From owner-ctm-announce Sun Jan 23 17:56:18 2000 Delivered-To: ctm-announce@freebsd.org Received: from picnic.mat.net (picnic.mat.net [206.246.122.133]) by hub.freebsd.org (Postfix) with ESMTP id 8575F14C2E for ; Sun, 23 Jan 2000 17:56:12 -0800 (PST) (envelope-from chuckr@picnic.mat.net) Received: from localhost (chuckr@localhost [127.0.0.1]) by picnic.mat.net (8.9.3/8.9.3) with ESMTP id UAA27321 for ; Sun, 23 Jan 2000 20:56:22 -0500 (EST) (envelope-from chuckr@picnic.mat.net) Date: Sun, 23 Jan 2000 20:56:22 -0500 (EST) From: Chuck Robey To: ctm-announce@freebsd.org Subject: PGP signing Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ctm-announce@FreeBSD.ORG Precedence: bulk This is a heads up that PGP key signing will be added very soon to all ctm pieces that go out. The signing will be done with the GnuPG tool. I will release the public key fairly quickly too, this is just notice that you want to install either PGP or GnuPG (both are in ports/security) if you want to be able to verify the veracity of the pieces. The binary deltas will still be available as they always have been, and the format for those will not be modified in any way. The only thing modified will be the mailed (and ascii-encoded) "pieces". The public key will carry the name "CTM Generator ", and be available at key servers. "Seth" (seth@freebie.dp.ny.frb.org) helped me by checking that the pieces are totally compatible with PGP, and he contributes this tested shell script and procmail fragment (below). Mark Murray helped me a great deal, by not letting me commit crypto-stupidity at least once. ------------------------------------------------------------------------- (actually, I'll just cut-n-paste here... it's short enough). Note that you will have to change -p, -d, -b, and -l to sane values... #!/bin/sh pgpv -f | tee -a pgpout | ctm_rmail -f -v -p . -d . -b . -l ./rmaillog The "tee -a pgpout" is for diagnostics... it can be removed if you don't want it. That's it. I haven't idiot-proofed it yet (dunno what happens on invalid signature), but it DOES unpack the deltas. This script will get kicked off by the following procmail rule: :0: * ^FROM.*owner-ctm-src-3 | /path/to/this/script ... and it expects the signed mail to come from STDIN (the 'pgpv -f'). It will verify the signature (pgpv), then pass it to ctm_rmail via STDOUT. The rest is standard. ------------------------------------------------------------------------- The transmission of the signed pieces will start inside the next day or so, as soon as some administrative details are taken care of. Guess this'll take care of the security concerns. ---------------------------------------------------------------------------- Chuck Robey | Interests include C & Java programming, FreeBSD, chuckr@picnic.mat.net | electronics, communications, and signal processing. New Year's Resolution: I will not sphroxify gullible people into looking up fictitious words in the dictionary. ---------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe ctm-announce" in the body of the message