Command Prompt PGP for Email

mchirico · 07-23-2004, 10:22 PM

So, openssl will encrypt a message; but, a password is involved. Here's the "openssl" method of encrypting.

$ openssl des3 -salt -in file.txt -out file.des3 -k secretPassword

and, here's the "openssl" method of decrpyting.

$ openssl des3 -d -salt -in file.des3 -out file.txt -k secretPassword

Whether it's entered at the command prompt with -k or not, the recepient has to be told what the password is, if they are going the read the contents. And, if it's a cron job, then, likely the -k option will used.

Enter GPG. All you need is the recipient's "public" key. No sharing of passwords. What's great is if it's embedded in an email, with the correct "Content-Type:", the end user can automatically open the document in their email.

Here's an example.

$ ./sndmailBash mchirico@comcast.net sporkey@comcast.net " The contents of file.txt" 0xD017E98A < file.txt

This one command will send the contents of "file.txt", from user mchirico@comcast.net to sporkey@comcast.net, using sporkey's public key. When, sporkey gets the email, he'll just be prompted for his pgp password. And the contents will be accessible.

Actually, I use the above method to create reports on system's where I'm not an admin to send to my secure account. There's no private password in this script. But, the real beauty is the content-type change... With lot's of email there's not cut and paste.

Here's the simple script "sndmailBash. The line "gpg -r ${4} --encrypt --armor " encrypts the message. There's nothing new here to seasoned gpg users. What's new is setting the "Content-Type:" to "application/pgp-encrypted" so that the user can automatically open the document.

#!/bin/bash
From=${1}
To=${2}
Subject=${3}

Content=$(gpg -r ${4} --encrypt --armor )

/usr/sbin/sendmail -t <<EOF
From: ${From}
To: ${To}
Subject: ${Subject}
Mime-Version: 1.0
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="B835649000072104Jul07"
Content-Disposition: inline
User-Agent: Mutt/1.4.1i

--B835649000072104Jul07
Content-Type: application/pgp-encrypted
Content-Disposition: attachment

Version: 1

--B835649000072104Jul07
Content-Type: application/octet-stream
Content-Disposition: inline; filename="msg.asc"

${Content}

--B835649000072104Jul07--

EOF

A copy of this program can be found at the following link (See SCRIPT 4)
http://prdownloads.sourceforge.net/s....html?download

I hope this helps. Once you have this simple script, it's easy to "pipe" alerts.

$ iostat | ./sndmailBash mchirico@comcast.net sporkey@comcast.net " The contents of file.txt" 0xD017E98A

Other references for pgp:
http://www.gnupg.org/documentation/faqs.html
http://codesorcery.net/mutt/mutt-gnupg-howto
and

(TIP 86)
http://prdownloads.sourceforge.net/s...e.txt?download

Regards,

Mike Chirico