The @code{mc-sign} function understands pseudonyms. @item You type @kbd{C-c / r} to rewrite the message for remailing. (Or use @kbd{C-u C-c / r} to view each step of the rewriting as it happens.) @item You type @kbd{C-c C-c} to send the message. @end enumerate Now the recipient(s), reading your message through mail or news, can verify your pseudonymous signature; thus you have started to create a verifiable pseudonymous identity. If you use it consistently, it will develop a reputation of its own. With Mailcrypt, using a pseudonym is almost as easy as using your real name (and your followups in news will even thread properly). Welcome to the new age of letters@dots{} @node Remailer Tips, , Verifiable Pseudonyms, Remailer Support @section Remailer Tips This is a collection of tips for using Mailcrypt's remailer support. @itemize @bullet @item @vindex mc-levien-file-name Read and understand the @file{.remailers} file. Do a web search for ``anonymous remailer list'', ask around in @file{news:alt.privacy.anon-server}, or, as a last resort, @file{news:alt.security.pgp}. Check the documentation (@kbd{C-h v}) for the variable @code{mc-levien-file-name} for a description of Levien format. @item Mailcrypt needs to be able to encrypt a message to each remailer in the chain, so it needs access to their public keys, in a keyring usable by the currently selected backend. Keyrings containing keys for all the well-known remailers are usually available from the same places as the remailer lists. @item The relevant remailer properties are @code{pgp} (required), @code{hash} (required if you use hashmark headers), and @code{post} (required for posting to USENET). Remailers which do not support PGP won't even show up in the completion list. @item The only remailer which needs special properties (e.g., posting, hashmarks, pseudonym support) is the last one in a chain. Any remailer can be used at the beginning or in the middle. So if you find a few remailers which support the feature(s) you require, and you always use them at the end of your chains, then you can be confident that even the longest chains will work. @item @findex mc-reread-levien-file If you update your @file{~/.remailers} file, you can reread it with @kbd{M-x mc-reread-levien-file}. @item Remember the natural order of operations. First you compose your message. Then you insert your pseudonym with @kbd{C-c / p}. Then you insert your response block with @kbd{C-c / b}. Then you sign (@kbd{C-c / s}) or sign and encrypt (@kbd{C-c / e}) the message. Then you rewrite it for a remailer or chain (@kbd{C-c / r}). Then you send it. All but the first and last two of these are optional. (Well, strictly speaking, they are all optional, but you get the idea.) @item Find and read some of the excellent remailer documentation available on the Internet. For some good starting points, see @ref{References}. @end itemize @node Passphrase Cache, Key Fetching, Remailer Support, Top @chapter Passphrase Cache @vindex mc-passwd-timeout Mailcrypt can remember your passphrase so that you need not type it repeatedly. It will also "forget" your passphrase if it has not been used in a while, thus trading some security for some convenience. You can tune this tradeoff with the variable @code{mc-passwd-timeout}, which is a duration in seconds from the last time the passphrase was used until Mailcrypt will forget it. The default value is 60 seconds. So, for example, to make Mailcrypt remember your passphrase for 10 minutes after each use, you would use the following line in your @file{.emacs} file: @lisp (setq mc-passwd-timeout 600) @end lisp A value of @code{nil} or 0 will disable passphrase caching completely. This provides some increase in security, but be aware that you are already playing a dangerous game by typing your passphrase at a Lisp interpreter. Mailcrypt understands multiple secret keys with distinct passphrases. @findex mc-deactivate-passwd @kindex C-c / f To manually force Mailcrypt to forget your passphrase(s), use the function @code{mc-deactivate-passwd}. Both @code{mc-read-mode} and @code{mc-write-mode} bind this function to @kbd{C-c / f} by default. @quotation @strong{Warning:} Although Mailcrypt takes pains to overwrite your passphrase when "forgetting", it cannot prevent the Emacs garbage collector from possibly leaving copies elsewhere in memory. Also, your last 100 keystrokes can always be viewed with the function @code{view-lossage}, normally bound to @kbd{C-h l}. So be sure to type at least 100 characters after typing your passphrase if you plan to leave your terminal unattended. @end quotation @node Key Fetching, Miscellaneous Configuration, Passphrase Cache, Top @chapter Key Fetching @findex mc-fetch-key @kindex C-c / k Mailcrypt knows how to fetch PGP public keys from the key servers (@pxref{Key Servers}). The function @code{mc-fetch-key} is bound by default to @kbd{C-c / k} in both @code{mc-read-mode} and @code{mc-write-mode}. Additionally, @code{mc-encrypt}, @code{mc-decrypt}, and @code{mc-verify} will offer to call this function to automatically fetch a desired key. If you call it manually, it will prompt you for the User ID of the key to fetch. @vindex mc-pgp-fetch-methods The variable @code{mc-pgp-fetch-methods} is a list of ways to attempt to fetch a key. (More precisely, it is a list of functions to be called, each of which will attempt to fetch the key.) The methods will be tried in the order listed. The default list is: @lisp '(mc-pgp-fetch-from-keyrings mc-pgp-fetch-from-finger mc-pgp-fetch-from-http) @end lisp For a description of these functions, see the following sections. If you are not directly on the Internet, you probably want to obtain a copy of the global public key ring from the keyservers, install it somewhere under the name @file{public-keys.pgp}, and do: @lisp (setq mc-pgp-fetch-methods '(mc-pgp-fetch-from-keyrings)) (setq mc-pgp-fetch-keyring-list '("/blah/blah/blah/public-keys.pgp")) @end lisp This will allow you to fetch keys from your local copy of the global key ring instead of sending requests to the key servers directly (@pxref{Keyring Fetch}). Alternately, if your organization has a proxy HTTP server, you can configure Mailcrypt to use that. See @ref{HTTP Fetch}. If the key is found, you will be shown the result of running PGP on it locally. This allows you to inspect the signatures on the key @emph{relative to your own keyring} before you consent to having it added. @strong{Inspect the signatures carefully!} Key distribution is often the Achilles' heel of public key protocols. If you blindly use keys obtained from the key servers, you are asking for trouble. All of the methods use @code{mc-pgp-fetch-timeout} as a timeout in seconds; the default value is 30. @menu * Keyring Fetch:: Fetching from one or more other keyrings on the local system. * Finger Fetch:: Fetching a key through finger. * HTTP Fetch:: Fetching a key off of the Web. * GnuPG Fetch:: Using GnuPG's internal keyserver interface. @end menu @node Keyring Fetch, Finger Fetch, Key Fetching, Key Fetching @section Keyring Fetch @findex mc-pgp-fetch-from-keyrings The function @code{mc-pgp-fetch-from-keyrings} will attempt to fetch a key from a set of keyrings on the locally accessible filesystem. This is useful if your organization maintains a large common public keyring whose entire contents you do not wish to duplicate on your own ring. It is also useful if you download a copy of the global public ring from the key servers (@pxref{Key Servers}). @vindex mc-pgp-fetch-keyring-list The variable @code{mc-pgp-fetch-keyring-list} controls this behavior. It is a list of file names of public keyrings which this function will search, in order, when seeking a key. The default value is @code{nil}, meaning this search will always fail. @node Finger Fetch, HTTP Fetch, Keyring Fetch, Key Fetching @section Finger Fetch @findex mc-pgp-fetch-from-finger The function @code{mc-pgp-fetch-from-finger} will attempt to fetch a key by fingering an address and parsing the output for a PGP public key block. @node HTTP Fetch, GnuPG Fetch, Finger Fetch, Key Fetching @section HTTP Fetch @findex mc-pgp-fetch-from-http The function @code{mc-pgp-fetch-from-http} will attempt to fetch a key by connecting to a key server (@pxref{Key Servers}) which has a World Wide Web interface. @vindex mc-pgp-keyserver-address @vindex mc-pgp-keyserver-port @vindex mc-pgp-keyserver-url-template The variables @code{mc-pgp-keyserver-address}, @code{mc-pgp-keyserver-port}, and @code{mc-pgp-keyserver-url-template} control the fetching process. The default is to use Brian LaMacchia's key server at MIT. If this default should stop working, or if you want to help with network congestion and machine load, you can choose a different server. As of this writing, any of the following sequences of Emacs Lisp in your @file{.emacs} file will work; choose one: @lisp ;; Key server at MIT (Massachusetts, USA) ;; This is the default; these lines are only for reference ;(setq mc-pgp-keyserver-address "pgp.ai.mit.edu") ;(setq mc-pgp-keyserver-port 80) ;(setq mc-pgp-keyserver-url-template ; "/htbin/pks-extract-key.pl?op=get&search=%s") @end lisp @lisp ;; Key server at UPC (Barcelona, Spain) (setq mc-pgp-keyserver-address "goliat.upc.es") (setq mc-pgp-keyserver-port 80) (setq mc-pgp-keyserver-url-template "/cgi-bin/pks-extract-key.pl?op=get&search=%s") @end lisp @lisp ;; Key server at Cambridge University (Cambridge, England) (setq mc-pgp-keyserver-address "www.cl.cam.ac.uk") (setq mc-pgp-keyserver-port 80) (setq mc-pgp-keyserver-url-template "/cgi-bin/pks-extract-key.pl?op=get&search=%s") @end lisp @lisp ;; Key server at UIT (Tromso, Norway) (setq mc-pgp-keyserver-address "www.service.uit.no") (setq mc-pgp-keyserver-port 80) (setq mc-pgp-keyserver-url-template "/cgi-bin/pks-extract-key.pl?op=get&search=%s") @end lisp @lisp ;; Key server at CMU (Pennsylvania, USA) (setq mc-pgp-keyserver-address "gs211.sp.cs.cmu.edu") (setq mc-pgp-keyserver-port 80) (setq mc-pgp-keyserver-url-template "/cgi-bin/pgp-key?pgpid=%s") @end lisp If your organization has a firewall, you might not be able to access the World Wide Web directly. Your organization may have a proxy HTTP server set up, however. In that case, you should place code like the following in your @file{.emacs} file. You can use any of the above key servers instead of the one at MIT, of course. @lisp ;; Mailcrypt configuration for accessing key server through HTTP proxy (setq mc-pgp-keyserver-address "your.proxy.com") (setq mc-pgp-keyserver-port 13013) ; Your proxy's port (setq mc-pgp-keyserver-url-template "http://pgp.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=%s") @end lisp Note that fetching from a key server can be somewhat slow, so be patient. (At least it beats the tar out of the Email interface.) @node GnuPG Fetch, , HTTP Fetch, Key Fetching @section GnuPG Fetch GnuPG happens to have a built-in HKP keyserver interface which is completely independent from MailCrypt's own key fetching support. If your @file{.gnupg/gpg.conf} (@file{.gnupg/options} for older versions) file includes a line like: @samp{keyserver wwwkeys.pgp.net} then any operation that needs an otherwise-unavailable public key (which generally means signature verification) will automatically contact the keyserver and try to retrieve the key. It sends the hex keyid to the server, not a string, so it could only be used at encryption time if you already know the keyid of your recipients. You can also tell GPG to explicitly request a key (by hex keyid) with @samp{--recv-keys}, or to send your own key with @samp{--send-keys}. Check the GnuPG manual for details. It is also possible to fetch keys with @code{mc-fetch-key}, although its behaviour is a bit different from the one described in the pgp section, if @code{mc-default-scheme} is set to @code{'mc-scheme-gpg}. When called interactively, it will prompt for a key ID to fetch from a keyserver. You can either set the server to query with @lisp ;; Key server at DFN (Germany) ;; You should choose another one in your region. (setq mc-gpg-keyserver "blackhole.pca.dfn.de") @end lisp in your @file{.emacs} file or let GPG use its default defined in its configuration file. Every string that can be passed to the gpg @samp{--keyserver} option is allowed for @code{mc-gpg-keyserver}. At the moment it is @emph{not} possible to pass a search string to the function. Please use the @samp{--search-key} command option if you have a newer version of gpg. Maybe someday we will write a frontend for this. If you want to finger a key from a server use the @code{mc-gpg-fetch-from-finger} function. It expects an input of the form @samp{USER@@HOST}. The variable @code{mc-gpg-finger-timeout} defines the timeout in seconds for the operation. @node Miscellaneous Configuration, Tips, Key Fetching, Top @chapter Miscellaneous Configuration This chapter documents some additional Mailcrypt configuration options which could not be naturally described elsewhere. @menu * Alternate Keyring:: Specifying a different file to act like your public keyring. * Comment Field:: Burma Shave * Mode Line:: Changing that "MC-w" and "MC-r" stuff * Key Bindings:: Which keys cause which actions. * Nonstandard Paths:: Useful if your PGP installation is weird. @end menu @node Alternate Keyring, Comment Field, Miscellaneous Configuration, Miscellaneous Configuration @section Alternate Keyring By default, Mailcrypt will use the same public keyring that PGP would use if executed from the shell. @vindex mc-pgp-alternate-keyring You can cause Mailcrypt to use a specific public keyring by setting the variable @code{mc-pgp-alternate-keyring}. If this variable is set, Mailcrypt will use that keyring for all functions which would otherwise have used the default. This includes adding keys, extracting keys, verifying signatures, and encrypting messages. This feature might be useful if you maintain multiple keyrings; you can switch between them by setting this variable. Depending on your tastes, you might want to configure fetching from a keyring as well (@pxref{Keyring Fetch}). @node Comment Field, Mode Line, Alternate Keyring, Miscellaneous Configuration @section Comment Field By default, Mailcrypt will supply a "comment" option to PGP, resulting in output which looks something like this: @example ----- BEGIN PGP FOOBAR ----- Version: 2.6.3 Comment: Processed by Mailcrypt @value{VERSION}, an Emacs/PGP interface @dots{} ----- END PGP FOOBAR ----- @end example @vindex mc-pgp-comment @vindex mc-pgp50-comment @vindex mc-gpg-comment To change the comment to one of your own, set the variable @code{mc-pgp-comment}. Set it to @code{nil} to use PGP's default, which is probably either no comment or something defined in @file{config.txt}. @code{mc-pgp50-comment} and @code{mc-gpg-comment} are the corresponding variables for the other versions. @node Mode Line, Key Bindings, Comment Field, Miscellaneous Configuration @section Mode Line @code{mc-read-mode} and @code{mc-write-mode} will each indicate they are active by placing the string @samp{MC-r} or @samp{MC-w} in the mode line, respectively. @vindex mc-read-mode-string @vindex mc-write-mode-string You can change these strings by setting the variables @code{mc-read-mode-string} and @code{mc-write-mode-string}. So, for example, to get rid of the mode indicators entirely, you might put the following lines into your @file{.emacs} file: @lisp (setq mc-read-mode-string "") (setq mc-write-mode-string "") @end lisp @node Key Bindings, Nonstandard Paths, Mode Line, Miscellaneous Configuration @section Key Bindings @vindex mc-read-mode-map @vindex mc-write-mode-map The Mailcrypt key bindings are defined by the keymaps @code{mc-read-mode-map} and @code{mc-write-mode-map}. To change the key bindings, you just need to set these variables in your @file{.emacs} file. For example, if you wanted @kbd{C-c C-m} to be the Mailcrypt prefix (instead of @kbd{C-c /}) in @code{mc-read-mode}, you would put the following code in your @file{.emacs} file: @lisp (setq mc-read-mode-map (make-sparse-keymap)) (define-key mc-read-mode-map "\C-c\C-mf" 'mc-deactivate-passwd) (define-key mc-read-mode-map "\C-c\C-md" 'mc-decrypt) (define-key mc-read-mode-map "\C-c\C-mv" 'mc-verify) (define-key mc-read-mode-map "\C-c\C-ma" 'mc-snarf) (define-key mc-read-mode-map "\C-c\C-mk" 'mc-fetch-key) @end lisp For more information on Emacs key bindings, see @ref{Key Bindings, , Customizing Key Bindings, emacs, The GNU Emacs Manual}. @node Nonstandard Paths, , Key Bindings, Miscellaneous Configuration @section Nonstandard Paths The information in this section should be unnecessary, but is provided "just in case". @vindex mc-pgp-path Mailcrypt will look for the PGP executable in your standard search path under the name @file{pgp}. To use a different name (or to provide a complete path), set the variable @code{mc-pgp-path}. @vindex mc-pgp50-pgpe-path @vindex mc-pgp50-pgps-path @vindex mc-pgp50-pgpv-path @vindex mc-pgp50-pgpk-path PGP 5.0 includes four separate executables, usually installed as "pgpe", "pgps", "pgpv", and "pgpk". The variables @code{mc-pgp50-pgpe-path}, @code{mc-pgp50-pgps-path}, @code{mc-pgp50-pgpv-path}, and @code{mc-pgp50-pgpk-path} tell Mailcrypt where to find them if they are not on your search path. @vindex mc-gpg-path GnuPG is normally installed as "gpg". @code{mc-gpg-path} tells Mailcrypt where to find the executable if it is not on your path. In order to keep your identities straight, Mailcrypt needs to know where your secret keyring resides. Mailcrypt figures this out heuristically by assuming that the file @file{secring.pgp} is in the same directory as your public key ring. It determines the location of the latter by doing a dry run of PGP with @samp{+verbose=1} and parsing the output. @vindex mc-pgp-keydir If this heuristic is failing for you, you can manually tell Mailcrypt where your secret key ring is by setting the variable @code{mc-pgp-keydir}, like this: @lisp (setq mc-pgp-keydir "/users/patl/.pgp/") @end lisp Note that the trailing slash is @emph{required}. If the heuristic fails, please report it as a bug (@pxref{Credits}). Note that if you have changed the default location of your secret keyring, Mailcrypt will be unable to locate it. You can work around this by either setting @code{mc-pgp-keydir}, or by making a symbolic link to your secret keyring from @file{secring.pgp} in your default public keyring directory. @node Tips, Limitations, Miscellaneous Configuration, Top @chapter Tips Here are some random tips. @itemize @bullet @item PGP provides quite good security when used correctly. You are far more likely to use it correctly if you have read the directions. Read the @cite{PGP User's Guide}! @item 60 seconds is a relatively safe but somewhat inconvenient value for @code{mc-passwd-timeout}. If your paranoia permits, consider increasing it to five or ten minutes (@pxref{Passphrase Cache}). @item If Mailcrypt ever does something you wish it had not, @emph{DON'T PANIC}. Just use the normal Emacs undo command, @kbd{M-x undo} or @kbd{C-x u}, to restore your buffer (@pxref{Undo, Emacs Undo, Undoing Changes, emacs, The GNU Emacs Manual}). Mailcrypt keeps almost no state except what you see in your buffer, so any action can be undone this way. @item All Mailcrypt operations place PGP's output in the @code{*MailCrypt*} buffer. Check it occasionally for status and warning messages. @item Add yourself to the Mailcrypt announcements mailing list (@pxref{Mailing List}). That way you can find out about new versions of Mailcrypt automatically, and we can enjoy the feeling that people are actually using our package. @end itemize @node Limitations, References, Tips, Top @chapter Limitations Mailcrypt is a powerful program, but it is not a complete PGP interface. Perhaps some future version will be; in the meantime, you will need to use the command-line interface for some operations. Things which the current version does not support include: @table @emph @item Complete Key Management Mailcrypt's key management support is limited to adding and extracting keys from keyrings. It does not support key generation, key removal, key revocation, ID and trust parameter editing, or key signing. It also ignores PGP's warnings when you use a key which is not fully certified. (Of course, you can see these warnings by viewing the @code{*MailCrypt*} buffer; see @ref{Tips}.) @item Encryption with Conventional Cryptography Mailcrypt supports decryption but not encryption with "conventional" (i.e., non-public key) cryptography. @item Detached Signatures Mailcrypt does not support the creation nor the verification of detached signatures. @item "For your eyes only" Decryption Mailcrypt will be unable to decrypt a file which was encrypted with the "for your eyes only" (@samp{-m}) option. This is actually a bug in PGP, which provides no portable way to avoid its paging behavior. @end table @node References, Credits, Limitations, Top @chapter References This chapter contains information and pointers to information about topics related to PGP and Mailcrypt. @menu * Online Resources:: Recreational reading with a purpose. * Key Servers:: Keepers of the Global Keyring. * Mailing List:: Staying informed while pumping the authors' egos. * Politics:: Anarcho-foobarism. @end menu @node Online Resources, Key Servers, References, References @section Online Resources @table @file @item http://sourceforge.net/users/patl "Mailcrypt: An Emacs/PGP Interface", by Patrick J. LoPresti. The author of original Mailcrypt. @item http://world.std.com/~franl/crypto.html "Cryptography Web Sites, Publications, FAQs, and References", by Fran Litterio. This page is simply excellent. It makes all the other References in this chapter redundant, but we will include them anyway for redundancy. @item http://www.faqs.org/faqs/by-newsgroup/alt/alt.security.pgp.html This is a site for the @file{alt.security.pgp} FAQ lists. @item news:alt.security.pgp The @file{alt.security.pgp} newsgroup is a good place to go for discussion about PGP, as well as any topic which any fool anywhere ever thinks is related to PGP. It is also a good last resort for getting answers to questions, but please read the FAQ lists first. @item http://www.farcaster.com/ Brian LaMacchia put together a World Wide Web interface to the public key servers (@pxref{Key Servers}). Mailcrypt uses this interface by default when attempting to fetch keys via HTTP (@pxref{HTTP Fetch}); most people get to his interface through this page. @item ftp://ftp.csua.berkeley.edu/pub/cypherpunks/Home.html The Cypherpunks are dedicated to taking proactive measures to ensure privacy in the digital age. They wrote the software for, and operate many of, the anonymous remailers currently in existence. @item http://www.advogato.org/person/raph/ Raph Levien (raph.levien at gmail.com) previously maintained a remailer list. If you are impressed by how easy it is to configure Mailcrypt's remailer functions, Raph is the one to thank. @item http://en.wikipedia.org/wiki/Lance_Cottrell Lance Cottrell is the author of Mixmaster. @item http://www.gnupg.org/ Homepage for the GNU Privacy Guard. This is a GPL-ed replacement for PGP. @end table @node Key Servers, Mailing List, Online Resources, References @section Key Servers @dfn{Key servers} are machines with a publicly accessible interface to an enormous global public keyring. Anyone may add keys to or query this keyring. Each key server holds a complete copy of the global keyring, and they arrange to keep one another informed of additions they receive. This means you can tell any key server to add your public key to the global keyring, and all of the other servers will know about it within a day or so. Then anyone will be able to query any key server to obtain your public key. To add your key to the keyservers, send an Email message to @code{pgp-public-keys@@pgp.ai.mit.edu} with a subject line of @samp{ADD} and a body containing your public key block. With Mailcrypt installed, you can just type @kbd{C-c / x} to insert your public key block (@pxref{Inserting Keys}) into the body of the message. For help with the Email interface to the key servers, send a message with a subject line of @samp{HELP}. For a World Wide Web interface to the key servers, see Brian LaMacchia's home page at @file{http://www-swiss.ai.mit.edu/~bal/}. Some other key servers include: @itemize @bullet @item pgp-public-keys@@jpunix.com @item pgp-public-keys@@kub.nl @item pgp-public-keys@@uit.no @item pgp-public-keys@@pgp.ox.ac.uk @end itemize For a complete list, consult any good online repository of PGP information (@pxref{Online Resources}). It is strongly recommended that you submit your key to the key servers, since many humans and programs (including Mailcrypt) may look for it there. Besides, it takes mere seconds and the pain passes quickly. @node Mailing List, Politics, Key Servers, References @section Mailing List New releases of Mailcrypt are announced on the SourceForge mailing lists. They are where discussion about bugs and new features take place. Please see @file{http://mailcrypt.sourceforge.net/} for subscription instructions and archives. @node Politics, , Mailing List, References @section Politics Cryptography in general, PGP in particular, and free software are politically somewhat controversial topics. Heck, in the U.S. Congress, freedom of speech is a controversial topic. Anyway, here are some organizations you should definitely watch and preferably send lots of money. @table @emph @item The Electronic Frontier Foundation The EFF (@file{http://www.eff.org/}) works to protect civil liberties in cyberspace. They also maintain an impressive collection of on-line resources. If you like Mailcrypt so much that you wish you had paid for it, this is the number one place we would want to see your money go. The EFF newsgroups, @file{comp.org.eff.news} and @file{comp.org.eff.talk}, are required reading for the well-informed. @item The League for Programming Freedom The LPF (@file{http://www.lpf.org/}) works to fight software patents, which threaten to make free software like Mailcrypt impossible. @item The Center for Democracy and Technology The CDT (@file{http://www.cdt.org/}) has essentially the same goals as the EFF, but is more of a lobbying group. @end table Mailcrypt's remailer support was inspired by the Communications Decency Act of 1995 (see @file{http://www.cdt.org/speech/cda/} and @file{http://wikipedia.org/wiki/Communications_Decency_Act}) and by the International "Church" of Scientology (see @file{http://wikipedia.org/wiki/Church_of_Scientology}). @node Credits, Index, References, Top @chapter Credits Mailcrypt was written by Jin Choi (jin@@atype.com) and Pat LoPresti (patl@@lcs.mit.edu). PGP 5 support was added by Len Budney. GnuPG, modern mixmaster, and mixminion support were added by Brian Warner. Mailcrypt is hosted on SourceForge, at @file{http://mailcrypt.sourceforge.net/}. Please send us your bug reports and comments. Also see @ref{Mailing List}. This documentation was mostly written by Pat LoPresti, but borrows heavily from an earlier version by Hal Abelson (hal@@mit.edu). Mailcrypt would not be as robust nor as featureful if it were not for our outstanding set of Beta testers: @itemize @bullet @item Samuel Tardieu @item Richard Stanton @item Peter Arius @item Tomaz Borstnar @item Barry Brumitt @item Steffen Zahn @item Mike Campbell @item Mark Baushke @item Mike Long @end itemize @page @node Index, , Credits, Top @unnumbered Index This index has an entry for every key sequence, function, and variable documented in this manual. @printindex cp @contents @bye @c End: mailcrypt-3.5.9/mc-gpg.el000066400000000000000000001407661134617107500152530ustar00rootroot00000000000000;; mc-gpg.el, GPG support for Mailcrypt ;; Copyright (C) 1995 Jin Choi ;; Patrick LoPresti ;; 1998 Brian Warner ;;{{{ Licensing ;; This file is intended to be used with GNU Emacs. ;; This program is free software; you can redistribute it and/or modify ;; it under the terms of the GNU General Public License as published by ;; the Free Software Foundation; either version 2, or (at your option) ;; any later version. ;; This program is distributed in the hope that it will be useful, ;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;; GNU General Public License for more details. ;; You should have received a copy of the GNU General Public License ;; along with GNU Emacs; see the file COPYING. If not, write to ;; the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. ;;}}} (require 'mailcrypt) ; pieces to do: ; #key lookup? ; #mc-gpg-encrypt-region ; need to deal with untrusted keys, missing keys (offer to fetch), --throw ; #mc-gpg-decrypt-region [anything not clearsigned] (a,as,ae,ase) ; need to implement signature-key fetch, ponder --throw-keyid case ; keys without passphrases, sigs with bad algorithms (ignore sig? warn?) ; #mc-gpg-sign-region (clearsign/notclearsign) ; #mc-gpg-verify-region [clearsigned only] (ok/badsig/missingkey/corruptmsg) ; #mc-gpg-insert-public-key (comment, altkeyring) ; #mc-gpg-snarf-keys (one, multiple, old, corrupt) ; key fetching (is there a GPG key server yet?) ; clean up use of buffers, #kill off old tmp buffers ; in verify-region, print date of signature too ; ~maybe have bad-signature message print keyid/date? (no, sig is invalid, ; ~ anything other than its invalidity is misleading) ; make messages shorter (get it all to fit in echo area) ; enhancements I'd like to add ; trustdb status reporting during encryption/decryption: show the best trust ; path to the recipient/signer? ; completion on local id when signing (--list-secret-keys should know them) ; algorithm preferences, possibly by destination user ; (this is embedded in gpg) ; extra options, possibly by destination user. Maybe for pgp5.0/pgp2.6 compat? ; rfc2015 operation (MIME: application/pgp-signature, etc) ; signature dates are currently reported with just the date. Find a time ; formatting function and use the longtime in the VALIDSIG message. ; mc-gpg-alternate-keyring seems dubious.. have two options, public/private? ; using a shell introduces concerns about quoting and such. If the name of a ; key used as a recipient or as a mc-gpg-user-id (a key to sign with) has a ; double quote or ! or weird stuff, things could break. ; encrypting to a nontrusted key is problematic: when not in --batch mode, ; gpg warns the user and asks if they want to use the key anyway. In --batch ; mode, it fails, even if we give --yes. Worse yet, if we encrypt to multiple ; recipients, the untrusted ones get dropped withou flagging an error (stderr ; does get a message, but it doesn't indicate which keys had a problem) (defvar mc-gpg-user-id (user-login-name) "*GPG ID of your default identity.") (defvar mc-gpg-path "gpg" "*The GPG executable.") (defvar mc-gpg-display-snarf-output nil "*If t, pop up the GPG output window when snarfing keys.") (defvar mc-gpg-always-fetch 'never "*If t, always fetch missing keys. If 'never, never fetch. If nil, ask the user.") (defvar mc-gpg-alternate-keyring nil "*Public keyring to use instead of default.") (defvar mc-gpg-comment (format "Processed by Mailcrypt %s " mc-version) "*Comment field to appear in ASCII armor output. If nil, let GPG use its default.") (defconst mc-gpg-msg-begin-line "^-----BEGIN PGP MESSAGE-----\r?$" "Text for start of GPG message delimiter.") (defconst mc-gpg-msg-end-line "^-----END PGP MESSAGE-----\r?$" "Text for end of GPG message delimiter.") (defconst mc-gpg-signed-begin-line "^-----BEGIN PGP SIGNED MESSAGE-----\r?$" "Text for start of GPG signed messages.") (defconst mc-gpg-signed-end-line "^-----END PGP SIGNATURE-----\r?$" "Text for end of GPG signed messages.") (defconst mc-gpg-key-begin-line "^-----BEGIN PGP PUBLIC KEY BLOCK-----\r?$" "Text for start of GPG public key.") (defconst mc-gpg-key-end-line "^-----END PGP PUBLIC KEY BLOCK-----\r?$" "Text for end of GPG public key.") (defvar mc-gpg-extra-args nil "Extra arguments to pass to all invocations of gpg. Used during debugging to set --homedir, to use special test keys instead of the developer's normal keyring.") (defvar mc-gpg-debug-buffer nil "A buffer for debugging messages. If nil, no debugging messages are logged. BEWARE! Sensitive data (including your passphrase) is put here. Set this with: (setq mc-gpg-debug-buffer (get-buffer-create \"mc debug\"))") ;; we use with-current-buffer for clarity. emacs19 doesn't have it. This ;; code is cribbed from lazy-lock.el which does the same thing (eval-when-compile ;; We use this for clarity and speed. Borrowed from a future Emacs. (or (fboundp 'with-current-buffer) (defmacro with-current-buffer (buffer &rest body) "Execute the forms in BODY with BUFFER as the current buffer. The value returned is the value of the last form in BODY." (` (save-excursion (set-buffer (, buffer)) (,@ body))))) ) (defun mc-gpg-debug-print (string) (if (and (boundp 'mc-gpg-debug-buffer) mc-gpg-debug-buffer) (print string mc-gpg-debug-buffer))) ;; the insert parser will return '(t) and insert the whole of stdout if ;; rc == 0, and will return '(nil rc stderr) if rc != 0 (defun mc-gpg-insert-parser (stdoutbuf stderrbuf statusbuf rc parserdata) (mc-gpg-debug-print (format "(mc-gpg-generic-parser stdoutbuf=%s stderrbuf=%s rc=%s" stdoutbuf stderrbuf rc)) (if (= rc 0) '(t (t)) (list nil nil rc (with-current-buffer stderrbuf (buffer-string)))) ) ;; the null parser returns rc and never inserts anything (defun mc-gpg-null-parser (stdoutbuf stderrbuf statusbuf rc parserdata) (list nil rc)) ; utility function (variant of mc-process-region): ; take region in current buffer, send as stdin to a process ; maybe send in a passphrase first ; three buffers of output are collected: stdout, stderr, and --status-fd ; ; parser is called with stdoutbuf as the current buffer as ; (parser stdoutbuf stderrbuf statusbuf rc parserdata) ; and is expected to return a list: ; '(REPLACEP RESULT) ; ; if REPLACEP is true, the original buffer's [beg..end] will be replaced by ; the stdout data buffer's contents (all of it). Otherwise the original buffer ; is left alone. RESULT (specifically (cdr parser-return-value)) is returned ; by mc-gpg-process-region. (defun mc-gpg-process-region (beg end passwd program args parser bufferdummy &optional parserdata) (let ((obuf (current-buffer)) (process-connection-type nil) (shell-file-name "/bin/sh") ;; ??? force? need sh (not tcsh) for "2>" ; other local vars mybuf stderr-tempfilename stderr-buf status-tempfilename status-buf proc rc status parser-result ) (mc-gpg-debug-print (format "(mc-gpg-process-region beg=%s end=%s passwd=%s program=%s args=%s parser=%s bufferdummy=%s)" beg end passwd program args parser bufferdummy)) (setq stderr-tempfilename (make-temp-name (expand-file-name "mailcrypt-gpg-stderr-" mc-temp-directory))) (setq status-tempfilename (make-temp-name (expand-file-name "mailcrypt-gpg-status-" mc-temp-directory))) (unwind-protect (progn ;; get output places ready (setq mybuf (get-buffer-create " *mailcrypt stdout temp")) (set-buffer mybuf) (erase-buffer) ;; set the stdout buffer to be multibyte, so it can handle ;; whatever characters come back from GPG. These may be non-ASCII, ;; and unibyte buffers can't handle those correctly. If emacs is ;; in unibyte mode (such as when standard-display-european is ;; active), the multibyte characters will be downgraded to unibyte ;; when they are copied back into the email buffer. iso-latin-1 ;; characters will survive this transition, others will not (but ;; then you wouldn't be using standard-display-european anyway). (set-buffer-multibyte t) (set-buffer obuf) (buffer-disable-undo mybuf) (if passwd (setq args (append '("--passphrase-fd" "0") args))) (setq args (append (list (concat "2>" stderr-tempfilename)) args)) (setq args (append (list (concat "3>" status-tempfilename)) args)) (setq args (append '("--status-fd" "3") args)) (if mc-gpg-extra-args (setq args (append mc-gpg-extra-args args))) (mc-gpg-debug-print (format "prog is %s, args are %s" program (mapconcat '(lambda (x) (format "'%s'" x)) args " "))) (setq proc (apply 'start-process-shell-command "*GPG*" mybuf program args)) ;; send in passwd if necessary (if passwd (progn (process-send-string proc (concat passwd "\n")) (or mc-passwd-timeout (mc-deactivate-passwd t)))) ;; send in the region (process-send-region proc beg end) ;; finish it off (process-send-eof proc) ;; wait for it to finish (while (eq 'run (process-status proc)) (accept-process-output proc 5)) ;; remember result codes (setq status (process-status proc)) (setq rc (process-exit-status proc)) (mc-gpg-debug-print (format "prog finished, rc=%s" rc)) ;; Hack to force a status_notify() in Emacs 19.29 (delete-process proc) ;; remove the annoying "yes your process has finished" message (set-buffer mybuf) (goto-char (point-max)) (if (re-search-backward "\nProcess \\*GPG.*\n\\'" nil t) (delete-region (match-beginning 0) (match-end 0))) (goto-char (point-min)) ;; CRNL -> NL (while (search-forward "\r\n" nil t) (replace-match "\n")) ;; ponder process death: signal, not just rc!=0 (if (or (eq 'stop status) (eq 'signal status)) ;; process died (error "%s exited abnormally: '%s'" program rc) ;;is rc a string? ) (if (= 127 rc) (error "%s could not be found" program) ;; at least on my system ) ;; fill stderr buf (setq stderr-buf (get-buffer-create " *mailcrypt stderr temp")) (buffer-disable-undo stderr-buf) (set-buffer stderr-buf) (erase-buffer) (insert-file-contents stderr-tempfilename) ;; fill status buf (setq status-buf (get-buffer-create " *mailcrypt status temp")) (buffer-disable-undo status-buf) (set-buffer status-buf) (erase-buffer) (insert-file-contents status-tempfilename) ;; feed the parser (set-buffer mybuf) (setq parser-result (funcall parser mybuf stderr-buf status-buf rc parserdata)) (mc-gpg-debug-print (format " parser returned %s" parser-result)) ;; what did the parser tell us? (if (car parser-result) ;; yes, replace region (progn (set-buffer obuf) (delete-region beg end) (goto-char beg) (insert-buffer-substring mybuf) )) ;; return result (cdr parser-result) ) ;; cleanup forms (if (and proc (eq 'run (process-status proc))) ;; it is still running. kill it. (interrupt-process proc)) (set-buffer obuf) (delete-file stderr-tempfilename) (delete-file status-tempfilename) ;; kill off temporary buffers unless we're debugging (if (or (not (boundp 'mc-gpg-debug-buffer)) (not mc-gpg-debug-buffer)) (progn (if (get-buffer " *mailcrypt stdout temp") (kill-buffer " *mailcrypt stdout temp")) (if (get-buffer " *mailcrypt stderr temp") (kill-buffer " *mailcrypt stderr temp")) (if (get-buffer " *mailcrypt status temp") (kill-buffer " *mailcrypt status temp")) )) ))) ; this lookup is used to turn key identifiers into names suitable for ; presentation to the user. When decrypting, the hex keyid to which the ; incoming message is encrypted is looked up to ask the user for a passphrase ; by name. When encrypting, the user's id (mc-gpg-user-id) is looked up to ; ask for a passphrase, and if mc-gpg-encrypt-to-me is true, the user's id ; is looked up to provide a full name to gpg. gpg is always given full names, ; because the hex keyids it provides might not work for both signing and ; encryption (split keys in gpg/pgp5) ; ;31:warner@zs2-pc4% gpg --list-secret-keys --with-colons --no-greeting ;/home/warner/.gnupg/secring.gpg ;------------------------------- ;sec::1024:17:1FE9CBFDC63B6750:1998-08-04:0:::Brian Warner (temporary GPG key) : ;ssb::1024:20:C68E8DE9F759FBDE:1998-08-04:0::: ;sec::768:17:16BD446D567E33CF:1998-08-04:0:::signature (sample signature key) : ;sec::768:16:D514CB72B37D9AF4:1998-08-04:0:::crypt (crypt) : ;sec::1024:17:4DBDD3258230A3E0:1998-08-04:0:::dummyy : ;ssb::1024:20:549B0E6CBBBB43D1:1998-08-04:0::: ; ; we use the whole user id string (Brian..lothar.com>) as USER-ID, and the ; long keyid 1FE9CBFDC63B6750 for KEY-ID (defvar mc-gpg-key-cache nil "Association list mapping GPG IDs to canonical \"keys\". A \"key\" is a pair (USER-ID . KEY-ID) which identifies the canonical IDs of the GPG ID.") (defun mc-gpg-lookup-key (str &optional type) ;; Look up the string STR in the user's secret key ring. Return a ;; pair of strings (USER-ID . KEY-ID) which uniquely identifies the ;; matching key, or nil if no key matches. (let (args) (if (string= str "***** CONVENTIONAL *****") nil (let ((result (cdr-safe (assoc str mc-gpg-key-cache))) (key-regexp "^\\(sec\\|pub\\):[^:]*:[^:]*:[^:]*:\\([^:]*\\):[^:]*:[^:]*:[^:]*:[^:]*:\\([^:]*\\):" ) (obuf (current-buffer)) buffer) (if (null result) (unwind-protect (progn (setq buffer (generate-new-buffer " *mailcrypt temp")) (setq args (list "--with-colons" "--no-greeting" "--batch" "--list-secret-keys" str )) (if mc-gpg-alternate-keyring (setq args (append (list "--keyring" mc-gpg-alternate-keyring) args))) (if mc-gpg-extra-args (setq args (append mc-gpg-extra-args args))) (mc-gpg-debug-print (format "lookup: args are %s" args)) (let ((coding-system-for-read (if (and (fboundp 'coding-system-p) (coding-system-p 'utf-8)) 'utf-8 nil))) (apply 'call-process mc-gpg-path nil buffer nil args)) (set-buffer buffer) (goto-char (point-min)) (if (re-search-forward key-regexp nil t) (progn (setq result (cons (buffer-substring-no-properties (match-beginning 3) (match-end 3)) (concat "0x" (buffer-substring-no-properties (match-beginning 2) (match-end 2))))) (setq mc-gpg-key-cache (cons (cons str result) mc-gpg-key-cache))))) ;(if buffer (kill-buffer buffer)) (set-buffer obuf))) (if (null result) (error "No GPG secret key for %s" str)) result)))) ;gpg: no info to calculate a trust probability ;gpg: no valid addressees ;gpg: [stdin]: encryption failed: No such user id (defun mc-gpg-encrypt-region (recipients start end &optional id sign) (let ((process-environment process-environment) (buffer (get-buffer-create mc-buffer-name)) (obuf (current-buffer)) action msg args key passwd result gpg-id) (mc-gpg-debug-print (format "(mc-gpg-encrypt-region recipients=%s start=%s end=%s id=%s sign=%s)" recipients start end id sign)) (setq args (list "--batch" "--armor" "--textmode" "--always-trust" (if recipients "--encrypt" "--store") )) (setq action (if recipients "Encrypting" "Armoring")) (setq msg (format "%s..." action)) ; May get overridden below (if mc-gpg-comment (setq args (append (list "--comment" (format "'%s'" mc-gpg-comment)) args))) (if mc-gpg-alternate-keyring (setq args (append (list "--keyring" mc-gpg-alternate-keyring) args))) (if (and (not (eq mc-pgp-always-sign 'never)) (or mc-pgp-always-sign sign (y-or-n-p "Sign the message? "))) (progn (setq key (mc-gpg-lookup-key (or id mc-gpg-user-id) 'encrypt)) (setq passwd (mc-activate-passwd (cdr key) (format "GPG passphrase for %s (%s): " (car key) (cdr key)))) (setq args (append (list "--local-user" (cdr key) "--sign" ) args)) (setq msg (format "%s+signing as %s ..." action (car key))) (if (not recipients) ;; the --store is last in args. remove it. remove --textmode too (setq args (nreverse (cddr (nreverse args))))) ) ) ; if we're supposed to encrypt for the user too, we need their key ;; FIXME: we only need their public key, not the secret one. Some users ;; (the author included) keep their secret keys offline unless needed ;; (but the public ones are still available).. the --list-secret-keys ;; done by mc-gpg-lookup-key will fail in this situation. Change ;; mc-gpg-lookup-key to have a way to look for public keys too. (if (and recipients mc-encrypt-for-me) (setq recipients (cons (cdr (or key (setq key (mc-gpg-lookup-key mc-gpg-user-id 'encrypt))) ) recipients))) ; push(@args, map {qq<-r "$_">} @recipients) if @recipients; # roughly (if recipients (setq args (append (apply 'append (mapcar '(lambda (x) (list "--recipient" (concat "\"" x "\""))) recipients)) args))) (message "%s" msg) (setq result (mc-gpg-process-region start end passwd mc-gpg-path args 'mc-gpg-insert-parser buffer)) (if (not (car result)) (error "%s failed: %s" msg (nth 2 result))) t )) ; GPG DECRYPT BEHAVIOR: gnupg-0.9.9 only ; (all status messages are prefixed by "[GNUPG:] " ; signed (not encrypted) by a known key [S.s1v]: ; rc == 0, stdout has message ; status: ; SIG_ID ; GOODSIG ; VALIDSIG ; TRUST_foo ; signed (not encrypted) by unknown key [S.s4]: ; rc == 2, stdout has message ; status: ; ERRSIG ; NO_PUBKEY ; encrypted to a private key we don't have [E.e3]: ; rc == 2, ; stderr: gpg: decryption failed: secret key not available ; status: ; ENC_TO ; NO_SECKEY ; DECRYPTION_FAILED ; encrypted to us, our key has no passphrase ; rc == 0? ; stderr: gpg: NOTE: secret key foo is NOT protected ; status: ; ENC_TO ; GOOD_PASSPHRASE ; DECRYPTION_OKAY ; encrypted to us, but we didn't give a passphrase [E.e1r, no pw]: ; rc == 2 ; stderr: gpg: fatal: Can't query password in batchmode ; status: ; ENC_TO ; NEED_PASSPHRASE ; MISSSING_PASSPHRASE ; BAD_PASSPHRASE ; DECRYPTION_FAILED ; (N.B.: gpg cannot tell tell the difference between no passphrase and an ; empty passphrase.) ; encrypted to us *and someone else*, no passphrase [E.e3re1r, no pw]: ; rc == 2? ; stderr: gpg: fatal: Can't query password in batchmode ; status: ; ENC_TO ; NEED_PASSPHRASE ; MISSSING_PASSPHRASE ; BAD_PASSPHRASE ; ENC_TO .. .. ; NO_SECKEY ; DECRYPTION_FAILED ; encrypted to us, but we used the wrong passphrase [E.e1r, bad pw]: ; rc == 2 ; stderr: gpg: public key decryption failed: [Bb]ad passphrase ; status: ; ENC_TO ; NEED_PASSPHRASE ; BAD_PASSPHRASE ; DECRYPTION_FAILED ; encrypted to us, good passphrase [E.e1r, good pw]: ; rc == 0, stdout has message ; status: ; ENC_TO ; NEED_PASSPHRASE ; GOOD_PASSPHRASE ; DECRYPTION_OKAY ; encrypted to us, good passphrase, signed by trusted/untrusted party ; [ES.e1r.s1v, good ps]: ; rc == 0, stdout has message ; stderr: gpg: Signature made using DSA key ID ; stderr: gpg: Good signature from "" ; status: ; ENC_TO ; NEED_PASSPHRASE ; GOOD_PASSPHRASE ; SIG_ID ; GOODSIG ; VALIDSIG ; TRUST_(UNDEFINED|NEVER|MARGINAL|FULLY|ULTIMATE) ; DECRYPTION_OKAY ; encrypted to us, good passphrase, signed by unknown party [ES.e1r.s4]: ; rc == 2, stdout has message ; stderr: gpg: Signature made using DSA key ID ; stderr: gpg: Can't check signature: [Pp]ublic key not found ; status: ; ENC_TO ; NEED_PASSPHRASE ; GOOD_PASSPHRASE ; ERRSIG ; rc: 4 is unknown algorithm, 9 is missing public key ; NO_PUBKEY ; DECRYPTION_OKAY ; symmetrically encrypted, we didn't give a passphrase ; rc == 2, stderr: gpg: fatal: Can't query password in batchmode ; status: ; NEED_PASSPHRASE_SYM ; MISSING_PASSPHRASE ; DECRYPTION_FAILED ; symmetrically encrypted, we gave the wrong passphrase ; rc == 2, stderr: gpg: decryption failed: [Bb]ad key ; status: ; NEED_PASSPHRASE_SYM ; DECRYPTION_FAILED ; symmetrically encrypted, good passphrase ; rc == 0, stdout: message ; status: ; NEED_PASSPHRASE_SYM ; DECRYPTION_OKAY ; armored [A]: ; rc == 0, stdout: message ; no status ; corrupted armor ; rc == 2, stderr: gpg: CRC error; stuff - stuff ; ( to test: multiple recipients, keys without passphrases) ;; this parser's return convention: ;; '( ( ;; replacep ; consumed by process-region: decrypt was successful ;;0 have-secret-key ; t: we are a recipient (TODO: stealth), ;; 'symmetric : need passphrase ;; 'signed : signed not encrypted ;; nil: not a recipient ;;1 passphrase-ok ; t was good, nil was bad, keyid: need pw for keyid ;;2 signature: ;; nil: no sig ;; keyid-hex : don't have signature key ;; '(keyid-string t trust date) : good signature on date with trust ;; '(keyid-string nil trust date) : bad signature on date with trust ;; ) ;; ) ; todo: stealth ("--throw-keyid")? ; when there is a signature that we can't check because of a bad algo ; then we pretend there wasn't a signature. extend the return convention ; to signal this case. ; when there is a signature that we can't check because we don't ; currently have a key, and if we successfully fetch that key in ; mc-gpg-decrypt-region, how do we restart the operation? ;; cases: ;; *not addressed to us (nil nil nil) ;; *just armored (same as good symmetric) ('symmetric t nil) ;; conventionally encrypted ;; *didn't give passphrase ('symmetric "***** CONVENTIONAL *****" nil) ;; did give passphrase ;; *bad passphrase ('symmetric nil nil) ;; *good passphrase ('symmetric t nil) ;; signed (not clearsigned), not encrypted ;; *don't have key ('signed t keyid) ;; do have key ;; *good sig ('signed t (t keyid-string trust date)) ;; *bad sig ('signed t (nil keyid-string trust date)) ;; encrypted to us: ;; *didn't give passphrase (t keyid nil) ;; gave passphrase: ;; *bad passphrase (t nil nil) ;; good passphrase ;; decrypted ok ;; *no signature (t t nil) ;; yes signature ;; *don't have key (offer to fetch) (t t keyid) ;; do have key ;; *good sig (t t (t keyid-string date trust)) ;; *bad sig (t t (nil keyid-string date trust)) ;; a subfunction to extract the signature info. Used in both decrypt-parser ;; and verify-parser. Call with statusbuf. Returns ;; '(sigtype sigid sigdate sigtrust) (defun mc-gpg-sigstatus-parser () (let (sigtype sigid sigdate sigtrust) ;; sigtype: GOOD, BAD, ERR ;; sigid: who made the signature? (a name if possible, else hex keyid) ;; sigdate: date string of when the sig was made (goto-char (point-min)) (if (re-search-forward "^\\[GNUPG:\\] +\\(GOOD\\|BAD\\|ERR\\)SIG\\b" nil t) (progn (setq sigtype (match-string 1)) (goto-char (point-min)) (if (and (or (string= sigtype "GOOD") (string= sigtype "BAD")) (re-search-forward "^\\[GNUPG:\\] +\\(GOOD\\|BAD\\)SIG +\\(\\S +\\) +\\(.*\\)$" nil t)) ;; match-string 2 is the hex keyid of the signator. ;; #3 is the name (setq sigid (match-string 3))) ;; for ERRSIG: ;; match-string #1 is the hex keyid, #2 is the algorithm ID ;; (17: DSA, 1,3: RSA, 20: Elgamal) ;; #3: hashalgo, #4: sigclass, #5: longtime, #6: rc ;; (rc==4 for unknown algo, 9 for missing public key) ;; we only set sigtype if: ;; (#1 is present), and ;; ((#6 is missing) or (#6 == 9)) ;; the idea being to not fetch a key if we aren't going to be able ;; to use the algorithm it wants (goto-char (point-min)) (if (and (string= sigtype "ERR") (re-search-forward "^\\[GNUPG:\\] +ERRSIG +\\(\\S +\\)" nil t)) (let (errsig-rc (sigid-temp (match-string 1))) (goto-char (point-min)) (if (re-search-forward "^\\[GNUPG:\\] +ERRSIG +\\(\\S +\\) +\\(\\S +\\) +\\(\\S +\\) +\\(\\S +\\) +\\(\\S +\\) +\\(\\S +\\)" nil t) (setq errsig-rc (match-string 6))) (if (or (not errsig-rc) (string= errsig-rc "9")) (setq sigid sigid-temp)) )) ;; for GOODSIG: ;; VALIDSIG should be present, with