wk at isil.d.shuttle.de
Tue Apr 28 19:40:43 CEST 1998
Fred Lindberg <lindberg at id.wustl.edu> writes:
> i was thinking of:
> PASSPHRASE=`cat passphrase`
> gpg --skip_addresses_with_not_trusted_keys \
> --decrypt --verify --sign_with_key_ID:123 --reencrypt --keyfile
> addresses.txt \
> --output_to storage.file --format crude_non_armored < orignal
> encrypted(signed(message)) > storage.file
Better use something like this:
gpg --decrypt --verify <original | gpg --sign.... --keyfile... >storage
> switch ($?)
> case 0: ok
> case 1: bad_encryption
For this I have the --status-fd option which writes textual messages
which are easy to parse; you can use two different fd for the
decryption and the encryption stage. if the program returns with an
error, a grep tells you what's the real reason.
> addresses.txt has user addresses = userids (ezmlm could have a database
> doing address -> userid translation
> this _could_ be piped in using a fd other than stdin. ezmlm could also
It's okay to pass the email address to gpg.
> An option might be to keep the sender signature intact (when anonymity
> of sender is not important and it is important to recipients to know
> that the list has not tampered with the message contents.
It is possible to add more signatures to a message.
> The mailing list program would be responsible for rebuilding messages
> from the crude gpg 1x(encrypted-message), n x (pub-key encrypted
What I have to do is to change the sequence of the packets, but that is
trivial (but the output is not valid gpg message).
> A moderator checks all subscriptions and signs keys. Another part of
> the list assures that only subscriber keys that are signed by a
> moderator are accepted. If there are userIDs in addresses.txt with keys
> that haven't been signed by a moderator, those userIDs are ignored.
So we need a way to specifiy that a key must be signed by xxxxx;
this is reasonable because it avoids lengthly trust calculations.
Hmmm, very complicated to put this all into the OpenPGP standard.
More information about the Gnupg-devel