Mail body munging: state of the art?

Lusercop `the.lusercop' at lusercop.net
Thu Jan 19 08:45:35 GMT 2006


On Wed, Jan 18, 2006 at 05:35:38PM +0000, Simon Wistow wrote:
> Speaking of which - I occasionally ask this out of some sort of grim 
> hope that the situation will have changed but I want to be able to do 
> something like
> 
> 	my $mail = get_encrypted_and_signed_mail();
> 	
> 	$mail->is_signed($alices_public_key) || die "Erk!\n";
> 	my $decrypted = $mail->decrypt($my_private_key);
> 
> 	my $new_mail = $decrypted->encrypt($bobs_public_key);
> 	send_mail_to_bob($new_mail->sign($my_private_key));
> 
> That is - can I use PGP from within Perl without having to dick around 
> with keychains and key ids?

Not as far as I know. It would be perfectly possible to wrap GPG --import
and a temporary file like this, however.

> If not - is there some (good) reason for this and am I being quaintly 
> naive?

Two of the operations above are sensible and two are naive. I think it's
obvious which are which. The problem is that GPG goes quite a long way to
protect the private key material - such things as if you install it setuid,
it will decrypt the symmetrically encrypted key material (that's what the
passphrase is for) into pages which have been mlock()ed and therefore won't
be swapped out. (It will also do the decryption within those pages so that
the passphrase doesn't leak either). The idea of storing key material within
perl (rightly) scares a lot of people.

The reason that it's hard to do the two non-naive options, however is a
little more subtle. Basically it comes down to the PGP web of trust. As well
as just encrypting/decrypting/signing/verifying the message, GPG (and PGP
before it) wanted to manage the trust level of any given key. It did (and
does) this via the key signatures. GnuPG maintains a cache of key signatures
on each key, and, if it can do the verification, whether it did and what the
outcome was. It also keeps a record of keys that are in your trust path, and
what their trust level as introducers is.

It would definitely be possible to invoke GPG and generate a temporary
keyring with the key on it, which you then use to sign or verify the
message. The thing you have to remember is that if you're verifying a
message, then having a list of public keys that GPG can check internally
is probably faster for it than you invoking GPG for each key in turn.

Hopefully this answers some of your questions and/or explains the current
situation.

-- 
Lusercop.net - LARTing Lusers everywhere since 2002


More information about the london.pm mailing list