Welcome to the new location of Alien's Wiki, sharing a single dokuwiki install with the SlackDocs Wiki.

Welcome to Eric Hameleers (Alien BOB)'s Wiki pages.

If you want to support my work, please consider a small donation:

no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


Previous revision
Last revision
linux:pine_gpg [2006/05/29 09:45] alien
Line 1: Line 1:
 +===== Email encryption with Pine and GPG =====
  
 +Pine is a nice but powerful console mail client, and just like GPG, it is available on many Linux and Unix based computers. 
 +It is not hard to make [[http://www.washington.edu/pine/|Pine]] read and send GPG-encrypted or -signed messages. Several tools are available that glue gpg and pine together, and I use [[http://quantumlab.net/pine_privacy_guard/|Pine Privacy Guard]] (PPG). This is a small Perl script that does all the hard interfacing work.
 +
 +==== Installation and configuration ====
 +
 +  * Install //Pine Privacy Guard// on your computer: <code>
 +wget http://quantumlab.net/pine_privacy_guard/pinepg-1.02.tgz
 +tar -C /usr/local -zxvf pinepg-1.02.tgz 
 +cd /usr/local/
 +chown -R root:root /usr/local/pinepg-1.02
 +ln -s pinepg-1.02 pinepg
 +chmod 755 /usr/local/pinepg/pine_privacy_guard.pl 
 +</code> If you install PPG in another place than ''/usr/local/pinepg'', make certain that you adapt the pathnames that are used further down in the Pine configuration.
 +
 +  * Uncomment the  line ''default-recipient-self'' in your ''~/.gnupg/gpg.conf'' file to encrypt to self so you can are able read your own encrypted //sent// messages later on:<code>
 +#default-key 0xYourKeyID
 +default-recipient-self
 +</code>
 +
 +  * Configure Pine's display-filters and sending-filters\\ either edit your ''~/.pinerc'' directly and make sure that the relevant bits look like this: <code>
 +# This variable takes a list of programs that message text is piped into
 +# after MIME decoding, prior to display.
 +display-filters=_LEADING("-----BEGIN PGP MESSAGE-----")_ /usr/local/pinepg/decrypt _RESULTFILE_ _DATAFILE_ _PREPENDKEY_,
 +        _LEADING("-----BEGIN PGP SIGNED MESSAGE-----")_ /usr/local/pinepg/verify _TMPFILE_ _RESULTFILE_
 +
 +# This defines a program that message text is piped into before MIME
 +# encoding, prior to sending
 +sending-filters=/usr/local/pinepg/clearsign _RESULTFILE_ _DATAFILE_ _PREPENDKEY_,
 +        /usr/local/pinepg/encrypt _RECIPIENTS_ _RESULTFILE_ _DATAFILE_ _PREPENDKEY_
 +</code> or configure this from within Pine: (**S**etup > **C**onfig > **W**hereis > ''display-filters'' and add the two values shown above. Same for ''sending-filters'')
 +
 +  * (Optionally - looks cool) add these custom X-Headers to each email you send with pine: <code>
 +# Add these customized headers (and possible default values) when composing
 +customized-hdrs=X-GPG-PUBLIC_KEY: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA75CBDA0,
 +        X-GPG-FINGRPRINT: F2CE 1B92 EE1F 2C0C E97E 581E 5E56 AAAF A75C BDA0
 +</code> You can edit ''~/.pinerc'' directly (look for the ''customized-hdrs='' line) or configure from within pine (**S**etup > **C**onfig > **W**hereis > ''customized-hdrs'')\\ Of course, the example GPG fingerprint and key-URL are mine, and you should substitute your own.
 +
 +==== Working with GPG in Pine ====
 +
 +=== Sending email ===
 +
 +You use Pine as usual, so composing a new email is no different than before. The fun starts when you press <CTRL>-X to send it. Upon pressing <CTRL>-X instead of sending the message, Pine will ask which filter you want to use. You can choose 1 of 3 options (and cycle through them using <CTRL>-P and <CTRL>-N):
 +
 +  - Unfiltered; send email without using any cryptography.
 +  - Encrypt the email (PinePG will also sign it by default).
 +  - Clear-sign the email.
 +
 +After entering your choice, the email is sent.
 +
 +During your Pine session, the first time you have to use GPG to read or send a mail message, you will be prompted for your GPG passphrase. After that PinePG will [[http://quantumlab.net/pine_privacy_guard/faq.php#passphrase|securely]] remember your passphrase for the remainder of that session, so that you won't have to enter it again.
 +
 +=== Receiving email ===
 +
 +If you open any email that contains a GPG signed or encrypted message, the pinepg filter is automatically invoked. You are prompted for your GPG passphrase, so that the message can be decrypted. The caracters that you type, will not be displayed on the screen.\\
 +The output of GnuPG is displayed. It will show whether or not the encrypted text was successfully decrypted, if the GPG signature is valid if it was signed, and any other relevant information:
 +<code>
 +gpg: WARNING: using insecure memory!
 +gpg: please see http://www.gnupg.org/faq.html for more information
 +gpg: Signature made Fri Mar 17 03:19:07 2006 PST using DSA key ID A75CBDA0
 +gpg: Good signature from "Eric Hameleers <alien slackware.com>"
 +gpg:                 aka "Eric Hameleers <alien sox.homeip.net>"
 +</code>
 +Press ''E'' to continue.\\
 +The decrypted message is displayed as a normal message.
 +  * //Note:// The plaintext is not saved to the mailbox.
 +  * //Note:// The above warning about //[[http://www.gnupg.org/documentation/faqs.html#q6.1|insecure memory]]// is caused by the fact that I am not running GPG as root, and the ''/usr/bin/gpg'' binary is not setuid root. If you're bothered by the warning, implement either one of these solutions:
 +    * run <code>chmod +s /usr/bin/gpg</code> to fix the use of insecure memory. or
 +    * if you can't or don't want to install gpg setuid(root), then you can add the commandline parameter <code>
 +--no-secmem-warning
 +</code> to the gpg command, or put the line <code>
 +no-secmem-warning
 +</code> in your configuration file ''~/.gnupg/options'' or ''~/.gnupg/gpg.conf''. This will disable the warning message.
 +
 +
 +==== PGP/Mime ====
 +
 +Pine Privacy Guard does not handle PGP/Mime encrypted emails. I found a couple of links with possible solutions, but have not yet looked too deeply into these.
 +
 +  * [[http://privacy.audiointuition.com/pine/ | Reading PGP/Mime messages with Pine]]
 +  * [[http://www.david-guembel.de/index.php?id=12 | pgp-mime-handler]]
 Email encryption with Pine and GPG ()
SlackDocs